By Robin Emmott
TALLINN (Reuters) – European Union defense ministers tested their ability to respond to a potential attack by computer hackers in their first cyber war game on Thursday, based on a simulated attack on one of the bloc’s military missions abroad.
In the simulation, hackers sabotaged the EU’s naval mission in the Mediterranean and launched a campaign on social media to discredit the EU operations and provoke protests.
Each of the defense ministers tried to contain the crisis over the course of the 90-minute, closed-door exercise in Tallinn that officials sought to make real by creating mock news videos giving updates on an escalating situation.
German Defence Minister Ursula von der Leyen said the “extremely exciting” war game showed the need for EU governments to be more aware of the impact of cyber attacks on critical infrastructure in the EU.
“The adversary is very, very difficult to identify, the attack is silent, invisible,” Von der Leyen told reporters. “The adversary does not need an army, but only a computer with internet connection”.
After a series of global cyber attacks disrupted multinational firms, ports and public services on an unprecedented scale this year, governments are seeking to stop hackers from shutting down more critical infrastructure or crippling corporate and government networks.
“We needed to raise awareness at the political level,” Jorge Domecq, the chief executive of the European Defence Agency that helped organize the exercise with Estonia, told Reuters.
Especially concerned about Russia since it seized Crimea from Ukraine in 2014, Estonia has put cyber security at the forefront of its six-month EU presidency and proposed the exercise.
Estonia was hit by cyber attacks on private and government Internet sites in 2007. One of the world’s most Internet-savvy countries, with 95 percent of government services online, Estonia has a separate cyber command in its armed forces. But it is not without its vulnerabilities.
International researchers have found a security risk with the chips embedded in Estonian identity cards that could allow hackers to steal people’s identities, although officials said there was no evidence of a hack.
INCIDENT, THREAT OR ATTACK?
NATO last year recognized cyberspace as a domain of warfare and said it justified activating the alliance’s collective defense clause. The European Union has broadened its information-sharing between governments and is expected to present a new cyber defense plan.
The EU exercise made ministers consider how to work more closely with NATO, whose Secretary-General Jens Stoltenberg was there as an observer, diplomats present said.
“Over the last year, we saw a 60 percent increase in the number of cyber attacks against NATO networks,” Stoltenberg told reporters. “A timely exchange of information (with the EU) is key to responding to any cyber attacks.”
EU cyber exercises are not new, but officials said the idea of Thursday’s exercise was to put the onus on defense ministers to act by simulating a temporary loss of military operational command, even if they would have more support in a real-life situation.
Using tablet computers, ministers answered multiple-choice questions as they reacted to the situation, including some on whether they would make public statements or keep the situation secret.
“Do you announce to the whole country that you are under a cyber attack. Is it an incident, a threat or an attack? These are the questions that ministers were forced to consider, probably for the first time,” Estonian Defence Minister Juri Luik told Reuters.
(Reporting by Robin Emmott; Editing by Hugh Lawson)