“Cybersecurity in Europe” Workshop-Part 2
Yesterday, E-Crime Expert started a series of posts that is summarizing the “Cybersecurity in Europe” Workshop. You could read the first blog post here. The First presenter in the series was CERT (Computer Emergency Response Team).
Today E-Crime Expert offers the European Network Infrastructure Security Agency’s presentation: “Network and Infrastructure Security Threats and Prevention”.
ENISA was formed in 2004 and it is a Centre of Expertise that supports the Commission and the EU Member States in the area of information security.
They facilitate the exchange of information between EU institutions, the public sector and the private sector.
ENISA has an increased presence in the Member States.
ENISA identified the most current (to date) Attack trends as following:
1) Automation, speed of attack tools
2) Increasing sophistication in the attacks
3) Faster discovery of networks’ vulnerabilities
4) Increasing permeability of Firewalls
5) Increasing asymmetric threat
6) Increasing threat from infrastructure attacks
The Key external threats:
-social engineering 29%
-physical threats 29%
-denial of service 21%
-identity theft 18%
-business partner leakage of confidential data 18%
-wireless network breach 12%
-theft of intellectual property 11%
-hacking breach of information systems 8%
-brand hijacking 8%
-zombie networks 7%
-web application breach 7%
-web site defacement 6%
-online extortion 5%
*Note: results may not total 100 percent as respondents were allowed to select more than an answer.
The real issue:
I. Attackers have learnt how to exploit the weakness created by the new business model and are themselves becoming more efficient
-the window between the publication of vulnerability and the appearance of exploit code is continuously decreasing
II. As businesses strive for greater speed and efficiency, it becomes more difficult to maintain an effective system of internal controls.
III. The solution to the problem lies in how people react, not technology.
– to support the exchange of experience and good practice between Member States
– by brokering relationships between Member States, to leverage the expertise in the market
– to increase its ability to respond quickly in this area by deploying highly mobile teams to assist the Member States where the issues occur
– protecting Europe from large scale cyber-attacks and disruptions: enhancing preparedness, security and resilience
– proactively support Member State in achieving the objectives of the Critical Information Infrastructure Protection (CIIP). You can see these objectives here.
First Pan European Exercise:
– test carried out on November 4, 2010
– table top exercise
– addressed incidents affecting all Member States
– tested just the communication aspects
– involvement of public authorities/bodies only
– concentrated on members of the CIIP community
The objective of this exercise was to test the contact points in Member States, the communication channels, the type of data exchanged over these channels and the understanding that Member States have of the role and mandate of their counterparts in other Member States.
Participation to the exercise:
– all EU Member States and 3 EFTA countries (Switzerland, Norway, Iceland)
– among the participants were: ministries, National Regulatory Agencies, CIIP and Information Security related Organizations (70 organizations and 150 experts)
– the role of ENISA was to help Member States to prepare-facilitation and project management
– future exercises should involve the private sector
– lesson-learned should be shared with other national or international exercises
– Member States should be well-organized internally by developing national contingency plans
– A roadmap for pan-European exercises and preparedness
– should be created (including the definition of Standard Procedures).
In autumn of 2011, the first joint EU-US Exercise will be held, aiming to be a table top, centralized, discussion based exercise. It will have an exploratory nature and its planning team has experts from 15 countries.
For more info regarding ENISA visit here:
Any questions can be submitted to: firstname.lastname@example.org
Additional information can be found at: www.e-crimeexppert.com
How do you feel about the current cyber-threats trends? Have you ever heard/encountered a cyber-threat? Do you know anything about these threats? What do you think about ENISA?
Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog. The following posts will be part of the Cybersecurity in Europe Workshop series summarized by E-Crime Expert.