Cyber-security experts from the European Union and United States took part in simulated cyber-attacks against supervisory control and data acquisition systems and advanced persistent threats as part of Cyber Atlantic 2011 exercises.
The
United States and European Union took part in the first-ever joint
cyber-security exercise addressing how to cooperate and respond in the event of
a cyber-attack on critical infrastructure.
The
European Network and Information Security Agency (ENISA) and the U.S.
Department of Homeland Security conducted the daylong table-top exercise, Cyber
Atlantic 2011, on Nov. 3. The cyber-security exercise used simulated scenarios
to explore how EU and U.S. officials could improve how they work together and
coordinate incident management and response, Lee Rock, acting director of
Homeland Security's Computer Emergency Response Team (US-CERT) wrote on the DHS
blog.
One
exercise featured targeted advanced persistent threat attempts to infiltrate
various EU cyber-security agencies and publish online the information extracted
from the networks. Another simulation involved an attack against supervisory
control and data acquisition (SCADA) systems in power grids and utilities.
Cyber
Atlantic's goal was to "tackle new threats to the global networks upon
which the security and prosperity of our free societies increasingly
depend," ENISA said. Most of the exercises focused on European assets or
agencies being attacked, with U.S. officials providing assistance, according to
Rock.
Participating
in the cyber-exercise would help "strengthen" how the U.S. handles
cyber-attacks at home and how it collaborates with other countries
"through mutual support systems," Rock said. US-CERT "supports
international partners and the broader cyber-security communities in both the
United States and abroad on a range of technical and operational cyber
issues," Rock wrote.
Cyber
Atlantic 2011 drew on lessons learned from last year's Cyber-Europe 2010
cyber-security exercise, and the lessons learned from this event will be used
to plan "further potential joint" cyber-exercises, according to
ENISA. The previous exercise was conducted as a way identify how member states
should communicate and collaborate to defend against cyber-attacks and to
strengthen Europe's overall cyber defenses in the event of a large-scale
cyber-attack.
The
DHS runs similar cyber-exercises through its biennial Cyber-Storm series to
keep mitigation and prevention efforts up-to-date to handle the latest
sophisticated attacks. The SANS Institute, a private nonprofit security
research and education organization, also works with the Army and Air Force to
train military personnel in cyber-security skills through its NetWars
cyber-security challenge. Participants compete in a mock environment to test
their defensive, analysis and offensive cyber skills, fighting off intruders
trying to take over other target systems and networks.
Policy-makers
on both sides of the Atlantic believe that it's not a question of
"if" there will be a cyber-attack, but "when." The latest
cyber-war exercise was part of a commitment to work together on cyber-security
that was agreed upon at a EU-U.S. summit in Lisbon, Portugal, in November 2010.
More than 20 EU member states attended the event, which was directed by the
European Commission.
"It
is an honor for ENISA to be facilitating this extremely important milestone in
international cyber-security cooperation," said ENISA's executive director,
Prof. Udo Helmbrecht.
A
group of European ministers, senior officials from the North Atlantic Treaty
Organization (NATO) and other influential European leaders participated in a
different cyber-exercise organized by the European Security Round Table (ESRT) in
Brussels, Belgium, in June.
The
ESRT exercise simulated three distinct attacks against different European
critical infrastructure sectors that had simultaneous impact on several member
states. The attendees discussed existing EU cyber-security policies and
initiatives as well as what new rules and regulations were needed.
Email
Print
