The seventh edition of Cyber Europe, a cybersecurity exercise by the European Union, organised by the EU agency for Cybersecurity (ENISA) tested the resilience of the EU’s energy sector.
Executive director of ENISA, Juhan Lepassaar, said: ‘The preservation of our critical infrastructure is one of the building blocks of the single market and thus, we have to advance our preparedness and response capacities to protect it. The Cyber Europe exercise is the evidence that we are committed in our efforts to achieve that.’
A two-day event simulated a series of cyber incidents, requiring coordination and crisis management to tackle the scenarios and ensure business continuity. The exercise brought together 30 national cybersecurity agencies, other EU agencies, and over 1000 people covering from incident response to decision-making.
Comment
Ryan McConechy, CTO of Barrier Networks, said: “Attacks on critical industries are rising, but many of these organisations are still on the backfoot when it comes to cyber defences. Operational Technology (OT), which is now regularly internet-enabled, might be lacking in security, and can suffer from inadequate segmentation between OT and IT environments. This provides criminals with routes into these networks, plus the ability to pivot to operational controls and disrupt critical processes, such as energy supplies.
“Organisations must harden their defences against these attacks, build up robust detection methodologies and work to remedy issues which could put them at risk. A key part of this all comes down to resilience testing, as this allows organisations to run fire drill exercises, so they can spot weaknesses within their estates and then work to mitigate them. Further exercises with varied scenarios can play a crucial role in exposing previously unknown risks.
“This initiative will provide valuable security intel to operators within the energy sector, so they can fully understand the impacts of a successful attack on their operations. They can then use these insights to improve their defences and increase their resilience against attacks. Other industrial sectors, and countries, should learn from the benefits these exercises offer and work to replicate them.”
ENISA CVE
Meanwhile ENISA is now authorised as a Common Vulnerabilities and Exposures (CVE) Numbering Authority, meaning that the agency is authorised to assign CVE Identifiers (CVE IDs) and publish CVE Records for vulnerabilities found by or reported to EU CSIRTs (Cyber Security Incident Response Teams). Visit www.enisa.europa.eu.
