A major EU-wide cybersecurity exercise shows member states are working well together in the face of potential threats.
The European Union Agency for Network and Information Security (ENISA) has released a report in the wake of Cyber Europe 2018, the main EU civil cybersecurity exercise. Organised by ENISA in collaboration with cybersecurity authorities and agencies from all across Europe, 2018’s edition focused on the aviation sector.
The exercise enabled the cybersecurity community to improve their capabilities in identifying large-scale threats and managing cross-border incident contagion.
Dealing with aviation cyber risks
The two-day exercise took place at the ENISA headquarters in Athens in June of this year, bringing together more than 900 European cybersecurity specialists from 30 countries. They had to contend with depictions of major cybersecurity incidents at major EU airports, from malicious takeovers of critical communication channels to disinformation-fuelled social media campaigns.
ENISA has today (20 December) released a report examining the outcomes of June’s events. According to the findings, EU-level cooperation has matured and improved over the last number of years, with Europe “well equipped to respond to cyber crises”.
A positive outlook overall
Executive director of ENISA, Udo Helmbrecht, commented on the event: “All participants did a great job in following business processes, agreements, communication protocols and regulations to mitigate effectively the situations presented to them.
“ENISA values very much these capacity-building exercises, and will continue to provide such services for the EU member states, especially in light of the new mandate of the agency.”
A strong security posture for 2019
This new permanent mandate stems from the recent approval of the proposed Cybersecurity Act, which will upgrade ENISA into a permanent EU agency for cybersecurity. The provisional agreement was reached on 10 December.
As well as the positive outcome for ENISA, the draft regulation also lays out a mechanism for the establishment of European cybersecurity certification schemes. These certificates will be used in everything from connected toys to smart energy grids.
The report added that cybersecurity authorities at a national level should develop procedures and tools for a coordinated response, particularly around the exchange of information between public and private institutions. Boosting awareness of crisis communications protocols was also urged in the report.
The cybersecurity skills gap also emerged as an issue. According to the report, the private sector needs to set IT security as a priority for investment, resourcing and expertise. This is particularly important for the aviation, energy, finance, transport, healthcare and maritime sectors.