Monday

15th Apr 2024

In cyber-scenario, 'Blueland' cripples European infrastructure

  • The Pursiala biomass power plant in central Finland (Photo: Aki Mykkänen)
Listen to article

EU diplomats are rehearsing how to handle a fictional but plausible cyber-strike that targets hospitals and power plants across multiple European countries.

In the EU dry run, "Blueland" manages to infiltrate a Finnish firm that produces industrial-systems software for the healthcare and energy sectors.

Read and decide

Join EUobserver today

Get the EU news that really matters

Instant access to all articles — and 20 years of archives. 14-day free trial.

... or subscribe as a group

Finland detects Blueland's attack on 8 January — but, even so, system failures cascade to power plants and hospitals in more than 10 EU countries causing casualties.

By 21 February, EU foreign ministers are holding snap talks on sanctions against Blueland, and on whether to invoke a mutual defence clause.

That was the scenario discussed last week by EU diplomats in Brussels, according to a so-called scene-setter memo on the EU's ongoing "Cyclone" cyber exercise seen by EUobserver.

Cyclone is an EU model for joint alerts, intelligence assessments, and sanctions in the event of a cyber-attack with cross-border effects.

It was first tested last year, before Russia built up troops around Ukraine and before an actual, genuine, cyber-strike knocked out Ukrainian government websites, last month.

The EU foreign service declined to say if the exercise was making direct reference to Russia. But while this year's Blueland test was purely fictional, it was also designed to reflect the new reality of heightened Russia tensions in Europe, the EU memo indicated.

"To be realistic, the scenario is based on situations that have already occurred in real life or that we fear could occur in a near future," the EU memo said.

"This is realistic, and a good scenario to rehearse for," Mikko Hyppönen, chief research officer at Finnish cyber security firm F-Secure, told EUobserver on Monday (14 February).

In the EU exercise, Blueland is described as "an authoritarian state" in the EU neighbourhood that "positions itself as a global power aiming to strengthen its influence worldwide."

Blueland initiates the strikes to punish the EU for hosting opposition leaders who, while in exile, have encouraged citizens of Blueland to hang green ribbons in their windows in a snowballing protest movement against the Blueland authorities.

The French EU presidency organised the exercise "in view of the increasing number and severity of cyber-attacks targeting the EU and its member states," EU foreign service spokesman Peter Stano said.

But for Hyppönen, the meaning was obvious. "The most-likely attackers as described in this [Blueland] scenario are: Russia, Russia, and Russia," he said.

China, Iran, and North Korea also have high-end offensive cyber capabilities, Omer Dostri, a defence expert at The Jerusalem Institute for Strategy and Security, an Israeli think-tank, said.

But it was "clear" that the EU's Blueland was Russia, Dostri also said.

"This [EU exercise] is only one scenario of a realistic attack, but there are other threats that may materialise in the near future," said Dostri, who described how essential infrastructure was particularly at risk.

"It is possible to remotely disconnect patients from respiratory machines in hospitals. To this must be added a possible cyber-attack on water infrastructure, which will lead to disconnection of residents from water supply, or even poisoning of water," Dostri said.

Meanwhile, the EU exercise did not neglect to game-out the media and political dimensions of cyber warfare.

In the fictional scenario, a genuine US cyber security firm, Palo Alto, is the first to link the attack to Blueland and make it public.

"Referring to the Palo Alto report, the New York Times publishes an article on its front page also accusing Blueland of being responsible for the cyberattacks affecting Europe," the EU memo said.

Blueland fights back with "fake news on social media" and the fictional power outages come on amid wintry conditions and tight energy markets.

"Political groups take advantage to blame the situation on EU Green Deal policies" which are "accused of incapacitating national efforts to respond to the higher demand in energy in the European market," the EU memo said.

Hackers linked to Russia by Israel's Dostri also caused real power outages at three plants in Ukraine in 2015.

The joint EU strategy on cyber warfare is purely defensive in nature; that is in contrast to the stance taken by the United States and Israel.

"The United States develops and employs attack techniques, but is rarely caught using them. This is a question of attitude. China and Russia do not really care if their cyberattacks are noticed," Hyppönen said.

Israel broke into the computers of Russia's top internet security firm Kaspersky Lab in 2015 and remained undetected for months, he added. "It speaks volumes about the capabilities of Israeli intelligence", Hyppönen said.

"Despite its tiny size, Israel has offensive and defensive cyber capabilities at the level of a world power," Dostri said.

Feature

Nordic parliaments agree mutual defence on cyberattacks

A cyberattack against one of the Nordic parliaments will be seen as an attack on them all, MPs at the annual council of Denmark, Finland, Iceland, Norway, Sweden, the Faroe Islands, Greenland and Åland agreed this week.

EU reaches deal on flagship cybersecurity law

The European Parliament and EU member states have reached an agreement over new rules intended to protect Europe's public and private critical entities from cyberattacks.

Latest News

  1. EU puts Sudan war and famine-risk back in spotlight
  2. EU to blacklist Israeli settlers, after new sanctions on Hamas
  3. Private fears of fairtrade activist for EU election campaign
  4. Brussels venue ditches far-right conference after public pressure
  5. How German police pulled the plug on a Gaza conference
  6. EU special summit, MEPs prep work, social agenda This WEEK
  7. EU leaders condemn Iran, urge Israeli restraint
  8. UK-EU deal on Gibraltar only 'weeks away'

Stakeholders' Highlights

  1. Nordic Council of MinistersJoin the Nordic Food Systems Takeover at COP28
  2. Nordic Council of MinistersHow women and men are affected differently by climate policy
  3. Nordic Council of MinistersArtist Jessie Kleemann at Nordic pavilion during UN climate summit COP28
  4. Nordic Council of MinistersCOP28: Gathering Nordic and global experts to put food and health on the agenda
  5. Friedrich Naumann FoundationPoems of Liberty – Call for Submission “Human Rights in Inhume War”: 250€ honorary fee for selected poems
  6. World BankWorld Bank report: How to create a future where the rewards of technology benefit all levels of society?

Stakeholders' Highlights

  1. Georgia Ministry of Foreign AffairsThis autumn Europalia arts festival is all about GEORGIA!
  2. UNOPSFostering health system resilience in fragile and conflict-affected countries
  3. European Citizen's InitiativeThe European Commission launches the ‘ImagineEU’ competition for secondary school students in the EU.
  4. Nordic Council of MinistersThe Nordic Region is stepping up its efforts to reduce food waste
  5. UNOPSUNOPS begins works under EU-funded project to repair schools in Ukraine
  6. Georgia Ministry of Foreign AffairsGeorgia effectively prevents sanctions evasion against Russia – confirm EU, UK, USA

Join EUobserver

EU news that matters

Join us