The first joint EU-US cyber security simulation tackles real-life threats Almost 100 computer experts from 16 European countries jointly battled to hold off serious cyberattacks on the European Union’s security agencies and power plants as part of a simulated exercise on Thursday.The event, Cyber Atlantic 2011, was the first joint cybersecurity exercise between the EU and the U.S. Two scenarios were acted out. The first was a targeted, stealth APT (advanced persistent threat) attack aimed at extracting and publishing online secret information from EU member states’ cybersecurity agencies. Security experts at Europe’s network and information security agency, ENISA, said that this type of attack was possible in a real-world situation. “It is typical of the type of threat that is out there, although it is not based on any one specific situation. We’ve chosen threats that we think are real, and we haven’t made life easy for ourselves by choosing attacks that are easy to repel,” explained ENISA spokesman Graeme Cooper.The second simulation focused on the disruption of supervisory control and data acquisition (SCADA) systems in power generation infrastructures. This threat is being taken very seriously by EU authorities, particularly in light of allegations that the Anonymous hacker group has attempted to infiltrate French power plants and the widespread Stuxnet attack on Iran’s nuclear facilities. More than 20 EU countries were involved in the exercise, 16 of them actively, with the European Commission providing high-level direction and the U.S. Department of Homeland Security also lending support to the national emergency teams taking part. The aim of the event is to explore how the EU and U.S. would engage each other and cooperate in the event of cyberattacks on their critical information infrastructures, and follows the first pan-European cybersecurity stress test, Cyber Europe 2010, last year. Lessons learned from Cyber Atlantic 2011 will be used to plan potential future joint EU-U.S. cyberexercises. “We need to do more to understand the way things operate. We have focused on the IT side obviously, but there would also be wider questions about what would happen if sensitive security data was stolen. That goes alongside securing the IT systems and fighting off attackers and malware,” said Cooper.Follow Jennifer on Twitter at @BrusselsGeek or email tips and comments to jennifer_baker@idg.com. Related content feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Mergers and Acquisitions Mergers and Acquisitions brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Cyberattacks Critical Infrastructure brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe