ENISA Releases Report on Pan-European Cyber Security Exercise

April 25, 2011 - PRLog -- Recently, the European Network and information Security Agency (ENISA) released a report on a cyber security exercise for public bodies conducted across Europe. The exercise named 'Cyber Europe 2010' was aimed at increasing understanding and coordination among countries, on handling cyber incidents. Over 300 simulated attacks were launched to paralyze Internet connectivity. The attacks resulted in simulated loss of Internet connectivity, and necessitated cooperation between different countries to prevent simulated complete Internet crash. 22 countries participated in the exercise, while 8 countries participated as observers. The exercise was comprised of four main phases: Discovery, Attack, Recovery and Wrap-up.

The discovery phase focused on identification of requisite points of contact. The second phase involved attacks on cross border Internet Interconnection sites. The recovery phase focused on problem resolution. Countries were required to communicate with respective agencies in other countries to restore normal activity. The fourth phase required participating countries to submit a report on cooperation activities. Senders and recipients of injects were predefined. The senders include Computer Emergency Response Team (CERT), intelligence, media, Web site admins and exercise control centre (EXCON). Injects were either sent to all participants, or all participants in a particular country or only counter crime agencies. An exercise dry run was conducted a couple of months prior to the test to resolve issues related to technicalities of tests. 86% of the participants considered dry run to be very useful.

The Pan-European cyber security exercise identified that around 55% of the countries were not confident, whether they will be able to identify the right point of contact. The agency emphasized on the need to involve private sector in such exercises, regular exercises at national level, exchange of information on lessons identified with other national and international exercises.

Proactive action is required to protect critical infrastructure facilities from cyber-attacks. Professionals qualified in masters of security science must conduct regular evaluation of information infrastructure to identify and weed out vulnerabilities. The report recommends development of national contingency plans and conducting exercises to test these plans. The report suggests further development of point of contacts across countries to ensure protection of critical information infrastructure. ENISA report also encourages further dialogue on the need for Single or multiple points of contact.

The report encourages regular meetings between agencies of different countries during seminars, conferences and exercises to build trust and improve coordination.Organizations must create awareness among employees on different types of Internet-based threats, incident management techniques and cyber security guidelines through regular workshops, training sessions, online degree and e-learning programs.

Educational institutions could collaborate with different stakeholders to develop and update online university degree courses on IT security in accordance with changes in threat profile and skill sets required by IT professionals to deal with such threats. Critical infrastructure facilities face constant threat of sophisticated cyber-attacks. Therefore, it is crucial to evolve robust mechanisms and strategies to protect critical infrastructure and counter such attacks. The mechanisms, procedures and strategies must also be tested for their effectiveness by conducting cyber security exercises at regular intervals.

Contact Press

EC-Council
Website:  http://www.eccuni.us
Email:  iclass@eccouncil.org
Tel:  505-341-3228

EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.

EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.

# # #

iClass is EC- Council's online training delivery platform. Students can attend live, or recorded training sessions for courses such as Certified Ethical Hacker (CEH), Certified Security Analyst (ECSA) or Computer Hacking Forensic Investigator (CHFI).