The report underlines the need for more cyber security exercises in the future, increased collaboration between the member states and the importance of the private sector in ensuring IT security.
More than 70 experts from the participating public bodies, including the UK, worked together to counter more than 300 simulated hacking attacks aimed at paralysing the internet and critical online services across Europe.
During the exercise, a simulated loss of internet connectivity between the countries took place, requiring cross-border cooperation.
The evaluation of the exercise was conducted at national and pan-European levels, as well as an overall assessment.
Key findings include:
- Because member state IT bodies communicate in a wide variety of ways, harmonisation of standard operating procedures would lead to more secure and efficient communication between them.
- The ability to find the relevant points of contact within organisations varied. In the event of a real crisis, some 55% of countries were not confident they would be able to quickly identify the right contact, even with the available directories.
- Participants were evenly divided on whether a 'single point of contact' (SPOC) or 'multiple points of contact' (MPOC) would be better. A SPOC would be easier, but realistically, today there are multiple points of contact. MPOC also avoids a single point of failure.
Main recommendations include:
- Europe should continue to hold exercises in Critical Information Infrastructure Protection (CIIP): 86% of the participants found the dry run 'very' or 'extremely' useful.
- The private sector should provide value in future exercises by increasing levels of realism.
- 'Lessons identified' should be exchanged with those holding other national or international exercises
- Member states should be well organised internally, for example, by developing and testing national contingency plans and exercises.
The report says it is vital to know whom to contact, that the dialogue on the necessity of SPOC or MPOC at the EU level should continue, and that a roadmap for pan-EU exercises should be created.