The European Union and US on Thursday conducted their first joint cybersecurity exercise, in a show of strength aimed at criminals and foreign nations who try to hack into critical computer systems.
More than 100 government IT security experts from the 27 EU member states and their counterparts from the US department of homeland security convened in Brussels to simulate crisis scenarios, including attempted cyber espionage and an attack on power grid infrastructure.
The aim was to find out where the weaknesses of critical national infrastructure were and how security professionals in different countries could rapidly communicate with each other in the event of an attack.
The exercise comes amid heightened alarm over international internet threats. In 2007, a sustained hacking attack on Estonia disrupted much of the country’s national infrastructure, revealing that computer attacks could have real-world effects. Last year, Iran’s nuclear facilities were disrupted by a computer virus known as Stuxnet, believed to have been created by a nation state.
A US counter-intelligence agency said on Thursday that China and Russia were stealing billions of dollars worth of trade secrets and intellectual property from the computers of US government agencies, businesses and research organisations.
Last year, Google claimed its computer systems had been attacked by Chinese hackers, a move experts said was part of a widespread campaign of internet espionage.
Earlier this year, the US outlined its strategy for defending computer networks, including using a military response to serious internet threats. Many countries have been raising their spending on national internet security, including France, which is doubling staff at its national cyber defence agency, and the UK, which pledged an additional £650m funding on shoring up IT defences. The UK has said its Treasury department faces a barrage of 20,000 malicious emails a day.
Last year, Barack Obama, the US president, and José Manuel Barroso, president of the European Commission, announced the creation of a joint working group on cyber security.
“This is an implicit message. We are evaluating and improving our capabilities on the prevention side. We want to show that we can react commonly across borders,” said Udo Helmbrecht, executive director of Enisa, the organisation that co-ordinates information security among EU member states.
Speed in reacting to an IT security threat is crucial. Estonia’s European neighbours were criticised for reacting too slowly to the crisis in 2007.
Mr Helmbrecht said that next year the EU would seek to run a similar exercise, which would involve both the government and private-sector companies, such as telecoms providers. With about 80 to 90 per cent of critical national infrastructure in private hands, it is crucial to get companies, not just government organisations, involved in crisis planning.