ENISA Cyber-Exercises Analysis Report-V1.0 PDF
ENISA Cyber-Exercises Analysis Report-V1.0 PDF
ENISA Cyber-Exercises Analysis Report-V1.0 PDF
October 2012
Acknowledgements
ENISA wishes to thank all persons and organisations which have contributed to this stocktaking exercise. In particular, our gratitude goes to the following contributors: The cyber exercise community who filled in the online survey published on the ENISA website and provided additional information about the exercises; Speakers and participants who attended ENISAs 1st International Conference on Cyber Crisis Cooperation: Cyber Exercises, 27 June 2012, in Paris.
About ENISA
The European Network and Information Security Agency (ENISA) is a centre of network and information security expertise for the EU, its Member States, the private sector and Europes citizens. ENISA works with these groups to develop advice and recommendations on good practice in information security. It assists EU Member States in implementing relevant EU legislation and works to improve the resilience of Europes critical information infrastructure and networks. ENISA seeks to enhance existing expertise in EU Member States by supporting the development of cross-border communities committed to improving network and information security throughout the EU. More information about ENISA and its work can be found at www.enisa.europa.eu. Follow us on Facebook Twitter LinkedIn Youtube & RSS feeds
Contact details
For questions related to this report or any other general inquiries about the resilience program please use the following contact address: resilience at enisa.europa.eu
Legal notice
Please note that this publication represents the views and interpretations of the authors and editors, unless stated otherwise. This publication should not be construed to be a legal action of ENISA or the ENISA bodies unless adopted pursuant to the ENISA Regulation (EC) No 460/2004 as lastly amended by Regulation (EU) No 580/2011. This publication does not necessarily represent state-of-the-art and ENISA may update it from time to time. Third-party sources are quoted as appropriate. ENISA is not responsible for the content of the external sources including external websites referenced in this publication. This publication is intended for information purposes only. It must be accessible free of charge. Neither ENISA nor any person acting on its behalf is responsible for the use that might be made of the information contained in this publication. Reproduction is authorised provided the source is acknowledged. European Network and Information Security Agency (ENISA), 2012
II
Executive Summary
Cyber exercises are an important tool to assess the preparedness of a community against cyber crises, technology failures and critical information infrastructure incidents. ENISA supports the stakeholders involved in EU cyber exercises. This report aims to support European and international bodies involved in cyber exercises with lessons learned about cyber exercises and recommendations for the future. The report presents the results of the ENISA 2012 research and analysis by ENISA in 2012 of national and international cyber exercises carried out. ENISA examined 85 exercises covering the period between 2002 and 2012. In total, 84 countries worldwide participated in the multinational exercises analysed in this report. A total of 22 European countries conducted in national cyber-exercises. The main findings in this research include: 1. The number of cyber exercises has increased in recent years (71% took place in between 20102012). The reasons for this increase are the overall policy context that supports and boosts cyber exercises, the increased emphasis given by the EU Member States to cyber exercises, and the increasing threat of (cross-border) cyber incidents and attacks. Cyber crisis cross border cooperation efforts are continuously developing. Cyber security is an urgent matter which receives increasingly more attention in European countries. Publicprivate partnerships during cyber exercises are essential due to private sector ownership of most critical information infrastructures. There is a need to intensify publicprivate cooperation in cyber exercises. More attention should be paid to developing exercise management tools which can support exercise execution and preparation. The use of methodological planning, monitoring and evaluation is crucial for effective exercises. There is broad consensus that cyber exercises help to enhance the preparedness, responsiveness and knowledge of stakeholders in responding to cyber incidents.
2. 3.
4. 5. 6.
The report concludes with seven recommendations for stakeholders in the global cyber exercises area, which aim to increase the number and quality of cyber exercises. The main recommendations are: 1. Establish a more integrated global cyber exercise community; 2. Ensure the exchange of good practices on cyber exercises, including publicprivate cooperation; 3. Support the development of exercise management tools to support exercise planning, execution and evaluation; 4. Aim for more complex cyber exercises on an inter-sectoral, international and European level; 5. Enhance preparedness by including exercises in the lifecycle of Cyber Crisis Contingency Plans; 6. Update the good practices for national exercises and initiate a good practice guide for multinational exercises; 7. Develop feedback mechanisms for ensuring that lessons learned from cyber exercises are implemented resulting in enhanced cyber crisis preparation.
III
Contents
List of figures .............................................................................................................................................IV 1 Introduction ....................................................................................................................................... 1 1.1 1.2 1.3 1.4 2 Policy context ............................................................................................................................ 1 Scope and audience .................................................................................................................. 2 Methodology ............................................................................................................................. 2 Structure of the report .............................................................................................................. 3
Overview of cyber exercises .............................................................................................................. 5 2.1 2.2 2.3 2.4 2.5 2.6 2.7 2.8 Basic facts .................................................................................................................................. 5 General exercise information.................................................................................................... 5 Cyber exercises in Europe ......................................................................................................... 6 Participation in cyber exercises................................................................................................. 8 Type of exercise ........................................................................................................................ 9 Exercise execution................................................................................................................... 11 Monitoring and evaluation ..................................................................................................... 12 Cyber exercises in the media .................................................................................................. 13
3 4
ANNEX 1: Full results of the survey .......................................................................................................... 18 ANNEX 2: List of the cyber exercises from the survey ............................................................................. 22
IV
List of figures
Figure 1: The cyber exercises collected by year ........................................................................................ 5 Figure 2: Duration of the cyber exercises examined ................................................................................. 6 Figure 3: Proportion of exercises carried out as part of a series ............................................................... 6 Figure 4: Cyber exercises in Europe for the period 20022012 (numbers indicate exercises per country) ................................................................................................................................................................... 7 Figure 5: EU and EFTA countries involved in national cyber exercises; data from ENISA surveys of 2010 and 2012 .................................................................................................................................................... 8 Figure 6: National vs. multinational exercises ........................................................................................... 8 Figure 7: Sectors involved in the exercise.................................................................................................. 9 Figure 8: Types of cyber exercise ............................................................................................................. 10 Figure 9: Focus of the exercise ................................................................................................................ 11 Figure 10: Type of monitoring methods used during or after the exercise............................................. 12 Figure 11: Cyber exercises evaluation ..................................................................................................... 13
Introduction
Cyber1 exercises are an important tool to assess the preparedness of a community against cyber crises, technology failures and critical information infrastructure incidents. Exercises enable the competent authorities to target specific weaknesses, increase cooperation across the critical information infrastructure sector, identify interdependencies, stimulate improvements in continuity planning, and generate a culture of cooperative effort to boost resilience in the cyber crisis cooperation area. In 2009 ENISA issued a recommendation about the importance of cyber exercises. Since then ENISA has continued to support the stakeholders involved in cyber exercises in Europe. This stocktaking report is one of ENISAs efforts to enhance this area in Europe. This report aims to support the European and international cyber exercises community with lessons about cyber exercises and recommendations for the future. The report presents the results of the stocktaking of national and international cyber exercises carried out by ENISA in 2012. More information about this report, the stocktaking activities and supporting material can be found on the reports companion website at ENISAs Resilience and CIIP public web pages.2
In this report we use the terms Cyber and Critical Information Infrastructures synonymously and interchangeably, based on the definition of the former as: cyber refers to the interdependent network of information technology infrastructures, and includes technologies such as the Internet, telecommunications networks, computer systems, and embedded processors and controllers in critical industries. (Source: WEF, Partnering for Cyber Resilience, World Economic Forum Report, 2012 available at: http://www.weforum.org/issues/partnering-cyber-resilience-pcr)
2 3 4
In this policy context the first pan-European exercise on Critical Information Infrastructure Protection (CIIP), Cyber Europe 2010, was conducted on 4 November 2010.5 The exercise was organised by EU Member States and facilitated by ENISA. Built on a scenario concerning internet resilience, the exercise helped to increase trust and test the communication efficiency between the participating Member States of the European Union and the European Free Trade Association (EFTA), hence illustrating the value of conducting such exercises. A COM Communication of March 2011, COM(2011)-1636, on CIIP again stressed the importance of cyber exercises for a coherent strategy for cyber incident contingency planning and recovery at both national and European level. There is therefore an increasing appreciation of exercises as a means of validating CIIP resilience and improving stakeholder communication. As such, the cycle, which began with the Good Practice Guide on National Cyber Exercises,7 is now in full motion after the completion of the first joint EUUS CIIP Exercise, Cyber Atlantic 2011, and of the second pan-European cyber exercise Cyber Europe 20128.
1.3 Methodology
As a first step to prepare this research, we conducted a bibliographical search over six months (FebruaryJuly 2012) in order to gather information on cyber exercises from online sources and available relevant literature. The second step was to develop a survey about cyber exercises. We opened the survey at ENISAs website from April 2012 until July 2012, and invited stakeholders in the global cyber exercise community to respond. The survey was filled in on a voluntary basis; therefore we cannot claim that we have covered all cyber-exercises.
5 6 7 8
An evaluation report from the exercise and a video are available online: http://www.enisa.europa.eu/act/res/ce2010 http://ec.europa.eu/information_society/policy/nis/strategy/activities/ciip/index_en.htm http://www.enisa.europa.eu/activities/Resilience-and-CIIP/cyber-crisis-cooperation/exercises The Cyber Europe 2012 Key findings report will be available (after Nov 2012) at:
https://www.enisa.europa.eu/activities/Resilience-and-CIIP/cyber-crisis-cooperation/cyber-europe
The final step in the process was the organisation of the 1st International Conference on Cyber Crisis Cooperation: Cyber Exercises on 27 June 2012 in Paris. In total, 17 speakers and approximately 65 participants, all involved in the field of cyber exercises, attended and contributed to the conference. The objectives of the conference were to: a) Exchange good practices in the field of international cyber crisis cooperation, specifically focusing on cyber exercises. b) Bring together the stakeholders that organise and have experience in cyber exercises in order to explore cooperation between them. c) Identify gaps and challenges in the field of international cyber crisis cooperation and in particular cyber exercises. This report takes into account the results and recommendations of the 2012 Paris conference. The full details about the Conference, including the individual presentations, are available at ENISAs resilience and CIIP web pages.9 The data gathered from all three steps were analysed in order to draw valid conclusions about the nature of national and international cyber exercises. This report includes the results of this analysis. In addition, ENISA has created a database10 with the results of the open survey on the stocktaking of cyber exercises. Subsequently, we analysed the results of the stocktaking of cyber exercises. In this report we present the analysis of the results, the conclusions and recommendations. Note that the data gathered in the three steps of our methodology were given to us on a voluntary basis. Therefore we cannot guarantee that these data correspond to a full mapping of all cyber exercises; i.e., we cannot claim we have an exhaustive list of all cyber exercises. We do believe, though, that we have the critical mass, covering a broad scope in terms of cyber exercise types.
http://www.enisa.europa.eu/activities/Resilience-and-CIIP/cyber-crisis-cooperation/cyber-exercise-stocktaking/cyberexercise-conference
10
In this stocktaking we have collected information on a number of cyber exercises of national and international cyber exercises. The exercises studied display a mixture of different exercise types. In this section we present a general overview of our findings. Annex 1 and 2 provide more details on the results of the stocktaking.
Figure 2 displays the duration of the cyber exercises we examined. We found that that 43% of the exercises were one-day events, 32% of the exercises continued for two to three days and 19% of the exercises took more than three days. We can see that approximately 75% (based on 81% of overall
11
Please note that the findings presented in this report are based on the exercises gathered in this stocktaking. Although the survey was open to all for a long period, scientifically we cannot claim this is an exhaustive research. It does, though represent a large sample.
data gathered) of the exercises lasted for one to three days, which indicates that even a short period of time can be sufficient to execute a cyber exercise.
As Figure 3 shows, around 84% of the exercises (based on 82% of overall data gathered) are part of a series; around two-thirds of them take place on a yearly basis and a quarter on a biannual basis.
2.3
More specifically, we looked at the situation of cyber exercises in Europe. Figure 4 shows the map of Europe and the number of national exercises organised by European countries. For this stocktaking, we included both EU and EFTA countries (31 countries in total). According to our findings, between 2002 and 2012 six countries (indicated with on the map)
organised a national exercise three times. In the same period four countries (indicated with on the map) organised two national cyber exercises. The countries indicated with on the map conducted one national exercise. We thus see that 22 European countries have already organised one or more
national cyber exercise. Cyprus, Malta, Luxembourg and the Czech Republic have not yet conducted such an exercise. However, these countries were involved in international exercises.
Figure 4: Cyber exercises in Europe for the period 20022012 (numbers indicate exercises per country)
Compared to data ENISA gathered in 2010, we observe a slight increase in the number of national and international cyber exercises in Europe (see Figure 5). Two years ago, 20 countries organised a national exercise. This current stocktaking reveals that some countries have organised two or even three cyber exercises, while others have just completed one. In addition, almost all EU and EFTA countries have participated in multinational cyber exercises.
Figure 5: EU and EFTA countries involved in national cyber exercises; data from ENISA surveys of 2010 and 2012
In total, 64% (based on 94% of overall data gathered) of the multinational exercises involved more than 10 countries, 13% involved 610 countries and 13% involved 35 countries. Another interesting aspect of cyber exercises is the participation of sectors, and more specifically the participation of the public and private sectors. As Figure 7 shows, we found that 57% of the exercises (based on 88% of overall data gathered) combined the public and private sector, while 41% involved only the public sector. We found that only one exercise in this stocktaking took place with only the private sector involved. This is an interesting finding that demonstrates that the private sector could be more proactive with testing security and contingency plans, as they are the owners of the
infrastructure and the actual experts in the subject. Publicprivate cooperation occurs in more than half of the exercises, which is attributed to the fact that private stakeholders play a critical role in the area of cyber crisis cooperation. As such, publicprivate cooperation in cyber exercises is likely to increase in the coming years.
The number of participants in the exercises ranged from 20 to more than 75 people; this of course depends on the sectors and number of countries involved in the exercise.
Comms check
To validate systems or infrastructures. The first time the response team convenes to consider the planned procedures and their roles.
Walk through
10
Workshop
Table-top
A scenario-based rehearsal of responses and actions in open forum, to allow discussion of activities. To validate plans and integration of procedures prior to moving on to more complex, team-based activities. To test plans and procedures. To enable a team to rehearse using their own response facilities. Usually only management level involvement. To stress test the responses with a real time environment, as close to reality in every aspect as possible.
Full simulation
A developmental step in the building of capability, using a scenario to rehearse in an open forum the responses of teams and actions without any time pressure. Scenario-based, open forum discussions with no external pressures. Responses are stepped through in a measured fashion and each aspect is discussed if needed before moving on. Scenario-based, players act according to routine. Response centre based but with role play of the external environment and players. Players respond in real time as information is received, interacting with other teams and role players as the response requires.
As shown in Figure 8, 43% of the exercises (based on 61% of overall data gathered; the relevant data were not available for the remaining 39%) were executed as distributed table-top exercises (i.e. players remain in their usual place of work within their organisation/country); 19% were full simulation exercises; and 5% took the form of a workshop.
11
Figure 9 demonstrates that in total 48% of the exercises (based on 45% of overall data gathered) had an operational focus, while 17% were mainly tactical and 24% mainly strategic.12 Most of the cyber exercises examined had a combined focus.
Using the collected data, we see that most of the time a (distributed) table-top exercise was carried out. A (distributed) table-top is suitable for both beginners and experienced participants, and addresses the operational, tactical and strategic level.
Operational exercises focus mainly on checking technical issues; tactical exercises are mostly procedural tests; while strategic exercises refer mainly to high-level decision-making and policy exercises. A good reference for these terms is the ENISA Good Practice Guide on National Cyber Contingency Plans (NCPs). Please contact [email protected]
12
exercise). However, three-quarters of all exercises gathered did not provide data about the exercise management tools. This could be either because they do not use tools, or because the information about them could be made public.
Figure 10: Type of monitoring methods used during or after the exercise
As demonstrated in Figure 11, we found that 16% of the exercises (based on 54% of overall data gathered) had a debriefing workshop, 31% made a report after the exercise, 17% had a hot wash session and 12% asked participants to carry out self-evaluation (with evaluation forms). Again in this case a combination of these evaluation methods is quite common policy.
13
Using the collected data, we can see that a report of the exercise is made for most of the cyber exercises we have examined. This may be because exercise organisers need to report to their management about the exercise and the results.
As the list above shows, organising exercises attracts publicity for organisations and helps to raise awareness within a country about cyber security. In addition, media reporting about the exercise proved to have a positive impact on the reputation of organisations involved (e.g. that citizens learn about the work done by their government).
14
This survey of national and international cyber exercises shows that countries engage in a variety of cyber exercises. The research presented in this report is not exhaustive as the results capture only 85 exercises of 84 countries (national or multinational, European or global) from 2002 to 2012. However, we do think our stocktaking presents a good overview of the status quo and in this section we draw the main conclusions from the findings during our research. Below we have listed (in no particular order) the main findings. 1. The number of cyber exercises has increased in the past few years Cyber exercises are becoming increasingly more common, with the number of exercises rising sharply since 2010. This may have been caused by the overall policy context that supports and boosts cyber exercises, cyber exercise and by the increasing threat of cyber incidents and attacks. Many exercises are part of an exercise series and take place on a yearly basis. This shows that interest and activity in the field of cyber exercises persists and that this trend will most likely continue in the coming years. We observed that many countries actively engage in this field and are preparing to carry out cyber exercises in the (near) future, both domestically and in international cooperation. In addition, the media seem to report more frequently on the cyber exercises. 2. Cyber crisis cooperation efforts are in constant development Not only are cyber exercises more frequent and widespread, but there is also a constant development of cyber crisis cooperation initiatives. Cyber security is an urgent matter which receives increasingly more attention in European countries. The growing attention is spurred by the fact that societies face ever more complex and potentially devastating cyber-related contingencies and challenges. The participants in the 1st International Conference on Cyber Crisis Cooperation: Cyber Exercises stressed the need for more exchange of good practices in the area of cyber crisis cooperation (e.g. regarding exercises and conferences) in order to learn from each others experiences, lessons and solutions. 3. Most European countries participate in national and multinational cyber exercises Most EU and EFTA countries participate in both national and multinational exercises. This implies that efforts on a national level can be combined and complemented with efforts on a multinational level and that (inter)national cyber crisis cooperation expands during these exercises. For countries with limited national capacity (for instance to organise a national exercise), it is very helpful to participate in multinational exercises in order to ensure that their national preparedness meets the required standards. The fact that cyber crises do not stop at the border of a country also provides a strong incentive for larger countries to help neighbours with more limited capacity, and emphasises the need to jointly organise multinational exercises. ENISA supports these efforts by arranging seminars on cyber exercises13 and pan-European regional exercises.14 4. Publicprivate liaison is essential due to private sector ownership of most critical information infrastructures
13 14
https://www.enisa.europa.eu/activities/Resilience-and-CIIP/cyber-crisis-cooperation/exercises https://www.enisa.europa.eu/activities/Resilience-and-CIIP/cyber-crisis-cooperation/cyber-europe
15
Since many private sector stakeholders are involved in the protecting, managing and employing of critical information infrastructure, we consider it promising that private and public sector actors cooperate in many cyber exercises (about half of the exercises involve both public and private sector participants). However, the trend that critical information infrastructure is increasingly more owned by private stakeholders, shows the need to intensify publicprivate cooperation in cyber exercises in the future. 5. More attention must be paid to exercise management tools The cyber exercise field seems to show an under-appreciation of exercise management tools. Exercise management tools can assist in exercise execution and preparation (e.g. when inexperienced people prepare to organise an exercise). During the 1st International Conference on Cyber Crisis Cooperation: Cyber Exercises several exercise management tools were presented and good practices were exchanged. However, the work in this area is still progressing and many exercises do not yet employ any exercise management tools. We believe the use of these tools will grow significantly and become more relevant in the years to come. 6. Advance the use of planning, monitoring and evaluation methods Planning, monitoring and evaluation are crucial for exercise pay off, e.g. improvement of plans and procedures, policy changes, and planning and enhancement of new exercises. Planning is essential to guarantee an effective and successful exercise. It is crucial that organisers have enough time to plan, execute and evaluate exercises. The global cyber exercise community should exchange good practices regarding the planning process in order to help organisers prepare better for an exercise. The monitoring and evaluation process is made more efficient when good practices are shared among several exercise organisers. As this stocktaking yielded limited evidence of the use of monitoring and evaluation methods, we stress the fact that it is essential to gain ground in this respect. Monitoring and evaluation methods can further help exercise organisers to structure feedback and generate lessons learned.
16
Recommendations
Building on the findings from research on cyber exercises we have produced a number of recommendations that could increase the number and quality of cyber exercises, and thus contribute to the enhanced resilience of the critical cyber infrastructures and services. The recommendations below15 are mainly targeted at cyber exercise organisers, political leadership and policymakers, the various public agencies, national and international, behind the organisation and support of cyber exercises, the private sector owners of the cyber infrastructures, and the research and development community that can support the tools and methodologies for cyber exercises. 1. Establish a more integrated cyber exercise community As we observe the continuous expansion of the cyber exercise area and the constant development of the field of cyber crisis cooperation, there is a need for a more integrated cyber exercise community in which good practices, challenges and lessons learned are exchanged and discussed among stakeholders in the global field of cyber exercises. Most of the current efforts, such as national cyber exercises and multinational, civilian and cyber defence, are quite segregated. A big challenge for the cyber community is to coordinate the exercise schedules, and synchronise wherever possible, in order to be able to learn from each other. In addition, we recommend continuing with the organisation of international conferences in the field of cyber crisis cooperation in order to build a more integrated cyber exercise community. 2. Exchange of good practices on cyber exercises publicprivate cooperation The 1st International Conference on Cyber Crisis Cooperation: Cyber Exercises provided a number of ideas about how to share good practices in the field of cyber exercises. The most important recommendation is the need for cooperation between the private and public sector. Private public partnerships16 for the protection of critical information infrastructures are very important, and in that context joint exercises and sharing of best practices are essential. Other suggestions for exchanging good practices include: the establishment of (virtual) databases for sharing good practice in conducting cyber crisis exercises and observing each others exercises in order to learn from them and exchange ideas. We recommend that all stakeholders in the global field of cyber exercises engage in the exchange of good practices and that privatepublic partnerships are established and utilised for cyber exercising. ENISA will aim to facilitate this in the future. 3. Further development of the area of exercise management tools to support exercise organisation The planning, execution and evaluation processes of cyber exercises can be more efficient if they use well defined methodologies and automated tools to support them. Exercise management tools, including simulators and emulators, can help advance these processes and improve exercise quality and outcome. We urge the global cyber exercise community to support the development, adoption and sharing of exercise management tools.
15 16
17
4. Aim for more complex cyber exercises on an inter-sectoral, international and European level One of the main challenges we found during our research on cyber exercises is the cross-border nature of most of the cyber incidents/crises. These types of crises cross the boundaries of countries, and sectors. The challenge is to organise cyber exercises that can test all different complexities of a cross-border crisis, specifically testing different levels (operational, tactical and strategic) together. We recommend the global cyber exercise community, together with ENISA, aims for more complex exercises. 5. Enhance preparedness by including exercises in the lifecycle of Cyber Crisis Contingency Plans Countries need to develop, maintain and update their crisis contingency plans and standard operational procedures for cooperation. The continuous improvement of the response structure (as described in the crisis contingency plans) is refined and fuelled by performing exercises. We recommend that policymakers in the EU Member States include exercises in cyber crisis contingency plans and standard cooperation procedures, since this enhances their preparedness for cyber crises. ENISA prepared a Good Practice Guide on National Cyber Contingency Plans.17 We recommend the use of this guide in the development of a coordinated response and crisis management of large-scale cyber incidents. 6. Update the good practices for national exercises and promote good practices for multinational exercises In 2009, ENISA developed a Good Practice Guide on National Exercises18 as is a first step towards a more formal methodology for planning and conducting cyber exercises. Another related effort is the HERMESOEx method.19 We recommend these methods are merged and updated by ENISA based on developments in recent years in the European policy area, the results gathered in this research and the forums such as the 1st International Conference on Cyber Crisis Cooperation: Cyber Exercises, and create a formal method, with the relevant tools, for planning and organising cyber exercises. 7. Develop feedback mechanisms for ensuring that lessons learned from cyber exercises are implemented resulting in enhanced cyber crisis preparation Any cyber exercise (an exercise in general) is not a target in itself. A cyber exercise is considered part of the preparedness and response procedures development and maintenance lifecycle. Therefore it is vital to have the necessary feedback mechanisms to implement any changes needed as a result of the lessons learned from the exercise. These mechanisms include both the appropriate feedback tools analytical evaluation reports on preparedness, cooperation and response improvement, but also political and strategic empowerment of the owners of processes and procedures to allow them to proceed with the implementation of changes with the appropriate resources. Both aspects are considered essential for the success of an exercise.
17 18 19
The ENISA Good Practice Guide on National Cyber Contingency Plans is available upon request. http://www.enisa.europa.eu/activities/Resilience-and-CIIP/cyber-crisis-cooperation/exercises
http://www.hermes.admin.ch/services-en/hilfsmittel/hermes-for-the-organisation-of-exercise-projects-hermesoex?set_language=en&cl=en
18
19
20
22
10 2007 11 2008 12 2008 13 2008 14 2008 15 2008 16 2008 17 2009 18 2009 19 2009 20 2009 21 2009 22 2010 23 2010 24 2010 25 2010 26 2010 27 2010 28 2010
23
29 2010 30 2012 31 2010 32 2010 33 2010 34 2010 35 2010 36 2010 37 2010 38 2010 39 2011 40 2011 41 2011 42 2011 43 2011 44 2011 45 2011 46 2011 47 2011 48 2011 49 2011 50 2011 51 2011 52 2011 53 2011 54 2011 55 2011 56 2011 57 2011 58 2011
Cyberstorm III Cyberstorm III-NL pact ECD Ejercicio de Cyberdefensa 2010 FY 2010 Gaillean Exercise Nationell informationsskerhetsvning (NIS) Panoptis 2010 PHOENIX 2010 Piranet 2010 Tallinn CIIP 2010 APCERT Drill 2011 CERT.LV Technical IT Security Exercise 2011 COMEX CopyPaste Cyber Atlantic 2011 Cyber Coalition 2011 CYBER DEFENCE 2011 Cyber Endeavor Cyber Italy 2011 CYBER WINTER 2011 ECD Ejercicio de Cyberdefensa 2011 EuroCybex 2011 FY 2011 HACKCERT 2011 Information Security Exercise 2011 ITU IMPACT ALERT 2011 KRISESTYRINGSVELSE 2011 LKEX 2011 (Malaysia) National Cyber Security Exercise Panoptis 2011
USA The Hague, Netherlands Spain Japan Ireland Sweden Greece Sofia, Bulgaria France Tallinn, Estonia
24
59 2011 60 2011 61 2011 62 2011 63 2012 64 2012 65 2012 66 2012 67 2012 68 2012 69 2012 70 2012 71 2012 72 2012 73 2012 74 2012 75 2012 76 2012 77 2012 78 2012 79 2012 80 2012 81 2012 82 2012 83 2012 84 Every half year 85 No date provided
Slovak Information Security Exercise (SISE) Tel 11 Turkish National Cyber Security Exercise 2011 Operation Kill Switch APCERT Drill 2012 BelgoCybex COMPOR 2012 Cyber Defense Exercise 2012 (CDX 2012) Cyber Europe 2012 Cyber Fever 2012 Cyber Italy 2012 Cyber Phalanx Cyber Planspiel Cyberstorm IV EuroSOPEx Eventide ITU-IMPACT 2012 Jornadas PSCIC Lights Out 2012 Locked Shields 2012 National Crisis Management Exercises Nettlaginn 2012 NLE 2012 Piranet 2012 Switzerland Cyber Exercise TIETO PTS Trainings
Estonia Italy
Austria USA
25