The 7th edition of Cyber Europe, one of the largest cybersecurity exercises in Europe, organised by the European Union Agency for Cybersecurity (ENISA), challenged the resilience of the EU energy sector.
Cybersecurity has become a growing threat gateway for the EU critical infrastructure sectors, as the number of cyberattacks has largely increased in recent years. In 2023 alone, over 200 reported cyber incidents targeted the energy sector and more than half of them were directed specifically at Europe.
The significant role the sector holds for the European economy renders the energy industry particularly susceptible to cyber threats and attacks.
EU Commissioner for the Internal Market, Thierry Breton visited ENISA premises and the Cyber Europe Exercise room to have a glimpse of how the exercise puts the EU energy infrastructure to the test. He stated, “Cybersecurity is a common priority. In 2023 alone, more than 200 reported cyber incidents targeted the energy sector, and more than half of them were directed specifically against Europe. Cybersecurity threats in critical sectors can have an impact on the everyday life of citizens, but also on businesses and public services throughout the EU. This type of exercise is essential to test our cybersecurity resilience with all key partners if we are to protect EU citizens.”
The Network and Information Security (NIS) Investments in the EU report by ENISA found that 32 percent of operators in the energy sector do not have a single critical Operation Technology (OT) process monitored by a Security Operations Center (SOC). Operational Technology and Information Technology are covered by a single SOC for 52 percent of operators of essential services in the energy sector.
The two-day event simulated a series of large-scale cyber incidents. Working together, players honed their coordination and crisis management skills to tackle the challenges posed by the advanced scenarios and ensure business continuity in the face of a crisis.
The pan-European exercise brought together 30 national cybersecurity agencies, a number of EU agencies, bodies and networks and over 1000 experts dealing with a range of areas from incident response to decision-making. It is one of the largest cyber exercises organised in Europe and it is powered by ENISA, which celebrates its 20th anniversary in 2024.