By Manos Christofis (Focal Point)
Almost all of the European countries are deeply reliant on Information Systems in cyberspace. It is the very backbone of modern society. However, the technologies that enrich our professional and personal lives also empower those who would disrupt or destroy our way of life.
The increasing interdependence among organizations and individuals using cyber networks creates new vulnerabilities and opportunities for cyber-attack.
Critical information infrastructures support vital services and goods such as energy, transport, telecommunications, financial services, etc., that are so essential that their unavailability may adversely affect the well-being of a nation. Due to their significant importance, the protection of critical information infrastructures is required to sustain and further enhance the well-being of the European society, the European Union economy, and the European citizens. Additional to the protection from traditional threats the policy makers must direct their thoughts to Cyber Security and the ways to protect against Cyber Attacks, the new asymmetric factor.
Major Banks, energy companies, defense contractors have been victims of Cyber Attacks and opportunists who steal identities, financial data, intellectual capital, government secrets, and other valuable information over a period of months and even years before discovery.
The majority of organizations consider cybersecurity as primarily a technology challenge. While technology is important, robust cybersecurity cannot be implemented without involving cyber policies, procedures, information security management, people and operations, in addition to technology.
Cyber exercises are an important tool to assess the preparedness of an organization against cyber crises, validate procedures, test contingency plans and raise cyber security awareness amongst staffs.
There are different types of exercises referring to different target audience each time. There are exercises focusing on the technical aspect of the cyber defence and others on the procedural, others focusing on decision makers and others on the IT staff.
In all cases the Modelling and Simulation with Computer Aided Exercises (CAX) can be used in support of the Cyber Defence development effort. Through the process of CAX we are undoubtedly optimizing current staff procedures and decision making processes in synchronization with all other stakeholders in the area of responsibility.