Towards the end of last week it was widely reported that Europe had “tested” itself against the threat of a cyber attack by unknown entities. By all accounts it appeared to go well. Though the cynic would say “why would anyone say otherwise”. However this differs from the relatively recent report in 2009 of a less than adequate response to a previous simulated cyber attack which was spurred on by attacks on other sovereign states and a growing awareness of the vulnerability of society and the impact on economic prosperity and global politics of cyber orientated threats.
First let me make it very clear that I fully support the work of national and EU stakeholders responsible for understanding and managing cyber risk. Activities like these recent simulations need to, sadly, happen. However from a practical point of you I have several observations which I’m going to spread over this and a couple more blog posts.
Variety is the spice of life
This applies to so much in life including practising defending against cyber attacks.
The reports suggest that the simulated cyber attack which the EU member states defended against was
a DDOS (Distributed Denial of Service) attack. This is the same technique, I blogged about, used against Burma (Myanmar) during its general election recently. However this is one of potentially many techniques that could be used. As techniques go DDOS would be classified as the preverbal “hammer to crack a nut”. It is also as blunt as a spoon and as obvious as an elephant in a small room.
A better picture of the EU’s preparedness for a cyber attack would take into consideration much more than its ability to handle distributing / routing web traffic generated through a DDoS attack. “Yes” it is helpful, but “No” it falls short in the overall scheme of things because just like in real warfare no single attack wins an overall war.
How can the EU and member states prepare for the following cyber scenarios?
In my next blog I’ll identify briefly what other scenarios the EU and member states may want to consider. Register on my blog to know when I’ll be updating my blog next.