The CSIRT.CZ team has since summer of the year 2013 actively participated in the preparation and later also in the realization of the so far biggest European cybernetic exercise Cyber Europe 2014 which was already for the third time organized by the European Network and Information Security Agency – ENISA.
The exercise was divided into three phases in such a way that all organizational sections of security teams are integrated in it. We already wrote about the first technical phase in our blog. The teams had 48 hours for tasks of technical character and the Czech Republic was within the frame of Europe assessed very high. In October, another operational part of the exercise continued the solved tasks from this technical phase.
The operational part of the exercise was “enjoyed“ especially by those whose daily bread is the solving of incidents as far as the operation and organization are concerned. The ability to communicate was really appreciated in this case. The teams were supposed to manifest the ability to escalate a potential problem of a bigger character and to gain in the shortest time possible all necessary information and proofs for creating the overall image of the possible starting “crisis“. For the successful solving, the teams were forced to communicate between individual sectors (private, public and energetic one) at both national and international level. Here their ability to look for connections between individual partial incidents manifested itself. This system of processing of individual security events is called a puzzle system within the frame of exercise. Also in this case, the Czech Republic was ranked among the first states which managed to gain all necessary pieces of information and ensure proofs in the shortest time possible.
We participated in the last strategic phase of the exercise from 24th to 25th February in Brussels. Together with experts from the other member states of the European Union and the head of the National Cyber Security Centre, Vladimír Rohel, we looked at possible ways of solving the crisis state caused by extensive cybernetic attacks. We found out that while technically and operationally the teams were considerably successful in solving the problems in an adequate way, strategically there is no consensus of solving the possible crisis caused in the cyber space created at the European level. The opinions between states differ at the very fundamental question of whether the solving of the crisis state is different in case that it was caused by an extensive cybernetic attack or by conventional means. At the level of the Czech Republic, the solving of this crisis state is partially covered by the Act on Cyber Security which describes in §21 the process of solving of this state of cybernetic danger.
This last phase fulfilled preparations of exercise lasting for several months and created space for security professionals at all levels to test their own possibilities and abilities to solve possible problems. The nearest cybernetic exercise of a similar character is planned for the year 2016.