U.S. government agencies and members of the European Union (EU) on Thursday teamed up for a daylong exercise aimed at clarifying how to best communicate about cyber incidents.
During the first-of-its-kind exercise, called “Cyber Atlantic 2011,” participants from the U.S. Homeland Security and Justice departments, and more than 20 EU member states were presented with two hypothetical cyberattack scenarios.
The point of the activity was to test different communication models and determine which mechanisms are currently in place and which should be created to facilitate information sharing, Lee Rock, acting director of US-CERT, who participated in the activity, told SCMagazineUS.com on Friday.
In the first scenario, participants considered a hypothetical situation in which a stealthy advanced persistent threat (APT) attack allowed for the exfiltration and subsequent posting online of sensitive government documents belonging to the EU. The second depicted a cyberattack that caused wind turbines located in the EU, but manufactured by a U.S. company, to malfunction.
| “This was just the first of a number of different exercises that will take place between the U.S. and EU to determine the proper methods of information sharing related to cyber incident activities.” – Lee Rock, acting director of US-CERT |
International collaboration on cyber incident management and response involves political, technical and legal components, all of which need to be taken into account, Rock said. Exercises such as Cyber Atlantic provide a chance to test information-sharing models in a non-critical scenario to develop agreed-upon processes.
Participants, especially those from EU member states, said they thought the first of several planned run-throughs went better than expected, Rock added.
In a statement, Udo Helmbrecht, executive director of the European Network and Information Security Agency, called the event an “extremely important milestone in international cybersecurity cooperation.”
“The involvement of the [European] Commission (the executive body of the EU), EU member states and, of course, the U.S...shows the high level of commitment we have to ensuring that we protect our digital infrastructures for the benefit of all citizens,” he said.
Cyber Atlantic 2011 was organized following the EU-US Summit, held in November 2010, during which the two parties pledged to expand their partnership on cybersecurity issues.
