Missie uit EU en VS simuleert antwoord op cyberaanval (en)

Met dank overgenomen van EUobserver (EUOBSERVER) i, gepubliceerd op vrijdag 4 november 2011, 9:27.

BRUSSELS - EU and US cyber experts on Thursday (3 November) sat together and brainstormed on how they would deal with attacks aimed at extracting government secrets or taking control of nuclear plants.

The exercise - a first - was organised by the EU's cyber security agency (Enisa i) and the US department of homeland security and brought together government experts from Washington, 16 EU capitals and the European Commission.

"The involvement of the Commission, EU member states and, of course, the US, in today’s exercise shows the high level of commitment we have to ensuring that we protect our digital infrastructures for the benefit of all citizens," Enisa chief Udo Helmbrecht said in a statement.

The simulation comes after the bloc's diplomatic service lost sensitive documents in a large-scale attack in spring this year. The EU then set up computer emergency teams (Certs) for its own institutions - cyber security experts tasked with detecting, managing the damage and preventing attacks on the networks. Certs exist in most member states and in the US, where there is also a dedicated team for attacks on critical infrastructure, such as nuclear plants.

"It's funny it took the EU almost ten years to come up with something it had been pressing member states all the time," one Cert official from a member state told this website on condition of anonymity.

The exercise, while not naming which country would try to extract confidential data via cyber attacks, was carried out on the day a US intelligence report singled out China and Russia as being most active in cyber espionage against US companies.

China and Russia

The report says both private firms and cyber security experts have reported an "onslaught" of computer attacks targeting trade secrets, intellectual property and technology. Attacks from Russia are a "distant second" to those from China, but were "extensive" and "sophisticated".

This other type of attack simulated Thursday reflects a growing concern in the cyber security community that computer programmes (Scada) managing, for instance, water cleaning facilities, are not designed to fend off worms which could hijack the chemical composition and poison an entire city.

Stuxnet, the worm that damaged Iranian nuclear centrifuges and believed to be the work of the US government, has already some offsprings.

Just as the Enisa exercise was developing, a Stuxnet-inspired worm called Duqu was detected in Belgium's largest web-hosting company after having been shut down of an Indian network. Spread through a vulnerability in Microsoft's Word text editing programme, the virus contains code similar to Stuxnet, but its ultimate target is not yet known.

Section

  • Cyber Security

Tip. Klik hier om u te abonneren op de RSS-feed van EUobserver