European diplomats are engaged in a cybersecurity exercise. During this exercise, they act as if there is a real cyberattack on hospitals and electricity networks in several European countries.
The exercise is an initiative of Cyclone, an EU cooperation model to warn each other, validate intelligence and impose sanctions in the event of cyber-attacks that transcend national borders. France organized the exercise in view of “the increasing number and severity of cyberattacks on the EU and its member states”. That says spokesman for the European External Action Service (EEAS) Peter Stano.
During the exercise, a fictional hacker group from ‘Blueland’ infiltrated a Finnish company that develops industrial software for the healthcare and energy sectors. Finland is said to have discovered this attack on January 8. Yet systems continue to be compromised, affecting more than 10 European member states by the hack.
In the scenario, European foreign ministers discuss which sanctions are applicable on 21 February. They also discuss what the action plan should be in the future.
The exercise also took into account the media and different political dimensions of a cyberwar. For example, the existing American cybersecurity company Palo Alto would be the first to attribute the hack to the Blueland group.
A memo reads: “Referring to a report by Palo Alto, the New York Times publishes a front-page article in which they also accuse Blueland of being responsible for the cyber-attack on Europe.”
Blueland would fight back with ‘fake news on social media. In addition, political groups would take advantage of the hack by claiming that the situation is due to the EU’s Green Deal policy.
The European approach to cyberwar is completely defensive. This is in contrast to, for example, the United States. Mikko Hyppönen, principal investigator at cybersecurity company F-Secure: “The United States is developing and deploying attack techniques, even though they have rarely been caught doing so. China and Russia don’t care if their cyberattacks are noticed.”
The situation in the exercise was based on situations that have ever occurred or may occur in the near future. The first exercise was last year, before Russia’s attacks on Ukraine. Yet many link the exercise to fears about Russia.
Direct response to Russia
Blueland has been described as an authoritarian state close to the EU. This state would already have a lot of power in the world, but try to expand this power. The first attack would be carried out by Blueland to punish the EU. The state accuses the EU of protecting opposition leaders who are still calling on EU citizens to protest.
Hyppönen says the link is obvious: “The most obvious attackers as described in this scenario are: Russia, Russia and Russia.” However, Omer Dostri, a defence expert at Israel’s The Jerusalem Institute for Strategy and Security, emphasizes that China, Iran and North Korea also have advanced techniques for cyber-attacks. Yet he also sees that Blueland was very similar to Russia.
Catch up on more articles here
Follow us on Twitter here