Government's Cyber Security readiness tested in Cyber Europe 2018 exercise
8th June 2018
The National Cyber Security Centre (NCSC) which is an operational arm of the Department of Communications, Climate Action and Environment, took part in a two-day pan European cyber security exercise called Cyber Europe 2018 (CE2018) on 6-7 June 2018.
This exercise was organized by the EU cybersecurity agency (ENISA) in collaboration with cybersecurity authorities and agencies from all over Europe including the Irish NCSC.
Cyber Europe 2018 (CE2018) enabled the European cybersecurity community to further strengthen their capabilities in identifying and tackling large-scale threats and to provide a better understanding of cross-border incident contagion. CE2018 focused on helping organisations to test their internal business continuity and crisis management plans including media crisis communication, while also reinforcing cooperation between public and private entities.
The exercise was focussed primarily on the aviation sector, and included participation from several airlines and the aviation authorities. The exercises tested Cyber Security Response Teams and entities in the aviation sector in a diverse range of circumstances, which were designed to provide an opportunity to exercise Business Continuity Plans, Cyber incident response and crisis management plans.
There were five categories of events involved over the two day exercise, including media elements where players were faced with real news, fake news, social media propaganda, simulated journalists making phone calls and press queries; 'crisis systems takeover' which saw data exfiltration from players networks; attacks on airports where airports were crippled with ransomware infecting their disembarkment bridges and luggage belts; attacks on air carriers where various safety procedures and comprehensive malware analysis was performed when drones attacked airplanes; attacks on air traffic management where an incident occurred with flight planning software used to co-ordinate flights in Europe was compromised and affected global operations.
Commenting on the importance of the exercise Minister for Communications Denis Naughten stated: "This European exercise marks a really valuable opportunity to test our readiness to deal with a variety of major incidents in a really critical sector. I would like to congratulate the team in the NCSC, and the staff from across the aviation sector in Ireland who have worked on this over the last number of months, and who helped to make this such a successful and worthwhile exercise. Exercises like this are critically important and are a valuable opportunity to test and to learn. The level of engagement from across the aviation sector was considerable and integral to the success of this test exercise and I want to thank and commend all those involved. The information gathered is now being collated and scrutinized to ensure our preparedness remains high."
ENISA is the European Union Agency for Network and Information Security which act as a centre of excellence for cyber security in Europe. ENISA's mission is to contribute to securing Europe's information society by raising awareness of network and information security and to develop and promote a culture, of network and information security in society for the benefit of citizens, enterprises and public sector organisations in the Union.