EU and US team up for cybersecurity exercise

In the first joint exercise of its kind, agencies from Europe and the US took part in a day-long meeting to show how they would react to cyberattacks on security agency systems and critical power infrastructure
Written by Tom Espiner, Contributor

The European Union and the US have taken part in a day-long exercise to find out how well they would work together in reaction to cyberattacks on security agency systems and critical national infrastructures.

The Cyber Atlantic 2011 round-the-table meeting, held on Thursday, presented participants with two situations: theft of data from cybersecurity agencies using advanced persistent threats (APTs); and attacks on supervisory control and data acquisition (Scada) systems on power-generation networks.

The exercise, the first of its kind, was organised by agencies including the European Network and Information Security Agency (Enisa) and the US Department of Homeland Security.

"We have two scenarios to look at what would happen in the event of a cyber-crisis," Graeme Cooper, head of public affairs at Enisa, told ZDNet UK. "The first involves the extraction of sensitive information from EU member states' IT security agencies, and the second looks at a systemic attack on a power infrastructure."

A group of participants from the US government and various European member states was brought together in the same room, and given the scenarios, according to Enisa member Panagiotis Trimintzios.

"The exercise gave the opportunity for participants to think deeply," Trimintzios said. "There were issues of escalation and communication."

The exercise gave the opportunity for participants to think deeply. There were issues of escalation and communication.
– Panagiotis Trimintzios, Enisa

During the exercise, which did not involve the use of computers, the participants found good lines of communication between computer emergency response teams (Certs), but lines of communication to other areas of government and the public sector needed more thought, according to Trimintzios.

Enisa declined to identify which EU member states had taken part. In all, over 20 countries were involved, with 16 taking an active role. The European Commission provided direction.

The UK sent representatives from agencies including the Cyber Security Operations Centre (CSOC), which is linked to GCHQ, and the Office of Cyber Security and Information Assurance (Ocsia).

"We place a huge importance on collaboration with our European and international partners, and exercises such as this help to ensure that we have the right processes and procedures in place to deal with such events," a Cabinet Office spokesman told ZDNet UK.

Cyber Atlantic 2011 was born out of a summit held in Lisbon last year, in which the EU and the US said they would step up their work on cybersecurity.

"The involvement of the Commission, EU member states and, of course, the US, in today's exercise shows the high level of commitment we have to ensuring that we protect our digital infrastructures for the benefit of all citizens," Enisa director Udo Helmbrecht said in the statement.

Last year, Enisa conducted a simulated cyberattack involving EU states, which organisations carried out from within their own countries. The agency expects to conduct another EU-wide exercise in a year's time.

Get the latest technology news and analysis, blogs and reviewsdelivered directly to your inbox with ="http:>ZDNet UK'snewsletters.
Editorial standards