November 04, 2011

U.S. and EU partner for security response exercise

U.S. and EU partner for security response exercise
U.S. and EU partner for security response exercise

U.S. government agencies and members of the European Union (EU) on Thursday teamed up for a daylong exercise aimed at clarifying how to best communicate about cyber incidents.

During the first-of-its-kind exercise, called “Cyber Atlantic 2011,” participants from the U.S. Homeland Security and Justice departments, and more than 20 EU member states were presented with two hypothetical cyberattack scenarios.

The point of the activity was to test different communication models and determine which mechanisms are currently in place and which should be created to facilitate information sharing, Lee Rock, acting director of US-CERT, who participated in the activity, told SCMagazineUS.com on Friday.

In the first scenario, participants considered a hypothetical situation in which a stealthy advanced persistent threat (APT) attack allowed for the exfiltration and subsequent posting online of sensitive government documents belonging to the EU. The second depicted a cyberattack that caused wind turbines located in the EU, but manufactured by a U.S. company, to malfunction.

“This was just the first of a number of different exercises that will take place between the U.S. and EU to determine the proper methods of information sharing related to cyber incident activities.”

– Lee Rock, acting director of US-CERT

International collaboration on cyber incident management and response involves political, technical and legal components, all of which need to be taken into account, Rock said. Exercises such as Cyber Atlantic provide a chance to test information-sharing models in a non-critical scenario to develop agreed-upon processes.

Participants, especially those from EU member states, said they thought the first of several planned run-throughs went better than expected, Rock added.

In a statement, Udo Helmbrecht, executive director of the European Network and Information Security Agency, called the event an “extremely important milestone in international cybersecurity cooperation.”

“The involvement of the [European] Commission (the executive body of the EU), EU member states and, of course, the U.S...shows the high level of commitment we have to ensuring that we protect our digital infrastructures for the benefit of all citizens,” he said.

Cyber Atlantic 2011 was organized following the EU-US Summit, held in November 2010, during which the two parties pledged to expand their partnership on cybersecurity issues.

Related Articles
Related Topics
Related Links

More in News

Privacy-bolstering "Apps Act" introduced in House

The bill would provide consumers nationwide with similar protections already enforced by a California law.

Microsoft readies permanent fix for Internet Explorer bug used in energy attacks

Microsoft is prepping a whopper of a security update that will close 33 vulnerabilities, likely including an Internet Explorer (IE) flaw that has been used in targeted website attacks against the U.S. government.

Weakness in Adobe ColdFusion allowed court hackers access to 160K SSNs

Up to 160,000 Social Security numbers and one million driver's license numbers may have been accessed by intruders.