The first ever pan-European cyber-attack simulation exercise, held on 4 November, has been hailed as a successful...
cyber stress test for public bodies in the region.
An interim report found that although the exercise met its objectives, there was a lack of pan-European preparedness measures to test because many member states are still refining their national approaches to cyber attacks.
The event was organised by EU member states with support from the European Network Security Agency (ENISA) and the Joint Research Centre (JRC).
All EU countries, as well as Iceland, Norway and Switzerland, took part either as active participants or observers.
UK participants in the exercise included the Cyber Security Operations Center, the Department of Business Innovation and Skills, and the Centre for the Protection of National Infrastructure.
In the interim findings on the exercise, EU member states have renewed their commitment to continue efforts in national and pan-European exercises.
They also agreed on the importance of involving the private sector in further exercises and sharing information on lessons learned with similar cyber test initiatives across the world.
Udo Helmbrecht, executive director of ENISA, said Cyber Europe 2010 fully met its objectives to test Europe's readiness to face online threats to essential critical infrastructure used by citizens, governments and businesses.
"We will work closely with member states to identify and implement the lessons learned from this exercise," he said.
ENISA's role in organising and managing future exercises was highly recommended by EU states in initial feedback.
The interim report emphasised that the exercise was only the first step towards building pan-European trust and that more co-operation and information exchange was needed.
The exercise highlighted the fact that incident handling in different countries varies a lot because of the different roles, responsibilities and bodies involved in the process.
The interim report said there was no need to create a new pan-European directory of contacts, but existing ones should be updated regularly and member states should have greater understanding of how other EU countries manage cyber incidents.
The report said the interim findings and recommendations reflected only initial discussions with EU states and would be followed by a thorough analysis.
According to ENISA, the next step is to identify the gaps and needs in terms of interaction among public authorities, and a public report on the results of the exercise will be published early in 2011.