Wednesday

25th May 2022

In cyber-scenario, 'Blueland' cripples European infrastructure

  • The Pursiala biomass power plant in central Finland (Photo: Aki Mykkänen)
Listen to article

EU diplomats are rehearsing how to handle a fictional but plausible cyber-strike that targets hospitals and power plants across multiple European countries.

In the EU dry run, "Blueland" manages to infiltrate a Finnish firm that produces industrial-systems software for the healthcare and energy sectors.

Read and decide

Join EUobserver today

Become an expert on Europe

Get instant access to all articles — and 20 years of archives. 14-day free trial.

... or subscribe as a group

Finland detects Blueland's attack on 8 January — but, even so, system failures cascade to power plants and hospitals in more than 10 EU countries causing casualties.

By 21 February, EU foreign ministers are holding snap talks on sanctions against Blueland, and on whether to invoke a mutual defence clause.

That was the scenario discussed last week by EU diplomats in Brussels, according to a so-called scene-setter memo on the EU's ongoing "Cyclone" cyber exercise seen by EUobserver.

Cyclone is an EU model for joint alerts, intelligence assessments, and sanctions in the event of a cyber-attack with cross-border effects.

It was first tested last year, before Russia built up troops around Ukraine and before an actual, genuine, cyber-strike knocked out Ukrainian government websites, last month.

The EU foreign service declined to say if the exercise was making direct reference to Russia. But while this year's Blueland test was purely fictional, it was also designed to reflect the new reality of heightened Russia tensions in Europe, the EU memo indicated.

"To be realistic, the scenario is based on situations that have already occurred in real life or that we fear could occur in a near future," the EU memo said.

"This is realistic, and a good scenario to rehearse for," Mikko Hyppönen, chief research officer at Finnish cyber security firm F-Secure, told EUobserver on Monday (14 February).

In the EU exercise, Blueland is described as "an authoritarian state" in the EU neighbourhood that "positions itself as a global power aiming to strengthen its influence worldwide."

Blueland initiates the strikes to punish the EU for hosting opposition leaders who, while in exile, have encouraged citizens of Blueland to hang green ribbons in their windows in a snowballing protest movement against the Blueland authorities.

The French EU presidency organised the exercise "in view of the increasing number and severity of cyber-attacks targeting the EU and its member states," EU foreign service spokesman Peter Stano said.

But for Hyppönen, the meaning was obvious. "The most-likely attackers as described in this [Blueland] scenario are: Russia, Russia, and Russia," he said.

China, Iran, and North Korea also have high-end offensive cyber capabilities, Omer Dostri, a defence expert at The Jerusalem Institute for Strategy and Security, an Israeli think-tank, said.

But it was "clear" that the EU's Blueland was Russia, Dostri also said.

"This [EU exercise] is only one scenario of a realistic attack, but there are other threats that may materialise in the near future," said Dostri, who described how essential infrastructure was particularly at risk.

"It is possible to remotely disconnect patients from respiratory machines in hospitals. To this must be added a possible cyber-attack on water infrastructure, which will lead to disconnection of residents from water supply, or even poisoning of water," Dostri said.

Meanwhile, the EU exercise did not neglect to game-out the media and political dimensions of cyber warfare.

In the fictional scenario, a genuine US cyber security firm, Palo Alto, is the first to link the attack to Blueland and make it public.

"Referring to the Palo Alto report, the New York Times publishes an article on its front page also accusing Blueland of being responsible for the cyberattacks affecting Europe," the EU memo said.

Blueland fights back with "fake news on social media" and the fictional power outages come on amid wintry conditions and tight energy markets.

"Political groups take advantage to blame the situation on EU Green Deal policies" which are "accused of incapacitating national efforts to respond to the higher demand in energy in the European market," the EU memo said.

Hackers linked to Russia by Israel's Dostri also caused real power outages at three plants in Ukraine in 2015.

The joint EU strategy on cyber warfare is purely defensive in nature; that is in contrast to the stance taken by the United States and Israel.

"The United States develops and employs attack techniques, but is rarely caught using them. This is a question of attitude. China and Russia do not really care if their cyberattacks are noticed," Hyppönen said.

Israel broke into the computers of Russia's top internet security firm Kaspersky Lab in 2015 and remained undetected for months, he added. "It speaks volumes about the capabilities of Israeli intelligence", Hyppönen said.

"Despite its tiny size, Israel has offensive and defensive cyber capabilities at the level of a world power," Dostri said.

Feature

Nordic parliaments agree mutual defence on cyberattacks

A cyberattack against one of the Nordic parliaments will be seen as an attack on them all, MPs at the annual council of Denmark, Finland, Iceland, Norway, Sweden, the Faroe Islands, Greenland and Åland agreed this week.

EU reaches deal on flagship cybersecurity law

The European Parliament and EU member states have reached an agreement over new rules intended to protect Europe's public and private critical entities from cyberattacks.

France aims for EU minimum-tax deal in June

EU Commission vice-president Valdis Dombrovskis said on Tuesday that Poland's recovery plan could be approved within a week. This could also help unblock Warsaw's reluctance to agree to the tax deal.

Opinion

When Reagan met Gorbachev — a history lesson for Putin

Neither Reagan nor Gorbachev achieved their goal at the famous Reykjavik summit of 1986. Despite that fact there are lessons that current leaders — particularly Vladimir Putin — could adopt from these two iconic leaders.

Opinion

Orbán's overtures to Moscow are distasteful and detrimental

Some Western European politicians are reviving the chimera of a negotiated settlement. None of this makes the current, half-hearted approach towards sanctioning Russia look better — nor does it shed any favourable light on the cravenness of Hungary's current government.

News in Brief

  1. Johnson refuses to resign after Downing Street parties report
  2. EU border police has over 2,000 agents deployed
  3. Dutch tax authorities to admit to institutional racism
  4. Rutte calls for EU pension and labour reforms
  5. France 'convinced' Ukraine will join EU
  6. Von der Leyen: Russia hoarding food as 'blackmail'
  7. Legal action launched against KLM over 'greenwashing'
  8. Orbán refuses to discuss Russia oil embargo at EU summit

Stakeholders' Highlights

  1. Nordic Council of MinistersNordic delegation visits Nordic Bridges in Canada
  2. Nordic Council of MinistersClear to proceed - green shipping corridors in the Nordic Region
  3. Nordic Council of MinistersNordic ministers agree on international climate commitments
  4. UNESDA - SOFT DRINKS EUROPEEfficient waste collection schemes, closed-loop recycling and access to recycled content are crucial to transition to a circular economy in Europe
  5. UiPathNo digital future for the EU without Intelligent Automation? Online briefing Link

Latest News

  1. Orbán's new state of emergency under fire
  2. EU parliament prevaricates on barring Russian lobbyists
  3. Ukraine lawyer enlists EU watchdog against Russian oil
  4. Right of Reply: Hungarian government
  5. When Reagan met Gorbachev — a history lesson for Putin
  6. Orbán oil veto to deface EU summit on Ukraine
  7. France aims for EU minimum-tax deal in June
  8. 'No progress in years' in Libya, says UN migration body

Join EUobserver

Support quality EU news

Join us