Simulated cyberattack tests Europe's defences

Twenty-two European member states have tested their responsiveness to cyberattack in a large-scale exercise.

The test exercise — dubbed Cyber Europe 2010 — was confined to public bodies, and ran on Thursday. The exercise was the first of its kind in Europe and was designed to mimic gradual loss of internet interconnectivity between countries. Cyber Europe 2010 was organised by European cybersecurity agency Enisa.

"Member states will simulate progressive difficulties," Enisa spokesman Ulf Bergstrom told ZDNet UK on Wednesday. "It will test the communication between public authorities."

The exercise was planned by a number of experts from different countries, including the UK, Denmark, Finland, France, Hungary, Italy, Portugal and Sweden in conjunction with Enisa and the European Joint Research Centre (JRC).

Bergstrom told ZDNet UK that the UK public authorities taking part in the exercise were the Cyber Security Operations Centre (CSOC), the Centre for the Protection of National Infrastructure (CPNI), and the Department for Business, Innovation and Skills (BIS).

"The basic idea is that internet interconnectivity between countries becomes gradually unavailable," said Enisa in a document covering the exercise. "As a result citizens, businesses and public institutions will have difficulties in accessing critical online services, unless the traffic from affected interconnections is rerouted. As the phenomenon continues, one country after the other will increasingly throughout the day suffer from this problem, over phone and mails, as a desktop exercise."

An initial analysis of the operation will be made available on 10 November, with a full report to be published early next year, said Bergstrom.

European Digital Agenda commissioner Neelie Kroes, who visited CSOC during the exercise, said the aim of the operation was to draw public-sector organisations together to combat cyberthreats.

"This exercise to test Europe's preparedness against cyberthreats is an important first step towards working together to combat potential online threats to essential infrastructure and ensuring citizens and businesses feel safe and secure online," said Kroes in a statement.

The Cyber Europe 2010 exercise is completely different to an exercise run in the US called Cyber Storm III, which ran in September, said Bergstrom. Cyber Storm III involved industry and critical sectors, whereas Cyber Europe 2010 was a desktop exercise involving public-sector bodies. The levels of funding were also different — Cyber Strom III attracted millions of dollars, but Cyber Europe 2010 had a hundred thousand euros of funding, said Enisa. Cyber Storm has also been running for three years.