EU Defense Ministers Conduct First Solo Cyber War Games

EU defense ministers tested their ability to deal with a large scale cyber-attack in online war game exercises on Thursday; the first of their kind.

The simulation was proposed by Estonia, which is apparently keen on foregrounding cybersecurity during its six-month EU presidency.

A series of DoS attacks there in 2007 – initially thought to have been carried out by Russian state-sponsored hackers – crippled infrastructure in one of the first such nationwide campaigns of its type.

The war games on Thursday pitted defense ministers against a shadowy cyber-foe trying to sabotage EU naval facilities in the Mediterranean and conducting a parallel social media campaign designed to foment public unrest.

To add extra urgency to the simulation, ministers were informed that military support had been taken out by the hackers, forcing them to act alone to resolve the crisis.

The 90-minute closed-door exercise even featured mock rolling news broadcasts to add extra verisimilitude.

The ministers were reportedly asked a series of multiple choice questions at various points of the simulated crisis, such as: “Do you announce to the whole country that you are under a cyber-attack. Is it an incident, a threat or an attack?”

German Defence Minister Ursula von der Leyen told reporters that the event was “extremely exciting” and raised the importance of formulating effective strategies to cope with cyber-attacks on critical infrastructure, according to Reuters.

“The adversary is very, very difficult to identify, the attack is silent, invisible,” she told reporters. “The adversary does not need an army, but only a computer with internet connection.”

In fact, this is partly why the EU has drafted the NIS Directive, seeking to improve baseline security standards in critical infrastructure and providers of “essential services”.

The UK government has already committed to transposing the directive into UK law and is currently consulting about how best to do so.

What’s Hot on Infosecurity Magazine?