The European Union Agency for Cybersecurity (ENISA) has conducted the seventh edition of Cyber Europe, one of the continent’s largest cybersecurity exercises. This year’s event focused on bolstering the resilience of the EU energy sector, which has become a prime target for cyberattacks.
Preliminary findings from this year’s Cyber Europe sought to identify a number of vulnerabilities. The Network and Information Security (NIS) Investments in the EU report by ENISA reports that 32% of operators in the energy sector do not have a single critical operation technology (OT) process monitored by a security operations centre (SOC). Additionally, only 52% of operators of essential services integrate both operational technology and information technology under a single SOC. These gaps, ENISA reports, underscore the need for enhanced investment in cybersecurity infrastructure within the energy sector.
Cyber Europe 2024: A simulated crisis
This year’s exercise centred on a scenario involving cyber threats to the EU’s energy infrastructure, stemming from geopolitical tensions with a fictitious foreign nation. The scenario included propaganda aimed at swaying public opinion and concerns about advanced persistent threat (APT) groups exploiting vulnerabilities. Participants had to coordinate their actions swiftly to prevent a large-scale attack that could cripple the European economy and destabilise the political landscape.
The two-day event simulated a series of large-scale cyber incidents. Participants worked together to enhance their coordination and crisis management skills, ensuring business continuity in the face of a crisis. The pan-European exercise included 30 national cybersecurity agencies, several EU agencies, bodies, and networks, and over 1,000 experts from various fields, ranging from incident response to decision-making.
EU commissioner for the internal market, Thierry Breton, who visited ENISA’s premises to observe the exercise, underscored the importance of such initiatives. “Cybersecurity is a common priority. In 2023 alone, more than 200 reported cyber incidents targeted the energy sector, and more than half of them were directed specifically against Europe,” he said. “Cybersecurity threats in critical sectors can have an impact on the everyday life of citizens, but also on businesses and public services throughout the EU. This type of exercise is essential to test our cybersecurity resilience with all key partners if we are to protect EU citizens.”
Protecting Europe’s critical sectors
ENISA was established in 2004 to track and improve cybersecurity standards across Europe. These biennial Cyber Europe exercises have become a cornerstone in the EU’s efforts to safeguard its critical infrastructure. For Cyber Europe 2022, planners developed a scenario revolving around healthcare. Day one featured a disinformation campaign of manipulated laboratory results and a cyber attack targeting European hospital networks. On day two, the scenario escalated into an EU-wide cyber crisis with the imminent threat of personal medical data being released and another campaign designed to discredit a medical implantable device with a claim on vulnerability.
What happens next?
In the wake of this year’s exercise, ENISA will conduct analysis of the processes and outcomes to identify any weaknesses. The findings will be compiled into an after-action report, providing guidance for future improvements and reinforcing the resilience of the EU energy sector.
Juhan Lepassaar, executive director of ENISA, emphasised the importance of protecting critical infrastructure through ensuring a constant state of readiness. “The preservation of our critical infrastructure is one of the building blocks of the single market and thus, we have to advance our preparedness and response capacities to protect it,” he said. “The Cyber Europe exercise is evidence that we are committed in our efforts to achieve that.”