To ensure citizens’ trust in the medical services and infrastructure available to them, health services must function at all times. If there were to be a serious cyber attack on health services and infrastructure in Europe, how would we react to that and coordinate the response at national and EU level to limit incidents and prevent escalation?
This is exactly the question that was tried to be answered in the Cyber Europe 2022 exercise based on a fictional scenario. On the first day, there was a disinformation campaign with manipulated laboratory results and a cyber attack aimed at European hospital networks. The second day, according to the scenario, there was an escalation of the cyber crisis across the EU with the direct threat of the release of personal medical data and another campaign aimed at discrediting the implantable medical device with a claim of vulnerability.
The Executive Director of the EU Cyber Security Agency, Juhan Lepassaar, said: “The complexity of our challenges is commensurate with the complexity of our connected world. I therefore firmly believe that we need to gather all the intelligence we have in the EU to share our expertise and knowledge. Strengthening our cyber resilience is the only way forward if we want to protect our health services and infrastructure and ultimately the health of all EU citizens. ”
The pan-European exercise organized by ENISA covered a total of 29 countries of the European Union and the European Free Trade Association (EFTA), as well as EU agencies and institutions, ENISA, the European Commission CERT-EU, Europol and the European Medicines Agency (EMA). More than 800 cybersecurity experts monitored the availability and integrity of the system during the two days of the latest Cyber Europe exercise.
Participants in this complex exercise were satisfied with the way incidents were resolved and the responses to fictitious attacks. It is now necessary to conduct an analysis of the procedure and outcomes of the various aspects of the exercise to realistically identify possible shortcomings or weaknesses for which adequate measures may be needed. Addressing such attacks requires different levels of competencies and procedures that include effective and coordinated exchange of information, exchange of knowledge on specific incidents and a way of monitoring a situation that could easily escalate in the event of a general attack. The role of the EU-level team in the CyCLONe Computer Security Incident Response Team and standard operating procedures needs to be considered.
A more detailed analysis will be published in the follow-up report. The results will form the basis for future guidance and further improvements to strengthen the health sector’s resilience to cyber attacks in the EU.
The Cyber Europe exercises are simulations of large-scale cyber incidents escalating into cyber crises across the EU. The exercises offer opportunities to analyze advanced cyber security incidents and to address complex business continuity and crisis management situations.
ENISA has already organized five pan-European exercises in the field of cyber security in 2010, 2012, 2014, 2016 and 2018. They are usually held every two years, but in 2020 they were canceled due to the COVID-19 pandemic.
International cooperation among all participants is an integral part of the exercise in which most European countries participate. The exercise is an experience of flexible learning: from one analyst to the whole organization, with the possibility of participation or non-participation in individual activities, where participants can adapt the exercise to their needs.