Monday

4th Dec 2023

In cyber-scenario, 'Blueland' cripples European infrastructure

  • The Pursiala biomass power plant in central Finland (Photo: Aki Mykkänen)
Listen to article

EU diplomats are rehearsing how to handle a fictional but plausible cyber-strike that targets hospitals and power plants across multiple European countries.

In the EU dry run, "Blueland" manages to infiltrate a Finnish firm that produces industrial-systems software for the healthcare and energy sectors.

Read and decide

Join EUobserver today

Become an expert on Europe

Get instant access to all articles — and 20 years of archives. 14-day free trial.

... or subscribe as a group

Finland detects Blueland's attack on 8 January — but, even so, system failures cascade to power plants and hospitals in more than 10 EU countries causing casualties.

By 21 February, EU foreign ministers are holding snap talks on sanctions against Blueland, and on whether to invoke a mutual defence clause.

That was the scenario discussed last week by EU diplomats in Brussels, according to a so-called scene-setter memo on the EU's ongoing "Cyclone" cyber exercise seen by EUobserver.

Cyclone is an EU model for joint alerts, intelligence assessments, and sanctions in the event of a cyber-attack with cross-border effects.

It was first tested last year, before Russia built up troops around Ukraine and before an actual, genuine, cyber-strike knocked out Ukrainian government websites, last month.

The EU foreign service declined to say if the exercise was making direct reference to Russia. But while this year's Blueland test was purely fictional, it was also designed to reflect the new reality of heightened Russia tensions in Europe, the EU memo indicated.

"To be realistic, the scenario is based on situations that have already occurred in real life or that we fear could occur in a near future," the EU memo said.

"This is realistic, and a good scenario to rehearse for," Mikko Hyppönen, chief research officer at Finnish cyber security firm F-Secure, told EUobserver on Monday (14 February).

In the EU exercise, Blueland is described as "an authoritarian state" in the EU neighbourhood that "positions itself as a global power aiming to strengthen its influence worldwide."

Blueland initiates the strikes to punish the EU for hosting opposition leaders who, while in exile, have encouraged citizens of Blueland to hang green ribbons in their windows in a snowballing protest movement against the Blueland authorities.

The French EU presidency organised the exercise "in view of the increasing number and severity of cyber-attacks targeting the EU and its member states," EU foreign service spokesman Peter Stano said.

But for Hyppönen, the meaning was obvious. "The most-likely attackers as described in this [Blueland] scenario are: Russia, Russia, and Russia," he said.

China, Iran, and North Korea also have high-end offensive cyber capabilities, Omer Dostri, a defence expert at The Jerusalem Institute for Strategy and Security, an Israeli think-tank, said.

But it was "clear" that the EU's Blueland was Russia, Dostri also said.

"This [EU exercise] is only one scenario of a realistic attack, but there are other threats that may materialise in the near future," said Dostri, who described how essential infrastructure was particularly at risk.

"It is possible to remotely disconnect patients from respiratory machines in hospitals. To this must be added a possible cyber-attack on water infrastructure, which will lead to disconnection of residents from water supply, or even poisoning of water," Dostri said.

Meanwhile, the EU exercise did not neglect to game-out the media and political dimensions of cyber warfare.

In the fictional scenario, a genuine US cyber security firm, Palo Alto, is the first to link the attack to Blueland and make it public.

"Referring to the Palo Alto report, the New York Times publishes an article on its front page also accusing Blueland of being responsible for the cyberattacks affecting Europe," the EU memo said.

Blueland fights back with "fake news on social media" and the fictional power outages come on amid wintry conditions and tight energy markets.

"Political groups take advantage to blame the situation on EU Green Deal policies" which are "accused of incapacitating national efforts to respond to the higher demand in energy in the European market," the EU memo said.

Hackers linked to Russia by Israel's Dostri also caused real power outages at three plants in Ukraine in 2015.

The joint EU strategy on cyber warfare is purely defensive in nature; that is in contrast to the stance taken by the United States and Israel.

"The United States develops and employs attack techniques, but is rarely caught using them. This is a question of attitude. China and Russia do not really care if their cyberattacks are noticed," Hyppönen said.

Israel broke into the computers of Russia's top internet security firm Kaspersky Lab in 2015 and remained undetected for months, he added. "It speaks volumes about the capabilities of Israeli intelligence", Hyppönen said.

"Despite its tiny size, Israel has offensive and defensive cyber capabilities at the level of a world power," Dostri said.

Feature

Nordic parliaments agree mutual defence on cyberattacks

A cyberattack against one of the Nordic parliaments will be seen as an attack on them all, MPs at the annual council of Denmark, Finland, Iceland, Norway, Sweden, the Faroe Islands, Greenland and Åland agreed this week.

EU reaches deal on flagship cybersecurity law

The European Parliament and EU member states have reached an agreement over new rules intended to protect Europe's public and private critical entities from cyberattacks.

Russia loses seat on board of chemical weapons watchdog

Russia lost its seat on the board of the Organization for the Prohibition of Chemical Weapons for the first time in the organisation's history — while Ukraine, Poland, and Lithuania were elected to the executive council.

Opinion

'Loss and Damage' reparations still hang in balance at COP28

There is still work to be done — especially when it comes to guaranteeing the Global North's participation in financing Loss and Damage, and ensuring the Global South has representation and oversight on the World Bank's board.

Latest News

  1. The EU's U-turn on caged farm animals — explained
  2. EU-China summit and migration files in focus This WEEK
  3. COP28 debates climate finance amid inflated accounting 'mess'
  4. Why EU's €18m for Israel undermines peace
  5. Israel's EU ambassador: 'No clean way to do this operation'
  6. Brussels denies having no 'concern' on Spain's amnesty law
  7. Dubai's COP28 — a view from the ground
  8. Germany moves to criminalise NGO search-and-rescue missions

Stakeholders' Highlights

  1. Nordic Council of MinistersArtist Jessie Kleemann at Nordic pavilion during UN climate summit COP28
  2. Nordic Council of MinistersCOP28: Gathering Nordic and global experts to put food and health on the agenda
  3. Friedrich Naumann FoundationPoems of Liberty – Call for Submission “Human Rights in Inhume War”: 250€ honorary fee for selected poems
  4. World BankWorld Bank report: How to create a future where the rewards of technology benefit all levels of society?
  5. Georgia Ministry of Foreign AffairsThis autumn Europalia arts festival is all about GEORGIA!
  6. UNOPSFostering health system resilience in fragile and conflict-affected countries

Stakeholders' Highlights

  1. European Citizen's InitiativeThe European Commission launches the ‘ImagineEU’ competition for secondary school students in the EU.
  2. Nordic Council of MinistersThe Nordic Region is stepping up its efforts to reduce food waste
  3. UNOPSUNOPS begins works under EU-funded project to repair schools in Ukraine
  4. Georgia Ministry of Foreign AffairsGeorgia effectively prevents sanctions evasion against Russia – confirm EU, UK, USA
  5. Nordic Council of MinistersGlobal interest in the new Nordic Nutrition Recommendations – here are the speakers for the launch
  6. Nordic Council of Ministers20 June: Launch of the new Nordic Nutrition Recommendations

Join EUobserver

Support quality EU news

Join us