Simulated attack takes center stage at inaugural CyLEEx19

A simulated cross-border cyber-attack on critical infrastructure has put the European Union’s emergency response protocol to the test.

The day-long exercise, the first of its kind, was organized jointly by the European Cybercrime Centre (EC3) and the European Union Agency for Cybersecurity (ENISA) in order to further develop the response playbook nation states would act upon in the event of a major cyber-attack.

CyLEEx19, the name of the simulation, involved the participation of 20 cybercrime investigators and cybersecurity experts from across EU member states and took place at the Europol headquarters in The Hague, Netherlands, on October 31.

“The scenario was a fictional attack loosely based on a combination of criminal tactics we have seen over the past few years,” Tine Hollevoet, a spokesperson from Europol, told The Daily Swig.

“The combination of different partners allowed the protocol to be effectively tested and several learning points were identified that will be used to improve responses across sectors.”

Misuse of IT resources, unauthorized access to systems, malware infections, and distributed denial-of-service (DDoS) were some of the tactics in play as part of the attack the scenario. Those involved were then asked to respond to the threats in line with measures put forward in the EU Law Enforcement Emergency Response protocol.

“It is intended to develop the exercise regime further but at this time no specific frequency of exercises has been agreed,” Hollevoet added.

Action stations

The EU Law Enforcement Emergency Response Protocol is a multi-stakeholder tool for supporting law enforcement during cybersecurity incidents. It covers a range of disciplines from threat detection and classification to operations and analysis.

The protocol was adopted by the Council of the European Union in March, with the 2017 WannaCry and NotPetya cyber-attacks emphasized the need for coordinated and cross-border effective response when an incident occurs.

In a press release detailing the protocol, Wil van Germert, deputy executive director of operations at Europol, said: “It is of critical importance that we increase cyber preparedness in order to protect the EU and its citizens from large scale cyber-attacks.

“Law enforcement plays a vital role in the emergency response to reduce the number of victims affected and to preserve the necessary evidence to bring to justice the ones who are responsible for the attack.”

Participants of the exercise included representatives of law enforcement agencies from France, Spain, Norway, and the Netherlands, alongside members of Europol, Eurojust, and ENISA – the body responsible for cybersecurity compliance across the EU.

The outcomes of CyLEEKx19 have not been disclosed.

In this year’s Internet Organized Crime Threat Assessment (IOCTA) report, Europol praised the Emergency Response protocol as providing increased investigations into the varied cyber-attacks and incidents on energy, transport, water, and health sectors.

YOU MAY ALSO LIKE Ransomware still dominates the cyber threat landscape in 2019 – Europol report