Getronics takes part in Cyber Europe 2022, the largest cybersecurity drill

Location: Barcelona
Date: 13 June, 2022

In its sixth edition, Cyber Europe was focused on testing the response to a possible attack on the infrastructure and services of the European health system.

The Getronics' Security Operations Center team during the cybersecurity exercise
The Getronics’ Security Operations Center team during the exercise

Getronics participated on June 8 and 9 in Cyber Europe 2022, through its Security Operations Center in Barcelona (Spain). Cyber Europe is the largest cybersecurity drill held in the world and, in its sixth edition, it was focused on testing the response to a possible attack on the infrastructure and services of the European health system.

The pan-European exercise, organized by the European Union Agency for Cybersecurity (ENISA), rallied a total of 29 countries from both the European Union and the European Free Trade Association (EFTA), as well as the EU agencies and institutions, ENISA, the European Commission CERT-EU, Europol and the European Medicine Agency (EMA).

More than 800 cybersecurity experts, including the Getronics’ SOC (Security Operations Center) team in Barcelona, were in action to monitor the availability and integrity of the systems over the two days of this latest edition of Cyber Europe.

The goal of the drill

To ensure citizens’ trust in the medical services and infrastructure available to them, health services should function at all times. If health services and infrastructures in Europe were the objects of a major cyber attack, how would we respond and coordinate at both the national and EU levels to mitigate the incidents and prevent an escalation?

This is the question Cyber Europe 2022 sought to answer using a fictitious scenario. Day one featured a disinformation campaign of manipulated laboratory results and a cyber attack targeting European hospital networks. On day two, the scenario escalated into an EU-wide cyber crisis with the imminent threat of personal medical data being released and another campaign designed to discredit a medical implantable device with a claim on vulnerability.

Can we strengthen the cyber resilience of the EU healthcare?

The participants who engaged in the complex exercise were satisfied with the way the incidents were dealt with and the response to fictitious attacks.

Now, the analysis of the process and of the outcomes of the different aspects of the exercises need to be performed in order to get a realistic understanding of potential gaps or weaknesses that may require mitigation measures. Dealing with such attacks requires different levels of competencies and processes which include efficient and coordinated information exchange, sharing knowledge around specific incidents, and monitoring a situation that is about to escalate in case of a generalized attack. The role of the EU-level CSIRTs network and the standard operation processes (SOPs) of the CyCLONe group also need to be looked into.

The deeper analysis will be published in the after-action report. The findings will serve as a basis for future guidance and further enhancements to reinforce the resilience of the healthcare sector against cyber attacks in the EU.

The Getronics team

The Getronics team that participated in the drill
The Getronics team that participated in the drill

“In my opinion, it has been a complete success, from the approach focused on the health sector, to its execution. The way in which both INCIBE (National Cybersecurity Institute) and ENISA coordinated everything has been excellent, they have achieved a very real simulation. This exercise will be able to draw many conclusions, both from what was well done and from the points of improvement in this sector”.

Olmo Rayón, Cybersecurity Manager at Getronics

Getronics Security Operations Centre, a registered computer emergency response team (CERT), assists organizations in achieving their desired security posture and compliance objectives through a range of services, with a focus on Threat Lifecycle Management (TLM) and especially detection and response. All services are designed to be fully ITIL and NIST aligned.