European Union governments are set to launch a large-scale simulation of cyberattacks against multiple member states. Participants will be confronted with attacks on their supply chains and some spillover socio-economic effects in other member states, before having to co-ordinate public communications and a diplomatic response, according to reports.
The aim of the six-week exercise is to stress-test Europe’s resilience, strengthen preparedness and co-operation among member states, and improve the effectiveness of a joint response.
Todd Carroll CISO at CybelAngel says he welcomes the plans. “Supply chain attacks are an ongoing trend and will only grow in severity. This is largely attributed to the fact that, as a state or organization's supply chain and digital ecosystems expand, their attack surface grows exponentially along with it. In a few months from now, attacks like SolarWinds may look comparatively small," he says.
"Ransomware can't be called a hypothetical, systemic risk anymore. It's now a systemic issue that will only grow. This is yet another clear illustration that cybersecurity impacts physical security and the daily lives of all of us, at scale.
"Unfortunately, we expect more supply chain attacks to occur. As companies increasingly entrust a large part of their services to single points of failure - think AWS or Google - this is becoming a problem and as such, companies become targets of choice.
"This stress test is a welcomed action plan and highlights the increasing need for early threat detection capabilities and ransomware preparedness. Member states and businesses urgently need to get ahead of threats before attackers beat them to it," he concludes.
French presidency proposals
According to a report on Bloomberg, the exercise will be structured around a gradual escalation toward a major crisis that culminates in an attack that could qualify as an armed aggression under the United Nations Charter, according to leaked documents. In order to be as realistic as possible and better prepare the bloc for a real-world attack, it will be modelled on incidents that have taken place or could occur in the near future.
Though the EU has various tools at its disposal to counter and sanction acts of cyber aggression, it doesn’t currently have a framework for effectively coordinating a joint response to a major crisis, the document says.
The simulation, which is being proposed by the French presidency of the EU, is expected to begin this month and conclude during a meeting of the bloc’s foreign ministers at the end of next month.