/Old Allies Take Traditional Steps into Cyber-Unknown

Old Allies Take Traditional Steps into Cyber-Unknown


On 3 November, the EU-US conducted 'readiness' tests against cyber-attacks.

Brussels Dec. 4–It’s hard but humorous to imagine world leaders getting together to play computer games.  Yet that’s what EU and US leaders were doing in early November, when they decided to simulate their cyber-defense capabilities and test their skills.  Unfortunately, neither side saw it necessary to use computers when training for a possible cyber-world-war.  Instead they approached the issue “more strategically,” using paper work, discussions, and other traditional means that leaders could at least understand.

“It was actually a ‘table-top’ exercise, not really a fully-fledge simulation,” said Allesandra Falcinelli, of the European Commission’s DG Information Society and Media.  “So it was more theoretical and strategical than an active practice.”

Nonetheless, the November exercise marked the first in a series of steps the EU is taking in reaction to a number of actual cyber-attacks in recent years that have targeted member states and even the Commission itself.  But it’s the caliber of the attacks which has brought old allies together with suspicions that the Chinese and Russian were behind quite a few.  Furthermore, it’s the scale of which our daily conveniences and government opperations have slipped vulnerably into cyberspace that has triggered a greater response by world leaders.

“Recent high profile cyber attacks show that global threats need global action,” said Neelie Kroes, European Commission Vice-President for the Digital Agenda.  “Today’s exercise provides valuable lessons for specialists on both sides of the Atlantic.”

Under the supervision of the Commission, the US State Department, and ENISA (the EU’s cyber-security agency), the exercise came with two scenarios.  The first was a “Wiki-leak” situation, in which one “team” attempted to steal information from government files and publish it online, whilst the other hoped to block the attack.  The second scenario was a bit more sinister.  Following the historic Stuxnet example from Iran, in which a highly sophisticated computer worm entered the supervisory control and data acquisition(SCADA) systems that control industrial process such as electricity, water, and atomic energy.  The Stuxnet worm damaged the Iranian nuclear program (which may have been its original goal), but its effeciency has sparked fear in the west that their own infrastructure and atomic safety may be at risk.  The original Stuxnet worm could have easily cause an atomic meltdown, but it has since evolved and has various ancestors.  Though the EU test involved a SCADA failure in a wind-turbine instead of an atomic energy plant.

Photo: Wiki-Commons

“The internet is an important backbone of our society,” said Professor Udo Helmbracht of ENISA in a BBC article last month.  “We use it for business and in our private lives. The more we depend on it, the more we need to share information to protect the infrastructure.”

Despite the measures the EU is taking to defend against cyber threats, the complexity of the issue is not only baffling, but ever changing.  Addressed during the exercises was not only what information should countries share with each other during a cyber-attack, but also the relevance of that information.  When asked whether leaders actually knew what information was important and relevant, Falcinelli said it was an issue that needed to be further addressed.  This, however, shows that governments are indeed walking on new grounds, and are not only solving new problems, but still trying to define what those problems might be.

Results for the simulation were originally supposed to be published 10 of November but were moved back to the end of the month.  However, as of early December, ENISA still hasn’t released any of the findings from the simulation.  Ulf Bergstrom, Spokesman for ENISA, said they ancipiated the results to be finalized and published at least before Christmas.

Until then, we can only assume world leaders know what they’re doing, or that it’s possible to stop a cyber-attack without a computer.