A massive denial of service attack hit more than 300 European public and private institutions this week, including major government agencies such as the UK's spy agencies MI5 and MI6 and several banks. The interesting thing is that the assault wasn't by some hacker. It was a coordinated attempt by the agencies and businesses themselves. Welcome to the latest round of defensive planning for the next real cyber war.
The Cyber Europe 2012 exercise was run by the European Network and Information Security Agency (ENISA). The agency created a complex series of attacks creating over over 1,200 different cyber incidents. This isn't the first time that ENISA has staged cyber war games: Two years ago it conducted a similar but more limited effort that involved only government agencies. The latest involved 25 countries and four additional observers. Many of the attacks were carried out in corporate conference rooms, as this photo from ENISA shows some of the participants.
According to ENISA, Cyber Europe 2012 had three main objectives:
- Test effectiveness and scalability of existing mechanisms, procedures and information flow for public authorities’ cooperation in Europe.
- Explore the cooperation between public and private stakeholders.
- Identify gaps and challenges on how large-scale cyber incidents could be handled more effectively.
On its website, ENISA says
(the) complexity of the scenario allows for the creation of enough cyber incidents to challenge the several hundred public and private sector participants from throughout Europe, while at the same time triggering cooperation. By the end of the exercise, the participants will have had to handle more than 1000 (simulated cyber incidents).
Paul Lawrence, VP International Operations at Corero Network Security, said that the exercise's scenario combined several realistic threats into one escalating Distributed Denial of Service (DDoS) attack. "This goes to show that DDoS attacks have gone from a minor annoyance carried out by bedroom hackers, to a serious security threat that ENISA feels needs to be addressed." DDoS attacks have been escalating in the wild, as I and my colleagues here
have observed. If you've got thoughts on their growth -- or better yet, how to combat them, tell me in the comments below.