The National Cyber Security Centre (NCSC), the Health Service Executive (HSE) and a number of hospitals and pharmaceutical providers have participated in a large-scale European cyber exercise. Cyber Europe 2022, organised by the European Cyber Security Agency (ENISA), saw participation from 29 countries and over 800 cyber security experts. The exercise tested participants’ response to a simulated major cyber-attack on health services and infrastructures in Europe.
Taking place over two days the exercise assessed participants’ ability to respond to disinformation campaigns and cyber-attacks targeting European hospital networks. The exercise involved a simulated scenario whereby a cyber-attack escalated into an EU-wide cyber crisis, with the threat of personal medical data being released.
Commenting on the Cyber Exercise, the NCSC’s Head of Engagement, Joseph Stephens, said:
“The scenario developed by ENISA was realistic, but also complex and challenging. Having dealt with a real-life cyber incident affecting the health sector – during the HSE ransomware attack in 2021 – the NCSC was well placed to deploy a lot of the lessons learned. The scenario, which involved serious attacks across the entire EU, also allowed us to exercise and coordinate with our partners through EU Cyber Crisis Networks, leaving us better prepared to collaborate during any real-life situations.”
A detailed analysis will now take place, following the exercise, to identify any gaps or scope for further capacity-building. The After Action Report findings will serve as a basis for future guidance and further enhancements – to reinforce the resilience of the healthcare sector against cyber-attacks in the EU.
The Irish organisations that participated in this ‘Cyber Europe’ exercise were the: National Cyber Security Centre (NCSC); Department of Health; Health Service Executive (HSE); Mater Misericordiae University Hospital; St James’s Hospital; National Ambulance Service; Irish Blood Transfusion Service (IBTS); St Vincent's Healthcare Group; and Marken.
CAPTIONS FOR IMAGES/PHOTOGRAPHS
[Image #1.jpg] Head of Engagement at the National Cyber Security Centre (NCSC) Joseph Stephens pictured during the large-scale European cyber exercise.
[Image #2.png] A screenshot showing the extent of the impact of the simulated exercise, whereby a cyber-attack could escalate into an EU-wide cyber crisis.
NOTES TO THE EDITOR
‘Cyber Europe’ exercises
‘Cyber Europe’ exercises are simulations of large-scale cyber-security incidents that escalate to EU-wide cyber crises. The exercises offer opportunities to analyse advanced cyber-security incidents, and to deal with complex business continuity and crisis management situations.
National Cyber Security Centre (NCSC)
The National Cyber Security Centre (NCSC) was founded in 2011 and is an operational cyber security unit of the Department of the Environment, Climate and Communications. The NCSC is responsible for advising and informing Government, Critical National Infrastructure providers, business and the general public of current threats and vulnerabilities associated with network information security.
The main roles of the NCSC are to lead in the management of major cyber security incidents across government, provide guidance and advice to citizens and businesses on major cyber security incidents, and develop strong international relationships in the global cyber security community for the purposes of information sharing.
In July 2021 the Government agreed to a significant expansion of the NCSC and the unit is on track to double in size by the end of this year.