The European Union and US on Thursday conducted their
first joint cybersecurity exercise, in a show of strength
aimed at criminals and foreign nations who try to hack
into critical computer systems.
More than 100 government IT security experts from the
27 EU member states and their counterparts from the US
department of homeland security convened in Brussels
to simulate crisis scenarios, including attempted cyber
espionage and an attack on power grid infrastructure.
The aim was to find out where the weaknesses of critical
national infrastructure were and how security professionals
in different countries could rapidly communicate with each
other in the event of an attack.
The exercise comes amid heightened alarm over
international internet threats. In 2007, a sustained
hacking attack on
Estonia disrupted much of the
country’s national infrastructure, revealing that computer
attacks could have real-world effects. Last year, Iran’s
nuclear facilities were disrupted by a
computer virus known as Stuxnet,
believed to have been created by a nation state.
A US counter-intelligence agency said on Thursday that
China
and Russia
were stealing billions of dollars worth of trade secrets
and intellectual property from the computers of US
government agencies, businesses and research
organisations.
Last year, Google claimed its computer systems had been
attacked by Chinese hackers, a move experts said was part
of a widespread campaign of internet espionage.
Earlier this year, the US outlined its strategy for
defending computer networks,
including using a military response to serious internet
threats. Many countries have been raising their spending
on national internet security, including
France,
which is doubling staff at its national cyber defence
agency, and the
UK, which pledged an
additional £650m funding on shoring up IT defences.
The UK has said its Treasury department faces a
barrage of
20,000 malicious emails a day.
Last year, Barack Obama, the US president, and
José Manuel Barroso, president of the European
Commission, announced the creation of a joint working
group on cyber security.
“This is an implicit message. We are evaluating and
improving our capabilities on the prevention side. We want
to show that we can react commonly across borders,” said
Udo Helmbrecht, executive director of Enisa, the
organisation that co-ordinates information security among
EU member states.
Speed in reacting to an IT security threat is crucial.
Estonia’s European neighbours were criticised for reacting
too slowly to the crisis in 2007.
Mr Helmbrecht said that next year the EU would seek to
run a similar exercise, which would involve both the
government and private-sector companies, such as telecoms
providers. With about 80 to 90 per cent of critical
national infrastructure in private hands, it is crucial to
get companies, not just government organisations, involved
in crisis planning.