The ENISA is the CERT Coordination Centre in Europe and the European counterpart for the American CERT/CC.
The ENISA coordinated an exercise on the 4th of November 2010 with 22 participating member states and 8 international observer organisations.
The exercise simulated a coordinated and concentrated attack on the European information infrastructure, referred to as CIIP (Critical Information Infrastructure Protection). The attack simulated the gradual and rapidly removal of several key hosts and links.
The report concludes some major issues to be dealt with in regards to the cyber security. The report states that the participants did not know, who or how to contact in the other CERT agencies 55% of the time, in regards to various development during the exercise, and it might be worse in a real situation. The CERT agencies do not handle incidents reports the same way, so it became a problem to exchange the information rapidly. The realism lacked because only government CERT agencies participated and there was a need to include the CERT organisations of ISP’s, network operators, and large enterprises. Only a few of the largest vendors CERT teams was involved as observers.
The recommendations of the report, is to have a pan-european directory ready, to implement a event ticket handling system that uses the same format for incident reports. The report also recommends including the CERT groups of infrastructure providers, large enterprises and the vendors in the next exercise this fall.
It is my opinion that network defences of the European nations and of the EU is actually quite good, however I thinks it raises some concern the lack of coordination and cooperation of the various agencies. It could be interpreted as struggle between EU agencies over who gets to be the head EU coordinator, and thereby who gets the funding from the EU parliament.