Slashdot Mirror

← Back to Stories (view on slashdot.org)

Final Report: Pan-European Cyber Security Exercise

Posted by Soulskill on from the none-of-us-are-as-dumb-as-all-of-us dept.

Orome1 writes "The EU's cyber security agency, ENISA, has issued its final report (PDF) on the first Pan-European cyber security exercise for public bodies, Cyber Europe 2010. The exercise was conducted on the 4th of November, 2010. Its objective was to trigger communication and collaboration between countries in the event of large-scale cyber-attacks. Over 70 experts from the participating public bodies worked together to counter over 300 simulated hacking attacks aimed at paralyzing the Internet and critical online services across Europe. During the exercise, a simulated loss of Internet connectivity between the countries took place, requiring cross-border cooperation to avoid a (simulated) total network crash."

32 comments

  1. busy phone lines? by rbrausse · · Score: 1

    From TFP(df): "The most common difficulties faced [..] were [...] busy phone lines."

    uh, what? They should defend us from The Evil(tm) and can't even get other stake holders on the fscking phone?

    1. Re:busy phone lines? by HungryHobo · · Score: 1

      hey, I'm just surprised that the recommendations didn't simply read "we did ok but we need a lot more money for our departments because terrorists and cyberhackers"

      it reads more like a report from a team building day out.

      *Ya, we had lots of fun, great exercise, lets do this again some time*

  2. Cost figures by Tasha26 · · Score: 3, Interesting

    I read Paulos' "Innumeracy" book and never quite understood how those security people come up with cost figures for cyber attacks... especially when it's in the billions range e.g. Skynews reports "Last year, cyber attacks cost Britain £27bn. The global hub for targeted attacks is China. An estimated 1.6 billion attacks are launched from the country each month."

    1. Re:Cost figures by Tx · · Score: 3, Insightful

      That's a good question, and one suspects the answer is that they ask security consultants and companies, who have a stake in hyping up these costs, to pull figures out of the air. Googling gives for example this article, quote

      "In order to figure out the financial losses businesses incurred during 2009, Symantec asked companies to look at a range of factors which negatively impacted them as a result of cyber crime – such as lost revenue, loss of customer relationships and damage to their firm’s brand. This came out at a mean average of £1.2 million per company. "

      Putting a dollar value on "loss of customer relationships", "damage to the firms brand" etc is not even guesswork, it really is just pick-a-number. If the firm wasn't lax in it's security, there shouldn't be any significant damage to the brand. Losses directly due to downtime could be established meaningfully, but overall I think the figures are pretty much as meaningless as the figures the record companies come up with for losses due to piracy.

      --
      Oh no... it's the future.
    2. Re:Cost figures by Errol+backfiring · · Score: 3, Insightful

      Easy. Those security people know that they have to report to upper management, who's nature is to think in money. So the only way to get a serious message passed is to talk money.

      --
      Nae king! Nae laird! Nae yurrupiean pressedent! We willna be fooled again!
    3. Re:Cost figures by HungryHobo · · Score: 1

      they might be considering every spam email to be a separate attack.

      In some cases they just make up a big number.

      In others take the cost figure for an attack on some big organisation (inflated for a legal case where the jail time or penalties is based on the damage/cost) and multiply by some estimate of the number of attacks per year.

    4. Re:Cost figures by Hazel+Bergeron · · Score: 2

      Sky News is basically a British Fox News - same owner and same agenda - slightly toned down to adjust for the slightly more refined tastes of the British public.

      The sad thing is the number of people who whine about Murdoch and his propaganda while still paying him to produce it (via a Sky or newspaper subscription).

    5. Re:Cost figures by maxwell+demon · · Score: 1

      Well, if the RIAA can pull numbers out of their ass, they why not security consultants as well? After all, 95%* of all statistics are pulled out of someone's ass anyway.

      *) I got the percentage by <strike>taking the first numer I thought of</strike> careful analysis of all the data I had about this <strike>(where "all I had" basically means "none")<strike>.

      --
      The Tao of math: The numbers you can count are not the real numbers.
    6. Re:Cost figures by TaoPhoenix · · Score: 1

      (Going for Funny) One attack made a copy of the complete discograpy of Metallica. (/Ruining Joke for Mods)

      --
      My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
    7. Re:Cost figures by somersault · · Score: 1

      Money spent on anti-virus, anti-spam, etc and support costs for these products is a direct cost that has to be taken into account.

      --
      which is totally what she said
    8. Re:Cost figures by will_die · · Score: 1

      They add in all the costs that even remotly relate to the topic.
      For attacks it includes all the classes people are sent to, extra hardware/software, that companies hire a security person, even that I have to spend some time looking through web logs instead of reading /..

    9. Re:Cost figures by Hognoxious · · Score: 1

      This came out at a mean average of £1.2 million per company.

      A mean average? Do I take it that the figure is in British UK Pounds Sterling, and applies to all incorporated business companies?

      --
      Confucius say, "Find worm in apple - bad. Find half a worm - worse."
    10. Re:Cost figures by lsatenstein · · Score: 1

      I would suggest that once a security or major loss of the net has taken place, that the repair can take place as soon as detected. With that view, the consequential financial losses would be minimal. But there is an after effect. And that after effect that affects businesses and that bad effect can linger for weeks or months until cleared out. (B2B is what I am thinking about, in general, or hospitals sending x-ray images or other medical information to another hospital for life-saving purposes.

      --
      Leslie Satenstein Montreal Quebec Canada
  3. if the tubes with clogged with hackers by FudRucker · · Score: 1

    then use HF two-way radio,

    why the focus on computers with internet connectivity as the only source of communication?

    --
    Politics is Treachery, Religion is Brainwashing
    1. Re:if the tubes with clogged with hackers by Errol+backfiring · · Score: 1

      Because it is conveniently backed up by Echelon?

      --
      Nae king! Nae laird! Nae yurrupiean pressedent! We willna be fooled again!
    2. Re:if the tubes with clogged with hackers by DamienRBlack · · Score: 2

      How easy would it be to jam HF radios? I mean, the idea is that were being attacked by an entity powerful enough to compromise the most advanced systems in the world, wouldn't radio be an easy task in comparison?

  4. citizens to re-introduce non .gov commerce by Anonymous Coward · · Score: 0

    it's a security issue, as .gov seems to get its' p's & q's all confused with its' borg like 'business' plan, drawing ire from other commerce oriented world citizens. implementation begins immediately, so we're up & running after the weapons peddlers are all gone very soon. on to baylon. mostly search & rescue.

  5. Email/Phones? by Anonymous Coward · · Score: 1

    While it sounds like a good idea, the impression that I got after reading the report was that this was hardly real-world and more security theater. Using phone/email to communicate when you are having major national communications problems?. Also some key members didn't seem to be playing (eg Spain)

    This sound more like the task for a centralized organization that coordinates and works with key agencies in each member state.

  6. Corporate News CIDR Blacklist by Anonymous Coward · · Score: 0

    What we need now is a Corporate News CIDR Blacklist.

  7. like letting your drunken brother run the co.? by Anonymous Coward · · Score: 0

    next thing you know, we're into gunrunning, eugenetics, all form of crazy hoodinistic holycost stuff. a little harsh, but our incestuous uncle sam is obviously mighty thirsty, & pushy too. &, there's rumours that the king IS an inbred altered fink. with 'partners' like that, who needs enemies? read the etchings. disarm

    1. Re:like letting your drunken brother run the co.? by somersault · · Score: 1

      I didn't realise they had internet in the Shivering Isles..

      --
      which is totally what she said
  8. correction by Anonymous Coward · · Score: 0

    Over 70 wannabe experts from the participating public bodies worked together to counter over 300 out of a 80000 possible simulated hacking attacks aimed at paralyzing the Internet and critical online services across Europe...... .....and then they all got dossed......

  9. I wish i could laugh harder... by Fallen+Andy · · Score: 0
    but i'd probably drop dead at my age (52).

    "Paralyze teh intertubes" (sigh). Hello - this is the 21st century. If you haven't woken up to the SQL injection attacks and other stuff a while back that r.a.p.e.d many websites run by naive suckers, then hell - enjoy the chaos

    Don't need to think black hat - if the United Nations, US Dept of homeland (in)secure(ity) etc. can be compromised by injected SQL then maybe the frail should hide in a room and play a saxophone (Gene Hackman for you slashdot gurus)

    ....and - just as in the real world where it's often the bodyguards that are the assasins - think Governor of Punjab etc., those techies who manage the AS's and the agreements between high level providers are the most fragile part of the *big* Internetwork....

    A couple of years ago we lost most of the internet connectivity from Attika Greece because one idiot backhoed *all* the critical fibre optic cables

    (big hint on the white hat side - real attacks would have *minimal* apparent footprint)

    As a P.S., I've just had the fun of watching the local council dudes here figure out that the reason there has been no streetlights up Lycabettus Hill is that someone did an "African" pull all the copper out of the ground - so far they've taken 4 days to fix one chain of lights. (Happiness is watching other people at work - shame it took them 5-6 months to start fixing it). I was tempted to mutter something about TDR, but not sure it works with "big cables"

    (Still: I had the pleasure of watching Collared Flycatchers on their way north stopping over for a while)

    Andy

    1. Re:I wish i could laugh harder... by maxwell+demon · · Score: 1

      I was tempted to mutter something about TDR, but not sure it works with "big cables"

      They claimed Tokyo Disney Resort removed the cables? :-)

      --
      The Tao of math: The numbers you can count are not the real numbers.
    2. Re:I wish i could laugh harder... by TaoPhoenix · · Score: 1

      Dear Andy,

      Please sit down safely before I assist with your laughing attack.

      Seriously now, combining all kinds of weird topics including international computer law etc, suppose Slashdot united as many of the 2,050,000 of us as Taco could muster and WE did our own study? It would be officially announced in Lawyer Advised Ways, but then *that's all the warning they get* - and even that is "too much"! (But ya have to be nice ya know.) Types range all the way from goatse from our new friends in the 2mil-uid crew, to (makes stuff up) self replicating shadow packets.

      As many of us as feel motivated would document our stuff, and submit it when we felt like we were done.

      Wouldn't we be a scary crew? Some forums might have a higher skill per user but I think slashdot is in the race for broadest overall reach to smart users.

      (Joke - please someone get someone running Amiga OS6 to help. I can just see that result! "Okay, what opsys is this event... amiga-WHAT?... we're being attacked by a system that only exists in four copies in the entire world?!?")

      --
      My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
    3. Re:I wish i could laugh harder... by cavreader · · Score: 2

      It must be difficult for someone as smart as you to live in a world filled with idiots. Maybe you should stop hiding your brilliance and straighten these people out once and for all.

  10. As an American by Anonymous Coward · · Score: 0

    As an American I think this is a bad idea. Mainly because it's something happening in Europe, but also because it's not happening in America.

  11. Nice acronym by Hognoxious · · Score: 1

    I wonder why "pan" was in the project's title but didn't get included in the name of the agency?

    --
    Confucius say, "Find worm in apple - bad. Find half a worm - worse."
  12. Crashing teh internetz by Anonymous Coward · · Score: 0

    First, define 'crash the internet', then define precisely why going without the internet renders an entire continent incapable of meeting its basic needs, and *then*, perhaps, we can discuss the issues rather than why this is a piece of random pop reporting drivel.

  13. This was a communication exercise by otmar · · Score: 1

    Just for the record: This was purely a communication exercise. The scenario was just an excuse to get people to talk to each other. Technical realism was not a goal in this exercise.

    One can argue whether the assumptions on the availability of the PSTN was warranted or not, but given the fact that a good number of the involved teams had no direct contact prior to this exercise, this exercise was a worthwhile first step.

  14. Big deal by Anonymous Coward · · Score: 0

    The Combine has been doing Exercise K runs non-stop. The Pansies are going down!