Organized by the European Union Agency for Cybersecurity (ENISA), the seventh Cyber Europe cyber exercise was held from June 19th to 20th, 2024. The exercise simulated a coordinated cyberattack on critical infrastructure, with a focus on the energy sector. The aim of the exercise was to assess the preparedness and effectiveness of the response to cyber incidents that could have far-reaching consequences for society and the economy.
CARNET's National CERT, as the national coordinator of the exercise, gathered a total of 78 cybersecurity experts from various companies and institutions (SPAN, APIS-IT, KING-ICT, HAKOM, Schneider Electric, Hrvatski Telekom, A1 Croatia) to test their readiness and handling of roles they would have in case of a real attack.
Thanks to Span and Cyber Security Center Up to 40 players gathered live in one place, while others participated online.
„We are particularly proud of the fact that we are the hosts in our Cybersecurity Center because our mission is to bring together and unite professionals to learn from and exchange knowledge and experiences with each other., said Neven Zitek, head of Span's Cyber Incident Response Department.
The exercise scenario began with a simulated attack on electric grid management and gas distribution systems. The attack resulted in power outages, causing significant disruptions to daily life and business. During the simulation, attackers used sophisticated methods to infiltrate the systems and disable key infrastructure components.
As the exercise progressed, the consequences of the attack extended to the transport and healthcare sectors, causing difficulties in the provision of health services and disruptions in the performance of transport services. This part of the exercise highlighted the impact of disruptions in the energy sector on other critical services, demonstrating how cyberattacks on one sector can have a domino effect on other systems and human lives.
During the exercise, national and European cybersecurity institutions, as well as relevant institutions from affected sectors, actively collaborated in incident response. The exercise allowed for the testing of the effectiveness of existing protocols for responding to cyberattacks, as well as the improvement of communication channels and coordination among various institutions, sectors, and member states.
The exercise demonstrated that cybersecurity is a key component of national security and that capabilities for preventing, detecting, and responding to cyber threats must be continuously improved. It was recommended to strengthen international cooperation, regularly organize similar exercises, and invest in education and raising awareness about cybersecurity at all levels of society.
„The cybersecurity community in Croatia is not large. We need to cooperate with each other, exchange knowledge and practices, and participate in events like this to increase our capacities and Croatia's ability to defend itself against cyber threats., Nataša Glavor, assistant director of CARNET for the Sector - National CERT, said.
Exercises like this represent an important step in strengthening the European Union's resilience to cyber threats, ensuring better protection of critical infrastructure and the safety of citizens.
Check out the impressions and atmosphere from the drill: https://youtu.be/oUSJG7Av8vE