EU and US officials simulate cyber attack response
EU and US cyber experts on Thursday (3 November) sat together and brainstormed on how they would deal with attacks aimed at extracting government secrets or taking control of nuclear plants.
The exercise - a first - was organised by the EU's cyber security agency (Enisa) and the US department of homeland security and brought together government experts from Washington, 16 EU capitals and the European Commission.
Join EUobserver today
Become an expert on Europe
Get instant access to all articles — and 20 years of archives. 14-day free trial.
Choose your plan
... or subscribe as a group
Don't miss out on
Our exclusive news stories and investigations. Influential. Investigative. Independent.
Why join?
Watch our founder Lisbeth Kirk explain the reasons in this 30-second video.
Already a member?
-
Kilometres of code. Viruses often exploit one badly written line in a programme like Microsoft Word. (Photo: *n3wjack's world in pixels)
"The involvement of the Commission, EU member states and, of course, the US, in today’s exercise shows the high level of commitment we have to ensuring that we protect our digital infrastructures for the benefit of all citizens," Enisa chief Udo Helmbrecht said in a statement.
The simulation comes after the bloc's diplomatic service lost sensitive documents in a large-scale attack in spring this year. The EU then set up computer emergency teams (Certs) for its own institutions - cyber security experts tasked with detecting, managing the damage and preventing attacks on the networks. Certs exist in most member states and in the US, where there is also a dedicated team for attacks on critical infrastructure, such as nuclear plants.
"It's funny it took the EU almost ten years to come up with something it had been pressing member states all the time," one Cert official from a member state told this website on condition of anonymity.
The exercise, while not naming which country would try to extract confidential data via cyber attacks, was carried out on the day a US intelligence report singled out China and Russia as being most active in cyber espionage against US companies.
China and Russia
The report says both private firms and cyber security experts have reported an "onslaught" of computer attacks targeting trade secrets, intellectual property and technology. Attacks from Russia are a "distant second" to those from China, but were "extensive" and "sophisticated".
This other type of attack simulated Thursday reflects a growing concern in the cyber security community that computer programmes (Scada) managing, for instance, water cleaning facilities, are not designed to fend off worms which could hijack the chemical composition and poison an entire city.
Stuxnet, the worm that damaged Iranian nuclear centrifuges and believed to be the work of the US government, has already some offsprings.
Just as the Enisa exercise was developing, a Stuxnet-inspired worm called Duqu was detected in Belgium's largest web-hosting company after having been shut down of an Indian network. Spread through a vulnerability in Microsoft's Word text editing programme, the virus contains code similar to Stuxnet, but its ultimate target is not yet known.
