Malta participated in CE2018, an international cybersecurity simulation exercise organised by the EU Cybersecurity Agency ENISA on 6 and 7 June 2018. The simulation exercise was locally coordinated by the Critical Infrastructure Protection Directorate (CIPD) within the Ministry for Home Affairs and National Security (MHAS) and its cyber monitoring arm CSIRTMalta, Malta’s National Computer Security Incident Response Team.

50 local cyber security and media professionals from 11 local organisations participated in the most mature EU Cyber Security Simulation Exercise known as ‘Cyber Europe 2018’ (CE2018) to date. The simulation exercise was locally coordinated by the CIPD within MHAS in collaboration with EU ENISA, the EU Cyber Security Agency, and the participation of other EU member states’ agencies responsible for the monitoring of the cyber space in their respective regions.

Minister for Home Affairs and National Security Michael Farrugia visited the coordinating team during the exercise and said such exercises are of utmost importance to test our capabilities in dealing with cyber and hybrid attacks on critical and other relevant infrastructure. Malta is giving great importance to critical infrastructure and on how to deal with cyber and hybrid attacks. The Critical Infrastructure Protection Directorate will be strengthened by other professional personnel.

Malta’s participation was organised in multiple crisis cells. A national coordinating crisis cell incorporating a media crisis cell assembled at the MHAS Coordinating Centre in Valletta. A group operational crisis cell gathered at the MITA Data Centre in St Venera and other organisational crisis cells operated from their normal place of work at various locations in Malta. Malta’s principal moderator and planner from CSIRTMalta within the CIPD, MHAS travelled to ENISA headquarters in Athens – Greece, to form part of the EU wide coordination and exercise planning team.

The desktop exercise focused on cyber and hybrid attacks on the aviation sector disrupting their systems’ and flights’ operations.

Exercise scenario: It is a normal day at the airport. Suddenly, the automated check-in machines display a system failure. Travel apps on smartphones stop functioning. The agents at the check-in counters encountered problems operating their computers. Travellers can neither check in their luggage nor pass through security checks. There are huge lines everywhere. All flights are shown as cancelled on the airport monitors. For unknown reasons, baggage claim has stopped working and more than half of the flights must remain on the ground.

A radical group have reportedly taken control of the airport’s critical systems by means of digital and hybrid attacks. They have already claimed responsibility for the incident and are using their propaganda channels to spread a call to action and attract more people to adopt their radical ideology.

This was the intense scenario which over 900 European cybersecurity specialists incorporating communications, local planners, moderators, monitors, observers, and players from 30 countries coming from some 300 organisations had to face during the ‘Cyber Europe 2018’ (CE2018) – the most mature EU cybersecurity exercise to date. At the local level, the exercise was customised to the Malta context.

The two-day exercise was orchestrated by ENISA at its headquarters in Athens, Greece, while participants either stayed at their usual workplace or gathered in crisis cells. ENISA controlled the exercise via its Cyber Exercise Platform (CEP) which provided a ‘virtual universe’ (integrated environment) for the simulated world, including incident material, virtual news websites, social media channels, company websites, and security blogs.

Organised by the EU cybersecurity agency ENISA in collaboration with national and other cybersecurity authorities and agencies from all over Europe, the CE2018 was intended to enable the European cybersecurity community to further strengthen their capabilities in identifying and tackling large-scale threats as well as to provide a better understanding of cross-border incident contagion.

CE2018 focused on helping organisations to exercise and test their internal operational continuity and crisis management plans including media crisis communication while also reinforcing cooperation between public and private entities.