Monday

28th Nov 2022

In cyber-scenario, 'Blueland' cripples European infrastructure

  • The Pursiala biomass power plant in central Finland (Photo: Aki Mykkänen)
Listen to article

EU diplomats are rehearsing how to handle a fictional but plausible cyber-strike that targets hospitals and power plants across multiple European countries.

In the EU dry run, "Blueland" manages to infiltrate a Finnish firm that produces industrial-systems software for the healthcare and energy sectors.

Read and decide

Join EUobserver today

Become an expert on Europe

Get instant access to all articles — and 20 years of archives. 14-day free trial.

... or subscribe as a group

Finland detects Blueland's attack on 8 January — but, even so, system failures cascade to power plants and hospitals in more than 10 EU countries causing casualties.

By 21 February, EU foreign ministers are holding snap talks on sanctions against Blueland, and on whether to invoke a mutual defence clause.

That was the scenario discussed last week by EU diplomats in Brussels, according to a so-called scene-setter memo on the EU's ongoing "Cyclone" cyber exercise seen by EUobserver.

Cyclone is an EU model for joint alerts, intelligence assessments, and sanctions in the event of a cyber-attack with cross-border effects.

It was first tested last year, before Russia built up troops around Ukraine and before an actual, genuine, cyber-strike knocked out Ukrainian government websites, last month.

The EU foreign service declined to say if the exercise was making direct reference to Russia. But while this year's Blueland test was purely fictional, it was also designed to reflect the new reality of heightened Russia tensions in Europe, the EU memo indicated.

"To be realistic, the scenario is based on situations that have already occurred in real life or that we fear could occur in a near future," the EU memo said.

"This is realistic, and a good scenario to rehearse for," Mikko Hyppönen, chief research officer at Finnish cyber security firm F-Secure, told EUobserver on Monday (14 February).

In the EU exercise, Blueland is described as "an authoritarian state" in the EU neighbourhood that "positions itself as a global power aiming to strengthen its influence worldwide."

Blueland initiates the strikes to punish the EU for hosting opposition leaders who, while in exile, have encouraged citizens of Blueland to hang green ribbons in their windows in a snowballing protest movement against the Blueland authorities.

The French EU presidency organised the exercise "in view of the increasing number and severity of cyber-attacks targeting the EU and its member states," EU foreign service spokesman Peter Stano said.

But for Hyppönen, the meaning was obvious. "The most-likely attackers as described in this [Blueland] scenario are: Russia, Russia, and Russia," he said.

China, Iran, and North Korea also have high-end offensive cyber capabilities, Omer Dostri, a defence expert at The Jerusalem Institute for Strategy and Security, an Israeli think-tank, said.

But it was "clear" that the EU's Blueland was Russia, Dostri also said.

"This [EU exercise] is only one scenario of a realistic attack, but there are other threats that may materialise in the near future," said Dostri, who described how essential infrastructure was particularly at risk.

"It is possible to remotely disconnect patients from respiratory machines in hospitals. To this must be added a possible cyber-attack on water infrastructure, which will lead to disconnection of residents from water supply, or even poisoning of water," Dostri said.

Meanwhile, the EU exercise did not neglect to game-out the media and political dimensions of cyber warfare.

In the fictional scenario, a genuine US cyber security firm, Palo Alto, is the first to link the attack to Blueland and make it public.

"Referring to the Palo Alto report, the New York Times publishes an article on its front page also accusing Blueland of being responsible for the cyberattacks affecting Europe," the EU memo said.

Blueland fights back with "fake news on social media" and the fictional power outages come on amid wintry conditions and tight energy markets.

"Political groups take advantage to blame the situation on EU Green Deal policies" which are "accused of incapacitating national efforts to respond to the higher demand in energy in the European market," the EU memo said.

Hackers linked to Russia by Israel's Dostri also caused real power outages at three plants in Ukraine in 2015.

The joint EU strategy on cyber warfare is purely defensive in nature; that is in contrast to the stance taken by the United States and Israel.

"The United States develops and employs attack techniques, but is rarely caught using them. This is a question of attitude. China and Russia do not really care if their cyberattacks are noticed," Hyppönen said.

Israel broke into the computers of Russia's top internet security firm Kaspersky Lab in 2015 and remained undetected for months, he added. "It speaks volumes about the capabilities of Israeli intelligence", Hyppönen said.

"Despite its tiny size, Israel has offensive and defensive cyber capabilities at the level of a world power," Dostri said.

Feature

Nordic parliaments agree mutual defence on cyberattacks

A cyberattack against one of the Nordic parliaments will be seen as an attack on them all, MPs at the annual council of Denmark, Finland, Iceland, Norway, Sweden, the Faroe Islands, Greenland and Åland agreed this week.

EU reaches deal on flagship cybersecurity law

The European Parliament and EU member states have reached an agreement over new rules intended to protect Europe's public and private critical entities from cyberattacks.

News in Brief

  1. 'Pro-Kremlin group' in EU Parliament cyberattack
  2. Ukraine will decide on any peace talks, Borrell says
  3. Germany blocks sale of chip factory to Chinese subsidiary
  4. Strikes and protests over cost-of-living grip Greece, Belgium
  5. Liberal MEPs want Musk quizzed in parliament
  6. Bulgarian policeman shot dead at Turkish border
  7. 89 people allowed to disembark in Italy, aid group says
  8. UN chief tells world: Cooperate on climate or perish

Stakeholders' Highlights

  1. Nordic Council of MinistersCOP27: Food systems transformation for climate action
  2. Nordic Council of MinistersThe Nordic Region and the African Union urge the COP27 to talk about gender equality
  3. International Sustainable Finance CentreJoin CEE Sustainable Finance Summit, 15 – 19 May 2023, high-level event for finance & business
  4. Friedrich Naumann Foundation European DialogueGender x Geopolitics: Shaping an Inclusive Foreign Security Policy for Europe
  5. Obama FoundationThe Obama Foundation Opens Applications for its Leaders Program in Europe
  6. EFBWW – EFBH – FETBBA lot more needs to be done to better protect construction workers from asbestos

Latest News

  1. A missed opportunity in Kazakhstan
  2. EU's Hungary funds, China, energy, and Frontex This WEEK
  3. Sweden says 'no' to EU asylum relocation pledges
  4. The 'proof' problem with EU sanctions — and how to fix it
  5. The EU gas cap: will the bottle ever be 'uncorked'?
  6. Enough talk, only rights can eliminate patriarchal violence
  7. Swedish EU presidency: 'Ukraine, Ukraine, Ukraine'
  8. EU Commission to keep Hungary's EU funds in limbo

Stakeholders' Highlights

  1. European Committee of the RegionsRe-Watch EURegions Week 2022
  2. UNESDA - Soft Drinks EuropeCall for EU action – SMEs in the beverage industry call for fairer access to recycled material
  3. Nordic Council of MinistersNordic prime ministers: “We will deepen co-operation on defence”
  4. EFBWW – EFBH – FETBBConstruction workers can check wages and working conditions in 36 countries
  5. Nordic Council of MinistersNordic and Canadian ministers join forces to combat harmful content online
  6. European Centre for Press and Media FreedomEuropean Anti-SLAPP Conference 2022

Join EUobserver

Support quality EU news

Join us