In the face of a growing threat from cyber crime, and the perceived weakness of Europe’s response to it, the European Union is organising the first continent-wide exercise to test member nations’ defences against a hypothetical attack on the internet affecting all the participating countries.

The exercise, to be coordinated by the European Network and Information Security Agency (ENISA) in November, is part of a wider drive under the EU’s Digital Agenda to counter the increasing scale and sophistication of cyber crime. This has graduated from the disruptive efforts of lone hackers to range from identity theft and financial scams by organised crime gangs to state espionage and denial of service attacks that can cripple essential infrastructure.

With cyber crime estimated to cost billions of euro, the Commission is concerned that fear of falling victim is holding back Europeans from fully embracing the digital economy and hindering efforts to harness technological developments to boost the recovery.

“Europeans will not engage in ever more sophisticated online activities unless they feel that they, and their children, can fully rely upon their networks,” the Commission declared. “It is essential to address the rise of cyber crime.”

According to delegates at a cyber security conference in Brussels this spring, the new initiatives are overdue. “Europe as a whole has yet to arrive at a policy or to implement that policy in a coherent fashion,” Stewart Baker, a senior homeland security official under the Bush administration, told the Security and Defence Agenda conference.

Among the initiatives included under the Digital Agenda is creation of a European rapid response system to react to cyber attacks. That should include a network of national Computer Emergency Response Teams (CERTS) which act as rapid-response ‘fire brigades’ to fight off attacks on information infrastructure.

Officials at ENISA headquarters in Heraklion, Greece, point to significant progress in the development of such units. Almost all member states now have operational CERTS, compared with just eight in 2005 and 14 in 2008. The EU is currently looking at developing CERTS to protect its own institutions.

The exercise in November will test the abilities of cyber defence teams in the 21 participating EU and EFTA nations to work together when faced with a common threat.

The organisers hope this could become the first of regular pan-European exercises and ENISA officials have also talked about the possibility of running joint exercises with the US or NATO.

Already this year, the EU has set up a Cybercrime Task Force within Europol to improve cross-border cooperation in investigations and prosecutions. Europol is also hosting a European Cyber Crime Training and Education Group.

EU member states, meeting at the General Affairs Council in April, tasked the Commission with drafting a feasibility study on the creation of a permanent cyber crime centre that would establish links with victims’ organisations and the private sector.