EU and US team up for a joint cyber security exercise

THE EUROPEAN UNION and the United States are hosting the first ever joint cyber security exercise today, simulating a series of cyber attacks and the regions' responses to them.

The joint effort, dubbed Cyber Atlantic 2011, is a collaboration between the EU's Network and Information Security Agency (ENISA) and the US Department of Homeland Security.

The first scenario in the exercise is an attack designed to pilfer and publish online secret data from the cyber security agencies of a number of EU member states. The second scenario simulates the disruption caused to supervisory control and data acquisition (SCADA) systems in power generation infrastructures, an area that governments are becoming increasingly worried about after the Stuxnet virus caused significant damage to Iran's nuclear fuel processing plant.

The exercise involves 20 EU member states, with 16 of them actively participating, in addition to the European Commission and the United States. The emphasis is on seeing how well all of the countries respond and how they can improve co-operation in the face of digital adversity.

Cyber Atlantic 2011 is the natural extension of a pan-European operation held last year, which was designed to stress test Europe's defences and responses to cyber attack. Now Europe is working closely with the US as part of a cyber security commitment agreed in an EU-US summit in Lisbon last November.

"It is an honour for ENISA to be facilitating this extremely important milestone in international cyber security cooperation," said Professor Udo Helmbrecht, executive director of ENISA. "European Vice-President, Neelie Kroes, has spoken of the importance of information communications technology for today's citizens and for the economy. The involvement of the Commission, EU Member States and, of course, the US, in today's exercise shows the high level of commitment we have to ensuring that we protect our digital infrastructures for the benefit of all citizens."

The INQUIRER spoke with Carole Theriault, senior security consultant at Sophos, about the significance of this joint effort.

"Attacks on critical infrastructure is a growing concern for many nations. With increase dependency comes greater security concerns - and anything that gets people thinking about proactive and a reactive approaches is a good thing in my book.

"I do think drills and simulations, if well planned and thought out, can drive home the message that it is really time to pay attention, put their thinking caps on and work collaboratively.

"Malware does not respect national boundaries, so why should countries stay at a disadvantage by working on strategies in a isolation fashion? It just doesn't work."

Theriault also pointed out that the ENISA is using a new buzzword called APT, or advanced persistent threat, which really means malware like keyloggers and trojans. APT sounds far more impressive, particularly if the ENISA needs to convince the EU to provide it with more funding, but what this shows is that countries are facing the same kinds of threats that individual computer users are facing, albeit on a much larger scale and with the possibility of more significant damage being caused.

The results of today's exercise will be used to plan further joint EU-US operations in the future and may affect policies drawn up in both regions to tackle the growing threat of cyber warfare. µ