Early assessments of the recent pan-European cybersecurity exercise conclude that the private sector should be included in the next simulation.
Surprisingly in this age of increasing cyberattacks, the Nov. 4 simulation, called Cyber Europe 2010, was the first pan-European cybersecurity exercise. The simulation involved 50 cyberexperts, 70 public sector bodies and 30 European countries. The exercise's findings will be published at the beginning of 2011 and will inform future European Union policies for cybersecurity preparedness.
However, early assessments have been released by the European Network and Information Security Agency (ENISA), one of the organisers of the exercise. It concluded that the private sector should be part of the next exercise and that incident handling in member states varies a lot due to the different roles, responsibilities and bodies involved in the process. Many countries had difficulties fully grasping how incidents are managed in other states.
This is likely to cause concern outside the EU given the increasingly global nature of attacks. As recently as September, the US urged the EU to make cybersecurity a larger priority as Washington upped the ante on its defenses.
ENISA's Executive Director Udo Helmbrecht was, however, upbeat about the interim conclusions: "The Cyber Europe 2010 exercise was the first successful 'cyber-stress test' for Europe. It fully met its objectives to test Europe's readiness to face online threats to essential critical infrastructure used by citizens, governments and businesses," he said.
The Cyber Europe 2010 simulation will be evaluated in depth. There will also be evaluations made at the national level. These will later be fed into an aggregated public, EU-wide report of the exercise.