Over the past two days, EDA has organised the first ever live-fire cyber exercise specifically dedicated to improving European cooperation between Member States’ national Computer Emergency Response Teams (CERTs). The exercise gathered more than 200 experts from 17 EDA Member States and Switzerland, all of them connecting remotely from their working locations. The event marked the first practical part of the EU MilCERT Interoperability Conference 2021 (MIC), the second part of which will take place in June in Lille/France where the lessons learnt from the exercise and more strategic topics will be discussed.
The objective of this week’s exercise was to bring together military CERTs and observe incident management dynamics with a particular focus on information-sharing, a key factor in modern cyber defence. While European countries have come a long way in establishing mechanisms and processes to exchange information between civilian CERTs, such cooperation and communication channels are much less developed in the military domain, also due to the high sensitivity of the information. Faced with that, many stakeholders have expressed the need to extend the information sharing practices used in civilian circles also to military CERTs and their operations. The new EU Cybersecurity Strategy, released last December, highlighted that this initiative would contribute to significantly increase cooperation among Member States.
Building upon this background, the exercise goal was to experience and observe the dynamics of incident response during realistic live-fire cyber attacks and to identify gaps and opportunities for improvement. The outcome and lessons learned from the exercise - as well as the potential follow-on actions required - will be discussed during the second part of the MIC in June in Lille. This part of the MIC will take place co-hosted by the “Forum International de la Cybersécurité”, a leading Cybersecurity event in Europe.
Live cyber attacks
The operational environment created for the exercise is based on advanced Cyber Range technology, with professional attackers based in several Member States launching live cyberattacks against infrastructure defended by teams from other Member States. EDA has been active in Cyber Defence exercises for a long time and supports a multinational EU effort in the domain, the ‘Cyber Ranges Federation’ project started in 2014. The exercise also included some military-specific platforms as part of the simulation, including a drone control system and a space ground control station, to be defended from attacks.
The MIC exercise was specifically designed for military CERTs and included platforms, tools and technology specific to the military domain; the entire exercise scenario was conceived in such a way that it used military planning and strategy similar to what is used in real cyber military operations. The intent was not only to provide a realistic scenario, but also to push participants out of their comfort zone, asking them to use all tools, processes and procedures possible, even those not directly at hand in the exercise platform. This allowed for creating an unusually realistic exercise environment.
“Strengthen Europe’s resilience”
The exercise was opened on Wednesday by the Estonian Minister of Defence, Kalle Laanet, and EDA’s Deputy Chief Executive Olli Ruutu. In this opening remarks, Minister Laanet stressed the importance of European cooperation in cyber defence because Member States all face the same or similar threats. “Today we can see that at the EU level civilian CERTs have established good community and their cooperation is improved continuously. However, military CERTs, which play vital role in cyber defence, are not communicating with the same methods. This is understandable considering the more sensitive information they are dealing with. Yet, despite these limitations, it is still important to offer opportunities for extending information-sharing practices. And this live-fire exercise does exactly that”, the Minister said. He thanked EDA “without their visionary leadership this event would not have taken place”. The exercise allows to build teamwork at national levels and “will strengthen the resilience of the European societies and Europe as a whole”, the Minister said.
EDA Deputy Chief Executive Olli Ruutu recalled that the Agency has been supporting Member States’ efforts to develop their cyber defence capabilities for a number of years. Today, EDA cyber activities range from defining key priorities at EU level looking at the capability development, R&T and industrial dimensions to facilitate the development of tangible capabilities (such as the Cyber Ranges Federation platform) and the adoption of emerging and disruptive technologies such as Artificial Intelligence and 5G. EDA also runs initiatives in support of Cyber Defence training, education and exercises, he said. “We are working in close cooperation with other EU institutions and agencies, including with ENISA, CERT-EU and the European Cybercrime Centre (EC3) in the framework of our quadrilateral Cyber Memorandum of Understanding. And we are also contributing to the EU-NATO cyber dialogue and cooperation in the context of the 2016 and 2018 Joint Declaration, working at different levels with the key cyber actors within the Alliance”, Mr Ruutu stressed. Cooperation between military CERTs is a top priority in EDA’s cyber defence programme as reflected in this exercise and the follow-on conference in Lille in June, he said.