Brussels, 30/10/2012 (Agence Europe) - In a new report the European cyber-security agency, ENISA, examines 85 national and international cyber exercises that have taken place between 2000 and 2012. On the basis of information gathered, it issues seven recommendations. In total, 22 European countries have conducted cyber-security exercises on a national level over the course of recent years. “A broad consensus exists for cyber exercises being an essential instrument to assess the preparedness of a community against cyber crises, and to enhance the responsiveness of stakeholders against critical information infrastructure incidents”, the executive director of ENISA, Udo Helmbrecht, says.
The report notes that the majority of the cyber-security exercises took place between 2010 and 2012 (71% of the 85 exercises) due to an overall policy context that favours these exercises, to the increased importance that member states attribute to them, and to the growing threat of cross-border incidents and attacks. Cooperation on cyber-security has also increased over recent years and a consensus is beginning to be formed on the need to intensify cooperation between the public and private sector as most of the critical information infrastructures belong to the private sector. In 57% of the exercises undertaken both the public and private sector participated, whilst 41% concerned just the public sector, ENISA notes. Moreover, two thirds of the exercises corresponded to national exercises and one third to international exercises (64% involved more than ten countries; 13% involved between 6 and ten; and 13% involved 3 to 5 countries). The number of exercises that captured media attention represented 74%, thus making the public aware of national cyber-security questions.
ENISA gives seven key recommendations in its conclusion: (1) to establish a more integrated global cyber exercise community; (2) to ensure exchange of good practice on cyber exercises, including public-private cooperation; (3) to support the development of exercise management tools for better exercise planning, execution and evaluation; (4) to conduct more complex cyber exercises at inter-sectorial, international and European levels; (5) five exercises in particular should be included in the lifecycle of national cyber crisis contingency plans; (6) to promote good practice for national exercises, and initiate a step-by-step methodology for cross-border cyber exercises; (7) to develop feedback mechanisms for using the results and learning the lessons of the cyber exercises. (IL/transl.fl)