Europe's cyber-security policy under attack
The exercise, dubbed Cyber Europe 2014, is the largest and most complex ever enacted, involving 200 organisations and 400 cyber-security professionals from both the European Union and beyond.
Yet some critics argued that herding together normally secretive national security agencies and demanding that they spend the rest of 2014 sharing information amounted to wishful thinking.
Others questioned whether the law enforcement agencies taking part in the drill should be involved in safeguarding online security, in the wake of American whistle-blower Edward Snowden's revelations of online spying by western governments.
"The main concern is national governments' reluctance to co-operate," said Professor Bart Preneel, an information security expert from the Catholic University of Leuven, in Belgium.
"You can carry out all of the exercises you want, but cyber-security really comes down to your ability to monitor, and for that, national agencies need to speak to each other all the time," Preneel said.
The Crete-based office co-ordinating the EU's cyber-security, the European Union Agency for Network and Information Security (ENISA), calls itself a "body of expertise" and cannot force national agencies to share information.
As with most aspects of policing and national security, the EU's 28 members have traditionally been reluctant to hand over powers to a central organisation, even when, as in the case of online attacks, national borders are almost irrelevant.
Individual systems attacked
Cyber-attacks occur when the computer information systems of individuals, organisations or infrastructure are targeted, whether by criminals, terrorists or even states with an interest in disrupting computer networks.
The EU estimates that over recent years there has been an increase in the frequency and magnitude of cyber-crime and that the attacks go beyond national borders, while the smaller-scale spreading of software viruses is also an increasingly complex problem.
The EU's vulnerability has been highlighted over recent years by a number of high-profile cyber-attacks, including one against Finland's foreign ministry in 2013 and a network disruption of the European Parliament and the European Commission in 2011.
And with Europe's supply of gas from Russia focusing attention on energy security, the highly computerised "smart" energy grids which transport and manage energy in the EU are also seen as vulnerable.
Yet the view from Brussels is that the member states' reluctance to work together on cyber-security amounts to "recklessness", with one EU source saying national governments were "happy to put their citizens and economy at risk rather than co-ordinate across the EU."
ENISA was established in 2001 when it became clear that cyber-security in the EU would require a level of co-ordination.
No regulatory power
Unlike other EU agencies, ENISA does not have regulatory powers and relies on the goodwill of the national agencies it works with.
The agency is undaunted by its task, arguing that the simulations it stages every two years, taking in up to 29 European countries, are both effective and necessary in preparing a response to cyber-attacks.
This week's simulation created what ENISA described as "very realistic" incidents in which key infrastructure and national interests came under attack, "mimicking unrest and political crisis" and "disrupting services for millions of citizens across Europe."
However, Amelia Andersdotter, a Swedish member of the European Parliament with the libertarian Pirate Party, is dismissive of both the exercise and the European online security model.
Andersdotter, along with a number of European experts, is calling for reforms to move responsibility for cyber-security away from law enforcement agencies to civilian bodies.
Civilian agency wanted
Their argument is that a civilian agency would be better placed to co-ordinate a response with industry, which Andersdotter argues has not done enough to safeguard cyber-security.
At present, she said, industry participants in software or infrastructure simply report cyber-crime to authorities without being required to compensate or inform consumers.
A civilian authority would end what Andersdotter calls the "conspiracy of database manufacturers and law enforcement agencies" by placing greater responsibility with industry.
What most experts agree on is that European companies and consumers are vulnerable to cyber-security threats, and that can have an impact on people's willingness to use online services.
James Wootton, from British online security firm IRM, said the ENISA exercises are a step in the right direction, but are not enough.
"The problem is nation states wanting to fight cyber-crime individually, even when cyber-crime does not attack at that level," Wootton says, arguing that national law enforcement agencies often lack the required resources.
"So it is good to look at this at the European level, but what power does ENISA have? What can they force countries to do?"
Eurostat figures show that, by January 2012, only 26% of EU enterprises had a formally defined information technology security plan in place.
One industry insider said the view in Brussels is that EU cyber-security was "like teenage sex: everyone says they are doing it but not that many actually are."
Source: AFP via I-Net Bridge
Source: I-Net Bridge
For more than two decades, I-Net Bridge has been one of South Africa’s preferred electronic providers of innovative solutions, data of the highest calibre, reliable platforms and excellent supporting systems. Our products include workstations, web applications and data feeds packaged with in-depth news and powerful analytical tools empowering clients to make meaningful decisions.
We pride ourselves on our wide variety of in-house skills, encompassing multiple platforms and applications. These skills enable us to not only function as a first class facility, but also design, implement and support all our client needs at a level that confirms I-Net Bridge a leader in its field.
Go to: http://www.inet.co.za