Europe again fought against a simulated cyber attack

Prague, May 2, 2014. More than 200 organisations and 400 cyber-security professionals from 29 European countries including Czech Republic joined forces for a security exercise called Cyber Europe 2014 running from April 28 to April 29.

Cyber Europe 2014 takes place in three phases: technical, operational, and political. The first just concluded phase was the technical one. Participants resolved several real cyber-security incidents, investigated and analysed several scenarios which could impact the confidentiality, integrity or availability of sensitive information or critical infrastructures. The technical phase of Cyber Europe 2014 will be followed by operational/tactical and strategic/political ones later this year.

The exercise was organised by the European Union Agency for Network and Information Security (ENISA). The Czech Republic was represented by teams from CZ.NIC, National Security Authority, NIX.CZ, CESNET, CSIRT-MU, Police Academy of the Czech Republic, and Unicorn and Active24 companies.

“We have participated in the Cyber Europe exercise since 2010 when the first one—Cyber Europe 2010—was organised. It is very interesting to monitor the evolution of the exercises”, says Andrea Kropáčová, a leader of CESNET-CERTS who participated in the exercise. “The aim of the exercise in 2010 was to test the communication capabilities while the second exercise in 2012 was targeted at testing not only communication abilities but also cooperation, information exchange, handling crisis situations (e.g. information and requests overload). The just concluded exercise fully resembled the reality and daily operations of security teams and IT administrators”, added Kropáčová. “Besides the three members of CESNET-CERTS we also involved representatives of the forensic lab developed by the CESNET Association. Altogether we formed a strong team that could handle the majority of presented problems”, Andrea Kropáčová summarises the involvement of the CESNET Association in the exercise.

How rates the course of the event Pavel Kácha, member of CESNET-CERTS and cyber-security expert who was responsible for leading the CESNET team? “After a number of exercises that examined primarily the communication ability and organisational aspects of security team work during handling the security threats and problematic situations, this time we participated in the exercise of purely technical character that tested our abilities to analyse the detected problem quickly and correctly. During this exercise we have received altogether nine cases of various complexity and their resolving required analyses of logs, communication recordings, malware, memory images of attacked devices, detection of steganography and identification and correlation of information from web resources and social networks. The exercise lasted two and a half days this time and it depended on each team how quickly they resolve the submitted problems. Colleagues from forensic lab approached the exercise as a challenge and worked on one problem almost over the whole night. Other interesting experience was testing the remote collaboration when each participant stayed at his or her workplace and the communication was run over an e-mail, telephone, and videoconference. The distribution of people was yet another aspect that made the exercise closer to real situation which may occur during solving a crisis.”

The Executive Director of ENISA, Professor Udo Helmbrecht, commented, “The incidents in Cyber Europe 2014 are very realistic, mimicking unrest and political crisis at a pan-European level, disrupting services for millions of citizens across Europe. Cyber Europe 2014 represents a major milestone in the efforts to strengthen cyber crisis cooperation, preparedness and response across Europe. This improves the resilience of Europe’s critical information infrastructures”.

The main objectives of Cyber Europe 2014 included:

  • testing of the existing standard cooperation procedures and mechanisms for managing cyber-crises in Europe;
  • enhance national-level capabilities;
  • explore the existing cooperation between the private and public sector;
  • analyse the escalation and de-escalation processes (technical, operational and strategic level);
  • understand the public affairs issues linked to large-scale cyber-attacks.

More on Cyber Europe 2014 exercise and ENISA at: enisa.europa.eu

The CESNET Association was founded by Czech universities and the Academy of Sciences of the Czech Republic in 1996. It is engaged in research and development in information and communication technologies and builds and develops the CESNET national e-infrastructure for research and education. Thanks to its research involvement, CESNET represents the Czech Republic in important international projects, most notably the pan-European GÉANT network development and grid projects (EGI.eu), and participates actively in their implementation. The CESNET Association puts high emphasis on the issue of security incidents, their prevention, detection, and resolution.

Press release, May 2, 2014

Last change: 6.5.2014