The first joint cyber security exercise between the European Union (EU) and United States (US) is being held today (3rd Nov.) in Brussels, with the support of the EU's Network and Information Security Agency (ENISA) and the US Department of Homeland Security. The day-long table-top exercise, Cyber Atlantic 2011, is using simulated cyber-crisis scenarios to explore how the EU and US would engage each other and cooperate in the event of cyber-attacks on their critical information infrastructures.
In the first scenario, a targeted stealthy cyber-attack (Advanced Persistent Threat - APT) attempts to exfiltrate and publish online, secret information from EU Member States' cyber security agencies. The second simulation focuses on the disruption of supervisory control and data acquisition (SCADA) systems in power generation infrastructures.
More than 20 EU Member States are involved in the exercise, 16 of them actively playing, with the European Commission providing high-level direction. Cyber Atlantic 2011 is part of an EU-US commitment to cyber security which was made at the EU-US summit in Lisbon on 20 November 2010. The aims are to "tackle new threats to the global networks upon which the security and prosperity of our free societies increasingly depend." The exercise draws on lessons learned in the first pan-European cyber security "stress test" exercise, Cyber Europe 2010, which was facilitated last year by ENISA. ENISA's role involves supporting EU Member States in organising cyber security exercises and formulating national contingency plans, with good practice guides and seminars.
ENISA's Executive Director, Professor Udo Helmbrecht, said: "It is an honour for ENISA to be facilitating this extremely important milestone in international cyber security cooperation. European Vice-President, Neelie Kroes, has spoken of the importance of information communications technology for today's citizens and for the economy. The involvement of the Commission, EU Member States and, of course, the US, in today's exercise shows the high level of commitment we have to ensuring that we protect our digital infrastructures for the benefit of all citizens."
Lessons learned from Cyber Atlantic 2011 will be used to plan further potential joint EU-US cyber exercises in the future.