EU defense ministers take part in first cyber war game

European Union defense ministers have been taking part in a simulated cyber attack exercise today for the first time to practice strategic decision making and crisis-management under pressure of a (mock) cyber-attack against the bloc’s military structures.

The two-hour war game exercise, named EU CYBRID 2017, was held in Tallinn, Estonia, where the EU defense ministers are meeting for informal discussions on a range of security issues.

Cyber attacks targeting and damage civilian infrastructure, such as powerplants, was not included in this particular exercise. Although recent malware activity, such as the Wannacry ransomeware attacks, which locked some UK hospitals out of their IT systems and led to operations being canceled, likely contributed to the decision to run the exercise, said a minister of defense spokeswoman.

She said the fictitious scenario focused on threats to military operations in the Mediterranean.

According to Reuters the exercise involved the EU’s naval mission in the Mediterranean being sabotaged by hackers who cripple the mission’s command on land while also launching a campaign on social media to discredit EU operations and provoke protests.

The exercise was generally aimed at giving ministers the chance to practice situational awareness, crisis management and strategic communication between member states — with the overarching goal of moving towards establishing a policy guideline for the European Union to adopt in the event of such a cyber war situation.

Increasing defense ministers’ awareness about the potential scale of risks posed by cyber attacks appears to be an early take-away from the exercise, according to the spokeswoman.

“What we’ve seen is that the ministers were very interested in it, and it gave them an overview of the threat and what could happen actually because the scenario was built up in such a way that the situation is escalating,” she told us. “In the beginning it might seem like a small thing… It’s pretty hard to assess how big a deal it is. They got an overview that it can escalate to a very, very serious business and that can attack also the military operations.”

“The exercise wasn’t about finding a very concrete, one solution. It was just to get the [understanding] to watch this road,” she added, emphasizing that it’s the first time such an exercise has taken place with defense ministers — and describing it as the “first step” on the road towards a better “common understanding”, which is the necessary base for the EU being able to establish guidelines to respond to (real) cyber attacks against its military structures.

Commenting on the exercise in a statement, Estonia’s minister for defense, Jüri Luik, added: “The cyber world and cyber threats do not recognise national boundaries or the barriers between organisations. It is therefore important to perform joint exercises of this kind, between European Union member states as well as the EU and NATO. We must exchange information and have a common understanding, in order to ensure improved preparedness for dealing with cyber threats.”