Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Final Report: Pan-European Cyber Security Exercise

Soulskill posted more than 3 years ago | from the none-of-us-are-as-dumb-as-all-of-us dept.

EU 32

Orome1 writes "The EU's cyber security agency, ENISA, has issued its final report (PDF) on the first Pan-European cyber security exercise for public bodies, Cyber Europe 2010. The exercise was conducted on the 4th of November, 2010. Its objective was to trigger communication and collaboration between countries in the event of large-scale cyber-attacks. Over 70 experts from the participating public bodies worked together to counter over 300 simulated hacking attacks aimed at paralyzing the Internet and critical online services across Europe. During the exercise, a simulated loss of Internet connectivity between the countries took place, requiring cross-border cooperation to avoid a (simulated) total network crash."

cancel ×

32 comments

Sorry! There are no comments related to the filter you selected.

busy phone lines? (1)

rbrausse (1319883) | more than 3 years ago | (#35865720)

From TFP(df): "The most common difficulties faced [..] were [...] busy phone lines."

uh, what? They should defend us from The Evil(tm) and can't even get other stake holders on the fscking phone?

Re:busy phone lines? (1)

HungryHobo (1314109) | more than 3 years ago | (#35865926)

hey, I'm just surprised that the recommendations didn't simply read "we did ok but we need a lot more money for our departments because terrorists and cyberhackers"

it reads more like a report from a team building day out.

*Ya, we had lots of fun, great exercise, lets do this again some time*

should not the well seeded spaceships be secure (-1)

Anonymous Coward | more than 3 years ago | (#35865728)

but not the seedy glowing leaking poison pits? communications? well surveiled. seed.inflame.behaviors.gov? up & running, no security needed there? all in all, god save the 'weather', tyrannical tuesday is off to an immeasurably infertile finish.

citizens to re-introduce non .gov commerce (0)

Anonymous Coward | more than 3 years ago | (#35865812)

it's a security issue, as .gov seems to get its' p's & q's all confused with its' borg like 'business' plan, drawing ire from other commerce oriented world citizens. implementation begins immediately, so we're up & running after the weapons peddlers are all gone very soon. on to baylon. mostly search & rescue.

like letting your drunken brother run the co.? (0)

Anonymous Coward | more than 3 years ago | (#35865936)

next thing you know, we're into gunrunning, eugenetics, all form of crazy hoodinistic holycost stuff. a little harsh, but our incestuous uncle sam is obviously mighty thirsty, & pushy too. &, there's rumours that the king IS an inbred altered fink. with 'partners' like that, who needs enemies? read the etchings. disarm

Re:like letting your drunken brother run the co.? (1)

somersault (912633) | more than 3 years ago | (#35866420)

I didn't realise they had internet in the Shivering Isles..

Cost figures (3, Interesting)

Tasha26 (1613349) | more than 3 years ago | (#35865762)

I read Paulos' "Innumeracy" book and never quite understood how those security people come up with cost figures for cyber attacks... especially when it's in the billions range e.g. Skynews [sky.com] reports "Last year, cyber attacks cost Britain £27bn. The global hub for targeted attacks is China. An estimated 1.6 billion attacks are launched from the country each month."

Re:Cost figures (3, Insightful)

Tx (96709) | more than 3 years ago | (#35865848)

That's a good question, and one suspects the answer is that they ask security consultants and companies, who have a stake in hyping up these costs, to pull figures out of the air. Googling gives for example this article [telegraph.co.uk] , quote

"In order to figure out the financial losses businesses incurred during 2009, Symantec asked companies to look at a range of factors which negatively impacted them as a result of cyber crime – such as lost revenue, loss of customer relationships and damage to their firm’s brand. This came out at a mean average of £1.2 million per company. "

Putting a dollar value on "loss of customer relationships", "damage to the firms brand" etc is not even guesswork, it really is just pick-a-number. If the firm wasn't lax in it's security, there shouldn't be any significant damage to the brand. Losses directly due to downtime could be established meaningfully, but overall I think the figures are pretty much as meaningless as the figures the record companies come up with for losses due to piracy.

Re:Cost figures (1)

maxwell demon (590494) | more than 3 years ago | (#35866338)

Well, if the RIAA can pull numbers out of their ass, they why not security consultants as well? After all, 95%* of all statistics are pulled out of someone's ass anyway.

*) I got the percentage by <strike>taking the first numer I thought of</strike> careful analysis of all the data I had about this <strike>(where "all I had" basically means "none")<strike>.

Re:Cost figures (1)

somersault (912633) | more than 3 years ago | (#35866456)

Money spent on anti-virus, anti-spam, etc and support costs for these products is a direct cost that has to be taken into account.

Re:Cost figures (1)

Hognoxious (631665) | more than 3 years ago | (#35866738)

This came out at a mean average of £1.2 million per company.

A mean average? Do I take it that the figure is in British UK Pounds Sterling, and applies to all incorporated business companies?

Re:Cost figures (1)

lsatenstein (949458) | more than 3 years ago | (#35879092)

I would suggest that once a security or major loss of the net has taken place, that the repair can take place as soon as detected. With that view, the consequential financial losses would be minimal. But there is an after effect. And that after effect that affects businesses and that bad effect can linger for weeks or months until cleared out. (B2B is what I am thinking about, in general, or hospitals sending x-ray images or other medical information to another hospital for life-saving purposes.

Re:Cost figures (3, Insightful)

Errol backfiring (1280012) | more than 3 years ago | (#35865854)

Easy. Those security people know that they have to report to upper management, who's nature is to think in money. So the only way to get a serious message passed is to talk money.

Re:Cost figures (1)

HungryHobo (1314109) | more than 3 years ago | (#35865898)

they might be considering every spam email to be a separate attack.

In some cases they just make up a big number.

In others take the cost figure for an attack on some big organisation (inflated for a legal case where the jail time or penalties is based on the damage/cost) and multiply by some estimate of the number of attacks per year.

Re:Cost figures (2)

Hazel Bergeron (2015538) | more than 3 years ago | (#35866084)

Sky News is basically a British Fox News - same owner and same agenda - slightly toned down to adjust for the slightly more refined tastes of the British public.

The sad thing is the number of people who whine about Murdoch and his propaganda while still paying him to produce it (via a Sky or newspaper subscription).

Re:Cost figures (1)

TaoPhoenix (980487) | more than 3 years ago | (#35866384)

(Going for Funny) One attack made a copy of the complete discograpy of Metallica. (/Ruining Joke for Mods)

Re:Cost figures (1)

will_die (586523) | more than 3 years ago | (#35866470)

They add in all the costs that even remotly relate to the topic.
For attacks it includes all the classes people are sent to, extra hardware/software, that companies hire a security person, even that I have to spend some time looking through web logs instead of reading /..

if the tubes with clogged with hackers (1)

FudRucker (866063) | more than 3 years ago | (#35865788)

then use HF two-way radio,

why the focus on computers with internet connectivity as the only source of communication?

Re:if the tubes with clogged with hackers (1)

Errol backfiring (1280012) | more than 3 years ago | (#35865868)

Because it is conveniently backed up by Echelon?

Re:if the tubes with clogged with hackers (2)

DamienRBlack (1165691) | more than 3 years ago | (#35865880)

How easy would it be to jam HF radios? I mean, the idea is that were being attacked by an entity powerful enough to compromise the most advanced systems in the world, wouldn't radio be an easy task in comparison?

Email/Phones? (1)

Anonymous Coward | more than 3 years ago | (#35865816)

While it sounds like a good idea, the impression that I got after reading the report was that this was hardly real-world and more security theater. Using phone/email to communicate when you are having major national communications problems?. Also some key members didn't seem to be playing (eg Spain)

This sound more like the task for a centralized organization that coordinates and works with key agencies in each member state.

Corporate News CIDR Blacklist (0)

Anonymous Coward | more than 3 years ago | (#35865840)

What we need now is a Corporate News CIDR Blacklist.

correction (0)

Anonymous Coward | more than 3 years ago | (#35865938)

Over 70 wannabe experts from the participating public bodies worked together to counter over 300 out of a 80000 possible simulated hacking attacks aimed at paralyzing the Internet and critical online services across Europe...... .....and then they all got dossed......

I wish i could laugh harder... (0)

Fallen Andy (795676) | more than 3 years ago | (#35866102)

but i'd probably drop dead at my age (52).

"Paralyze teh intertubes" (sigh). Hello - this is the 21st century. If you haven't woken up to the SQL injection attacks and other stuff a while back that r.a.p.e.d many websites run by naive suckers, then hell - enjoy the chaos

Don't need to think black hat - if the United Nations, US Dept of homeland (in)secure(ity) etc. can be compromised by injected SQL then maybe the frail should hide in a room and play a saxophone (Gene Hackman for you slashdot gurus)

....and - just as in the real world where it's often the bodyguards that are the assasins - think Governor of Punjab etc., those techies who manage the AS's and the agreements between high level providers are the most fragile part of the *big* Internetwork....

A couple of years ago we lost most of the internet connectivity from Attika Greece because one idiot backhoed *all* the critical fibre optic cables

(big hint on the white hat side - real attacks would have *minimal* apparent footprint)

As a P.S., I've just had the fun of watching the local council dudes here figure out that the reason there has been no streetlights up Lycabettus Hill is that someone did an "African" pull all the copper out of the ground - so far they've taken 4 days to fix one chain of lights. (Happiness is watching other people at work - shame it took them 5-6 months to start fixing it). I was tempted to mutter something about TDR, but not sure it works with "big cables"

(Still: I had the pleasure of watching Collared Flycatchers on their way north stopping over for a while)

Andy

Re:I wish i could laugh harder... (1)

maxwell demon (590494) | more than 3 years ago | (#35866402)

I was tempted to mutter something about TDR, but not sure it works with "big cables"

They claimed Tokyo Disney Resort removed the cables? :-)

Re:I wish i could laugh harder... (1)

TaoPhoenix (980487) | more than 3 years ago | (#35866466)

Dear Andy,

Please sit down safely before I assist with your laughing attack.

Seriously now, combining all kinds of weird topics including international computer law etc, suppose Slashdot united as many of the 2,050,000 of us as Taco could muster and WE did our own study? It would be officially announced in Lawyer Advised Ways, but then *that's all the warning they get* - and even that is "too much"! (But ya have to be nice ya know.) Types range all the way from goatse from our new friends in the 2mil-uid crew, to (makes stuff up) self replicating shadow packets.

As many of us as feel motivated would document our stuff, and submit it when we felt like we were done.

Wouldn't we be a scary crew? Some forums might have a higher skill per user but I think slashdot is in the race for broadest overall reach to smart users.

(Joke - please someone get someone running Amiga OS6 to help. I can just see that result! "Okay, what opsys is this event... amiga-WHAT?... we're being attacked by a system that only exists in four copies in the entire world?!?")

Re:I wish i could laugh harder... (2)

cavreader (1903280) | more than 3 years ago | (#35867014)

It must be difficult for someone as smart as you to live in a world filled with idiots. Maybe you should stop hiding your brilliance and straighten these people out once and for all.

As an American (0)

Anonymous Coward | more than 3 years ago | (#35866194)

As an American I think this is a bad idea. Mainly because it's something happening in Europe, but also because it's not happening in America.

Nice acronym (1)

Hognoxious (631665) | more than 3 years ago | (#35866206)

I wonder why "pan" was in the project's title but didn't get included in the name of the agency?

Crashing teh internetz (0)

Anonymous Coward | more than 3 years ago | (#35866358)

First, define 'crash the internet', then define precisely why going without the internet renders an entire continent incapable of meeting its basic needs, and *then*, perhaps, we can discuss the issues rather than why this is a piece of random pop reporting drivel.

This was a communication exercise (1)

otmar (32000) | more than 3 years ago | (#35866404)

Just for the record: This was purely a communication exercise. The scenario was just an excuse to get people to talk to each other. Technical realism was not a goal in this exercise.

One can argue whether the assumptions on the availability of the PSTN was warranted or not, but given the fact that a good number of the involved teams had no direct contact prior to this exercise, this exercise was a worthwhile first step.

Big deal (0)

Anonymous Coward | more than 3 years ago | (#35870766)

The Combine has been doing Exercise K runs non-stop. The Pansies are going down!

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?