Out-Law News | 31 Oct 2014 | 2:42 pm | 1 min. read
A number of different types of cyber security attacks were simulated during the exercise which the Commission said was designed to test organisations' "procedures and capabilities" in a "life-like" manner.
Businesses involved in the exercise had to respond to incidents such as simulated 'distributed denial of service' (DDoS) attacks, the defacing of their website, the extraction of sensitive data and attacks on critical infrastructure.
Information sharing and agency cooperation was also tested as part of the Cyber Europe 2014 exercise, which was organised by The European Union Agency for Network and Information Security (ENISA).
"Five years ago there were no procedures to drive cooperation during a cyber-crisis between EU member states," professor Udo Helmbrecht, executive director of ENISA, said. "Today we have the procedures in place collectively to mitigate a cyber-crisis on European level. The outcome of [the] exercise will tell us where we stand and identify the next steps to take in order to keep improving."
According to a report by The Register, Steve Purser, head of operations at ENISA, said, though that the biggest cyber security threats are not from attacks but from "hardware and software failures".
Neelie Kroes, the European Commission vice president, said: "The sophistication and volume of cyber-attacks are increasing every day. They cannot be countered if individual states work alone or just a handful of them act together."
Better security protections for critical national infrastructure and improved coordination in response to attacks on those systems by agencies across the EU are envisaged under proposed new EU laws. The proposed Network and Information Security Directive received the backing of the European Parliament earlier this year but the EU's Council of Ministers has still to agree its version of the framework. Both the Parliament and Council have to agree on a single wording of the new Directive before it can become law.