The European Union spent Thursday vigorously attacking its own networks in what an agency called the “largest and most complex” cybersecurity exercise ever in Europe.
The European Union Agency for Network and Information Security (ENISA) organized the event. A forthcoming report will show how well a new set of EU procedures on sharing cyber threat information held up during the test crisis.
“Five years ago there were no procedures to drive cooperation during a cyber crisis between EU member states,” said ENISA Executive Director Udo Helmbrecht. “The outcome of today’s exercise will tell us where we stand and identify the next steps to take in order to keep improving.”
The EU launched more than 2,000 attacks against itself — including denial of service attacks, attacks that alter a website’s appearance and attacks to lift sensitive information from critical infrastructure.
"The sophistication and volume of cyber-attacks are increasing every day, said European Commission Vice President Neelie Kroes, who oversees the EU’s digital agenda. “Only this kind of common effort will help keep today’s economy and society protected.”
Various critical industries, including telecom, energy, finance and Internet service providers, participated in the exercises.
The U.S. has been working to expand its own cyber threat information sharing both within government and with the private sector.
“We need to come up with a system that enables us to do this in a real-time way,” said Adm. Michael Rogers, who heads both the National Security Agency and U.S. Cyber Command, during a talk this week at the U.S. Chamber of Commerce.
Congress is close to passing a cyber threat information sharing bill that would give protections to companies sharing cyber threat info with the government. While lawmakers have expressed confidence a bill can get through the lame duck session, many outside experts are not as optimistic.
The EU conducts similar cyberspace tests every two years.