CySOPEx 2021 is testing for the first time today (19 May) the procedures for prompt and effective cyber crisis management in the EU to face large-scale, cross border cyber-attacks.
CySOPEx 2021 is the first EU exercise for the recently established EU CyCLONe - Cyber Crises Liaison Organisation Network. The Network’s liaisons link the technical level (ie. The CSIRTs Network) to the political one when a large-scale cross-border cyber crisis takes place. This is in order to support the coordinated management of such cybersecurity incidents and crises at operational level and to ensure the regular exchange of information among Member States and Union institutions, bodies and agencies.
The CySOPexexercise aims to test Member States procedures for fast cyber crisis management in the EU when facing large-scale, cross-border cyber incidents and crisis. All Member States and the European Commission are taking part in the exercise organised by Portugal as Presidency of the Council of the European Union and CyCLONe Chair and by the EU Agency for Cybersecurity (ENISA) that acts as the secretariat of the CyCLONe.
The procedures which are tested aim to enable swift information exchange and effective cooperation among the Cyber Crises Liaison Organisations (CyCLO) – i.e. the Member States competent authorities – within the CyCLONe along the lines described as the operational level of the Blueprint recommendation.
CyCLONe Chairman and representative of the Portuguese Presidency of the Council of the EU João Alves said: “CySOPex 2021 is an important milestone for the CyCLONe network, bringing together Member States, ENISA and European Commission to better prepare and coordinate rapid response procedures in case of a large-scale cross-border cyber incident or crisis. Recent events have shown the importance of such co-operation and aligned response. CySOPex reflects everyone’s engagement in the present and, foremost, in the future.”
EU Agency for Cybersecurity Executive Director Juhan Lepassaar said: “Enabling the coordination of all the actors involved at operational, technical and political levels is an important element of efficient response to cross-border cybersecurity incidents. Testing these capabilities is a sine qua non to prepare for the future cyber-attacks."
Specifically, the CySOPex exercise is tailored for the CyCLONe officers who are specialised in crisis management and/or international relations supporting the decision-makers, prior to and during, large-scale incident or crisis situations. They provide guidance on situational awareness, crisis management coordination and political decision-making.
The goals of the exercise are to increase the overall competences of the CyCLONe officers specifically to:
- Train on situational awareness and information sharing processes;
- improve understanding of roles and responsibilities in the context of the CyCLONe;
- identify improvements and/or potential gaps in the standardised way of responding to incidents and crises (i.e. Standard Operating Procedures), and;
- test the CyCLONe cooperation tools and exercise infrastructures provided by ENISA.
This exercise follows the BlueOlex 2020, where the CyCLONe was launched. BlueOlex is a table-top Blueprint Operational Level Exercise (Blue OLEx) for high-level executives of national cybersecurity authorities.
This year, the CySOPEx 2021 will be followed by the CyberSOPex 2021, the exercise for the technical level embodied by the CSIRTs Network and the BlueOlex 2021 that will take place in Q4.
About CyCLONe – the EU Cyber Crises Liaison Organization Network
EU CyCLONe aims at enabling rapid cyber crisis management coordination in case of a large-scale cross-border cyber incident or crisis in the EU by providing timely information sharing and situational awareness amongst competent authorities and is supported by ENISA, which provides the secretariat and tools.
EU CyCLONe operates at the “operational level”, which is the intermediate in between technical and strategic/political levels.
The goals of EU CyCLONe are to:
- Establish a network to enabling the cooperation of the appointed national agencies and authorities in charge of cyber crisis management, and;
- provide the missing link between the EU CSIRTs Network (technical level) and the EU political level.
Due to its importance in the EU cybersecurity landscape, the European Commission proposal for the revised NIS Directive envisions in Article 14 the formal establishment of the European Cyber Crises Liaison Organisation Network (EU – CyCLONe).
About ENISA role in operational co-operation
By co-ordinating both the secretariat of the EU CyCLONe and the CSIRTs Network, ENISA aims at synchronising the technical and operational levels and all actors involved in the EU to collaborate and respond to large-scale incidents and crises by providing the best tools and support by:
- Enabling operation and information exchange with infrastructure, tools and expertise;
- Acting as facilitator (switchboard) between the different networks, the technical and operational communities as well as decision makers responsible for crisis management, and;
- Providing the infrastructure and support for the exercise and training.
German cyber security chief fears hackers could target hospitals
German hospitals may be at increased risk from hackers, the head of the country's cyber security agency has said, following two high-profile digital attacks this month on the Irish health service and a US fuel pipeline.
Ireland's health service operator shut down its IT systems last Friday to protect them from a "significant" ransomware attack, crippling diagnostic services, disrupting COVID-19 testing and forcing the cancellation of many appointments. Read more
German clinics have been targeted by a series of cyber attacks over the last five years, and Arne Schoenbohm (pictured), president of the BSI federal cyber security agency, told Zeit Online newspaper he saw "a greater danger at hospitals".
Earlier in May, the 5,500-mile (8,850-km) US Colonial Pipeline Co system closed after one of the most disruptive cyber attacks on record, preventing millions of barrels of gasoline, diesel and jet fuel from flowing to the East Coast from the Gulf Coast. Read more
Schoenbohm said many German businesses were at increased risk of being targeted by hackers due to remote working during the COVID-19 pandemic.
"Many companies had to enable home offices within a short time," he said, adding that as a result, many of their IT systems were vulnerable to attack.
"Companies often close known security gaps too slowly."
Computer hacking poses problems for Irish government
The Irish government has found itself facing a delicate dilemma as it prepares to open up its economy after the costly coronavirus pandemic. The recent hacking of computers that run its health service, by Russian criminals, has not only left it exposed to ransom demands but potential legal actions from irate Irish people as Ken Murray reports from Dublin.
On the morning of Friday 14 May last, Irish people switched on their radio devices to learn that the IT system of the Health Service Executive (HSE), the body that runs the country’s hospital system, had been hacked over night!
Cyber criminals, believed to be the Wizard Spider gang in St. Petersburg Russia, had hacked in to personal files on the entire national computer system and were issuing a ransom demand of €20 million to unlock codes!
At first the HSE played down the hack insisting that all files were copied in cloud computing storage, nothing had been stolen or compromised and that everything would be ok by Monday 17 May.
By Tuesday18 May, the crisis showed no signed of improving with the Government coming under attack from opposition politicians who themselves, were bombarded by worried constituents in the preceding days.
“This is escalating into a pretty serious national security crisis and I am not sure it is on the radar to the level it should be,” Labour Party Leader Alan Kelly told the Irish Parliament that day.
As the days rolled on, angry callers to radio phone-in programmes, some in tears, have been telling stories of cancelled radiotherapy and chemotherapy sessions for stage 4 cancer treatment with some calling on the Government, in desperation, to pay the ransom and get the service back to normal as quick as possible.
The Irish Government has stood firm in the passing days since the hack emerged insisting it will not pay the ransom for fear it could leave itself exposed to future hacks and demands.
However, the hackers sent a decryption computer key or code to the Irish Government prior to the weekend beginning 21 May prompting concerns that a ransom had been paid.
“No payment has been paid in relation to it at all. Security personnel don’t know the exact reason why the key was offered back,” the Taoiseach Micheál Martin insisted when he spoke to reporters on Friday 21 May.
With time moving on, there are now growing expectations in Irish government circles that the hackers will publish sensitive personal details on the so-called dark web in the coming days.
These details could include information on individuals who may have HIV/AIDS, advanced cancer, child abuse cases where individuals have not been named in the courts or for example, sexually transmitted infections but have opted to retain such information between themselves and their respective doctors.
Vulnerable people with medical conditions that could affect their jobs, reputations, personal lives, longevity and life insurance policies, remain at risk!
With the Government facing possible legal actions if such confidential information is allowed to be published, it moved in the Dublin High Court last week to secure legal injunctions prohibiting Irish media outlets, websites and digital platforms from making such information known to the wider public!
Junior Finance Minister Micheal McGrath pleaded with people at the weekend not to co-operate with any individuals or correspondence seeking payments in return for online confidential medical information.
Speaking to This Week on RTE Radio, he said, "The threat that we're facing here is real and the release of personal, confidential and sensitive data would be a despicable act but it is not one that we can rule out and the Gardaí [Irish police], working with our international law enforcement partners, are doing all that they can now to be in a position to respond to this.”
Ireland’s failure to honour its GDPR (General Data Protection Regulations) commitments could also see it facing serious fines in the European Court depending on how this all pans out!
Meanwhile with numerous health procedures in hospitals delayed by the hacking attack, questions are being asked as to how secure all Irish State computers systems are?
Paul Reid, the CEO of the HSE which is already working 24/7 to deal with the COVID pandemic, moved at the weekend to assure the public that his team are doing all they can to address the problem.
He told the This Week radio programme that the cost of fixing the problems could run in to tens of millions of euro.
He said work is now under way on "assessing each of those national [IT] systems we want to restore, which ones we have to rebuild, which ones we may have to remove and certainly the decryption process helps us in that."
He said good progress has been made "particularly in some of the national systems, like the imaging system which would support scans, MRIs and X-rays".
The hacking issue in Ireland is likely to see the entire State IT system overhauled in the coming weeks and months to ensure no such penetration by eastern European criminals ever happens again.
However, the crisis in Ireland serves as a reminder to the other 26 countries in the European Union that as long as Russian criminals continue to be a menace to western democracies, any one of those States could be next, particularly those with nuclear capabilities or sensitive military plans!
In the meantime, government officials in Dublin are keeping their fingers crossed that the threat of published sensitive material appearing on the dark web in the coming days remains just that, namely a threat!
Commission makes €11 million available to strengthen cybersecurity capabilities and co-operation
The European Commission will make €11 million of funding available for 22 new projects seeking to strengthen the European Union's capacity to deter and mitigate cyber-threats and incidents, by employing the latest technologies. The projects, which have been selected following a recent call for proposals under the Connecting Europe Facility programme, will support various cybersecurity organisations in 18 Member States. The beneficiaries of the funding include Computer Security Incident Response teams, operators of essential services in the health, energy, transport and other sectors, as well as bodies dealing with the cybersecurity certification and testing, as defined in the EU Cybersecurity Act. They will start working after the summer on tools and skills necessary to comply with the requirements set by the NIS Directive and the Cybersecurity Act, while at the same time they will engage in activities aimed to enhance cooperation at the EU level. So far the EU has funded almost €47.5m to reinforce EU cybersecurity between 2014 and 2020, through the Connecting Europe Facility programme. Furthermore, more than €1 billion under the Digital Europe Programme will be directed towards the areas of focus of the new EU Cybersecurity Strategy. More information is available here. More information about Europe's actions to strengthen cybersecurity capacities is available here and EU-funded cybersecurity projects can be found here.
Bulgaria2 days ago
The caretaker government in Bulgaria attacks public service television in an attempt to silence the opposition
Ukraine5 days ago
Biden against corruption? Why the stolen money in Ukraine may never return
COVID-193 days ago
Mainstream media risks becoming a threat to public health
EU3 days ago
Parliament votes to take Commission to court over inaction on breaches of the rule of law
UK2 days ago
Biden has a Brexit warning for Britain: Don't imperil Northern Irish peace
Brexit4 days ago
Brexit Adjustment Reserve: MEPs want swift disbursement of €5 billion fund
Health4 days ago
Interview with Eric Bossan, Head of Europe Viatris
coronavirus3 days ago
EU Digital COVID Certificate: It’s now up to EU countries