Health sector was under computer attack for two days in Portugal. Exercise can lessons for the future – Computers
At C-Days 2022 there were phishing attacks, denial of service, fake news and other threats that are part of everyday life for organizations, but it was all fake. O National Cybersecurity Exercise (ExNCS) is like cybersecurity war gameseverything takes place in a simulated universe that is reacting with stages, where and an interaction platform has the “players” to show themselves the height of the presented challenges, defending themselves from cyberattacks.
This year the National Cybersecurity (ExNCS) took place simultaneously with a C-Days 2222 conference and for two days the resilience of the Health sector was an exercise in Portugal, but also at European level.
João Alves, from the management, management and supervision department of CNCSit was explained to SAPO TEK that the entire scenario had already been prepared for four years, with the coordination of ENISA for the European exercise, and that all European countries were “playing” simultaneously with the involvement of entities in the European area health.
“The sector already had it before the pandemic as relevant for a test”, explained João Alves, detailing that he was identified but that Cyber Europe usually did not take place in two years that it did not take place in 2020 because of the pandemic.
The cybersecurity test scenario is extended and covers various types of challenges to participating entities. “It involves everything you can imagine of possible attacks on health systems, from contracts to medical device systems, service chain, hospital social engineering (such as pressing a button on a machine and this causes the information to be encrypted), an exercise also in denial of service resources that applies to Portugal hotlines”, explains the coordinator of the Portugal service.
Therefore, this year it participated in the main Portuguese hospitals, private and private, and the CNCS also took the decision to create its national zone, from the European environment, specific incidents within the areas where health has a strong dependence, such as public and energy , also bringing to the exercise of regulators and public entities that are related to the sector. “It is an extended ecosystem that is being tested.”
The room where the exercises were held during the two days of reserved access but SAPO TEK was invited just to observe. If there were information events, with moments of greater relevance to be from a set of eye to eye, more than half a hundred people and environment in a particular way of information, with moments of greater relevance and not of gathering information between occupants of the same table, or from neighboring tables that we were able to observe during the controlled visit.
See the images of the exercise promoted by CNCS
Joao Alves explains that there are 45 entities participating in Portugal and that all of them had at least one member in the roomand in the “back office” they could have five more elements to provide support, and ten, some approached having 30 elements from a distance.
“The exercise is at an operational level with the technicians who are analyzing the code, but also at a strategic level, with requests from the press that have the recommendations to respond, the decisions […] It is a tested technical component but also the decision process”, detailed to SAPO TEK when the exercise was still in progress.
The idea is that the entities that can participate Failures to change procedures and implement new, more efficient processes, but also to identify that create networks within the ecosystem.
Despite the objective of CNCS, and ENISA, not being evaluated, but only the response of each entity in a global way, João A reminds that each entity can create assessment mechanisms based on the exercise and after lessons to improve its response.
“The success that the entities that exercise is affirmed, admitting however that It is important that not everything runs smoothly.
“If everything goes well, the exercise is poorly done, because if it was supposed to go well, then we wouldn’t need to be testing […] There is a lot of time and money invested in resources here”, explains João Alves.
Just because of the possibility of collaboration, there are already advantages in the two days of exercises performed. “Starting tomorrow, who is the one who feeds the hospital, who will deal with a particular problem or incident. And if you have a contact that you can enter in other cases, because you know each other with the coordinators of the exercise.
ONE global analysis of the results will only be done laterin a long process of evaluating information from the national exercise and the exercise in Europe, the objective is to understand the level of preparation and the European response capacity to cyberattack, also promoting the sharing of experiences within the Union.