EU and US test joint cyber security skills

The EU and US came together yesterday for their first ever joint test of cyber attack readiness.

Security pros from both sides of the Atlantic were tested on their preparedness for both a standard data theft attack and a hit on SCADA systems used to manage critical infrastructure.

The European Commission and ENISA, the European Network and Information Security Agency, initiated the Cyber Atlantic 2011 exercise. The Department of Homeland Security contributed to the US side of the project.

Today's exercise provides valuable lessons for specialists on both sides of the Atlantic.

Over 20 EU member states were involved in the exercise, 16 of which were "actively playing."

"Recent high profile cyber attacks show that global threats need global action. Today's exercise provides valuable lessons for specialists on both sides of the Atlantic," said Neelie Kroes, European Commission vice-president for the Digital Agenda.

The tests came after the formation of the EU-US Working Group on Cyber Security and Cyber Crime in 2010.

In the first test, EU National Cyber Security Agencies (NCSAs) were asked to deal with an Advanced Persistent Threat (APT), akin to the attack which hit security firm RSA earlier this year.

The scenario imagined a hacker group launching a targeted attack, the end goal of which was to publish sensitive data online.

The second test had a hypothetical scenario in which a SCADA system, like the one which Stuxnet targeted in Iran last year, failed at an EU wind turbine.

"The involvement of the Commission, EU Member States and, of course, the US, in today's exercise shows the high level of commitment we have to ensuring that we protect our digital infrastructures for the benefit of all citizens," added ENISA's executive director Professor Udo Helmbrecht.

Last November, the first ever cross-European cyber war simulation was carried out, in which 70 public bodies had to fend off attacks designed to replicate hacks against critical online services.

This week the UK hosted the first London Conference on Cyberspace, in which the Prime Minister appeared to align with US strategy.

David Cameron said the UK would respond to a cyber attack "as robustly as any other national security threats." The US has previously said it would "when warranted respond to hostile acts in cyberspace as we would to any other threat to our country."

"We reserve the right to use all necessary means - diplomatic, informational, military, and economic - as appropriate and consistent with applicable international law, in order to defend our nation, our allies, our partners, and our interests," the US said in its International Strategy for Cyberspace document.