TALLINN (Reuters) – European Union defence ministers will hold a cyber war game for the first time on Thursday to test their ability to respond to a potential attack by computer hackers on one of the bloc’s military missions abroad.
In a fictional scenario, the EU’s naval mission in the Mediterranean will be sabotaged by hackers who cripple the mission’s command on land and launch a campaign on social media to discredit the EU operations and provoke protests.
Each of the EU’s defence ministers will try to contain the crisis over the course of the 90-minute, closed-door exercise in Tallinn that officials have sought to make real by creating mock news videos giving updates on an escalating situation.
“We want to show ministers the impact of cyber campaigns,” said Tanel Sepp, deputy director for cyber planning at Estonia’s defence ministry.
“Cyber has become a conventional tool in modern warfare,” said Sepp, who helped plan the “EU CYBRID 2017” exercise, a reference to the game’s mix of cyber and hybrid warfare techniques such as disinformation campaigns.
After a series of global cyber attacks disrupted multinational firms, ports and public services on an unprecedented scale this year, governments are seeking to stop hackers from shutting down more critical infrastructure or crippling corporate and government networks.
Especially concerned about Russia since it seized Crimea from Ukraine in 2014, Estonia has put cyber security at the forefront of its six-month EU presidency and proposed the exercise for defence ministers.
Estonia was hit by cyber attacks on private and government Internet sites in 2007 which peaked after a decision to move a Soviet-era statue from a square in the capital, Tallinn, provoked street protests by Russian nationals and a diplomatic spat with Moscow.
One of the world’s most Internet-savvy countries with 95 percent of government services online, Estonia has a separate cyber command in its armed forces. But it is not without its vulnerabilities.
International researchers said this week they have found a security risk with the chips embedded in Estonian identity cards that could allow a hacker to steal a person’s identity, although officials said there was no evidence of a hack.
“NO RIGHT ANSWER”
Given the growing threat, NATO last year recognised cyberspace as a domain of warfare and said it was serious enough to justify activating the alliance’s collective defence clause. The European Union has broadened its information-sharing between governments and is expected to present a new cyber defence plan.
But some experts say European governments are not fully aware of the impact of potential cyber attacks on the military.
Cyber attacks could not only lead to losses of information and the denial of services but could manipulate data and sabotage military commands, they say.
“We need to be much more worried about attacks on the integrity of information in our systems, which have been tampered with,” said Sven Sakkov, the former head of the NATO-affiliated centre for the study of cyber defence in Tallinn.
“What if battle plans from a military commander were hacked without anyone’s knowledge and troops were ordered to fire against friendly forces?,” said Sakkov, who runs the International Centre for Defence and Security in Tallinn.
The exercise is loosely based on the EU’s “Sophia” operation in the central Mediterranean that aims to deter people smuggling off the coast of Libya, although there is no mention of any single country or aggressor in the scenario.
EU cyber exercises are not new, but officials said the idea of the exercise was to put the onus on defence ministers to act by simulating a temporary loss of military operational command, even if they would have more support in a real-life situation.
Using tablet computers, ministers will be given multiple-choice questions to answer as they react to the situation. Some of the dilemmas they will face involve deciding whether to make public statements or keep the situation secret.
Calling for help from other governments and invoking a mutual assistance article in the European Union’s treaty are other options.
“There are no right answers here,” Sepp said.
(Reporting by Robin Emmott; Editing by Hugh Lawson)