EU-US Excercise Tests SCADA And APT Threats

The first joint cyber security exercise between the European Union (EU) and United States is being held today, concentrating on advanced persistent threats (APTs)  and SCADA hacking.

The day long exercise, dubbed “Cyber Atlantic 2011”, will use simulated cyber-crisis scenarios to explore how the EU and US would engage and cooperate in the event of cyber attacks on their critical information infrastructures.

Transatlantic Operation

The joint operation between the EU’s Network and Information Security Agency (ENISA) and the US Department of Homeland Security, will test two issues that are taxing the IT security profession – persistent threats that can steal secret information and hacks that could cripple “real world” infrastrcture such as the power generation network.

In the first scenario, a targeted stealthy cyber attack (Advanced Persistent Threat – APT) will attempt to steal and publish secret information from the EU member states’ security agency.

The second will stage an attack on supervisory control and data acquisition (SCADA) systems in power generation infrastructures, a possible target for hackers.

Cyber Atlantic 2011 is the product of discussions at the EU-US summit in Lisbon last year, which recognised the growing threat of cyber crime and resulted in the establishment of an EU-US Working Group on Cyber-security and Cyber-crime.

More than 20 EU member states are participating with 16 playing an active role in the exercise, which draws on lessons learned from the first pan-European cyber security exercise, last year’s Cyber Europe 2010.

Cyber Europe 2010 staged simulated cyber attacks on critical services across several member states and tested the EU’s readiness for an attack which would paralyse communication services between member states.

The executive director of ENISA, Professor Udo Helmbracht commented, “The involvement of the Commission, EU Member States and, of course, the US, in today’s exercise shows the high level of commitment we have to ensuring that we protect our digital infrastructures for the benefit of all citizens.”

It is hoped that the lessons learned from the exercise will be used to plan further potential joint EU-US cyber exercises in the future, despite the differences in security and hacking culture between Europe and the US.