EU to hold fake cyber war to test its defences against outside attack
A fake cyber war is going to be held by the European Union in order to test its defences against real attacks in the future.
In a fictional scenario, the EU’s naval mission in the Mediterranean will be sabotaged by hackers who cripple the mission’s command on land and launch a campaign on social media to discredit the EU operations and provoke protests.
Each of the EU’s defence ministers will try to contain the crisis over the course of the 90-minute, closed-door exercise in Tallinn that officials have sought to make real by creating mock news videos giving updates on an escalating situation.
“We want to show ministers the impact of cyber campaigns,” said Tanel Sepp, deputy director for cyber planning at Estonia’s defence ministry.
“Cyber has become a conventional tool in modern warfare,” said Sepp, who helped plan the “EU CYBRID 2017” exercise, a reference to the game’s mix of cyber and hybrid warfare techniques, such as disinformation campaigns.
After a series of global cyber-attacks disrupted multinational firms, ports and public services on an unprecedented scale this year, governments are seeking to stop hackers from shutting down more critical infrastructure or crippling corporate and government networks.
Estonia has put cyber security at the forefront of its six-month EU presidency and proposed the exercise for defence ministers, in light of the country’s concerns about neighbouring Russia ever since that country seized Crimea from the Ukraine in 2014.
Estonia was hit by cyber-attacks on private and government Internet sites in 2007, which peaked after a decision to move a Soviet-era statue from a square in the capital, Tallinn, provoked street protests by Russian nationals and a diplomatic spat with Moscow.
One of the world’s most Internet-savvy countries, with 95 per cent of government services online, Estonia has a separate cyber command in its armed forces. However, it is not without its vulnerabilities.
International researchers said this week they have found a security risk with the chips embedded in Estonian identity cards that could allow a hacker to steal a person’s identity, although officials said there was no evidence of a hack.
Given the growing threat, NATO last year recognised cyber space as a domain of warfare and said it was serious enough to justify activating the alliance’s collective defence clause. The European Union has broadened its information-sharing between governments and is expected to present a new cyber defence plan.
Some experts say European governments are not fully aware of the impact of potential cyber attacks on the military.
Cyber attacks could not only lead to losses of information and the denial of services, they could also manipulate data and sabotage military commands, they say.
“We need to be much more worried about attacks on the integrity of information in our systems which have been tampered with,” said Sven Sakkov, the former head of the NATO-affiliated centre for the study of cyber defence in Tallinn.
“What if battle plans from a military commander were hacked without anyone’s knowledge and troops were ordered to fire against friendly forces?”
In August, the former head of the MI5 said that encrypted online communications are essential for the UK’s national security interests, despite the difficulties that it poses for security services attempting to tackle militants.