First EU Cyber Defence Exercise

EU Defence Ministers participate in “EU CYBRID 2017”, a strategic table-top cyber defence exercise. The exercise, the first of its kind, is organised by the Estonian Presidency of the Council of the European Union, the Estonian Ministry of Defence and the European Defence Agency (EDA). 
 
In the simulation, hackers sabotaged the EU’s naval mission in the Mediterranean and launched a campaign on social media to discredit the EU operations and provoke protests. 
 
Each of the defense ministers tried to contain the crisis over the course of the 90-minute, closed-door exercise in Tallinn that officials sought to make real by creating mock news videos giving updates on an escalating situation. German Defence Minister Ursula von der Leyen said the “extremely exciting” war game showed the need for EU governments to be more aware of the impact of cyber-attacks on critical infrastructure in the EU.
 
EU CYBRID 2017
The objective of EU CYBRID 2017 is to raise awareness of cybersecurity incident coordination at political level and of the potential effects of offensive cyber-campaigns. It focuses on situational awareness, crisis response mechanisms and strategic communication. 
 
Cyber is widely recognised as a major threat in the EU’s Common Security and Defence Policy (CSDP), yet there has been limited attention to EU missions and operations’ resilience. 
 
To address cyber threats in CSDP, Estonia organised in cooperation with the European Defence Agency a strategic table-top cyber-exercise “EU CYBRID 2017” for EU Ministers of Defence during their informal meeting in Tallinn on 7 September 2017. 
“Cyber, the fifth domain of warfare, must be given as much attention as land, air, sea and space. There is no 100% protection in cyber. It is imperative that EU Defence Ministers test their cyber defence mechanisms. The buy-in of Member States is key for the EU to have the necessary skills, technology and capabilities”, Jorge Domecq, Chief Executive of the European Defence Agency, said.
 
The scope of the exercise is crisis response to a major offensive cyber campaign against EU military structures in a hybrid warfare context. The objectives of the exercise are: 
 
• Situational awareness. Use the EU Intelligence and Situation Centre (INTCEN) to ensure a common understanding of the crisis and the impact of hybrid attacks on EU military structures and to give initial assessment/context for the cyber-campaign. 
• Crisis Response. Raise awareness of the instruments available to the EU in to give strategic guidance on the response to a major offensive cyber-campaign against CSDP structures in a hybrid warfare context. 
• STRATCOM. To coordinate initial messages among EU Member States at political level. 
• Cyber defence. Raise awareness on cybersecurity incident coordination at political level and demonstrate potential effects of offensive cyber-campaigns. 
• Trigger discussions at Council level with a view to examine possible measures in response to specific events, drawn from the crisis scenario. 
 
About the Exercise
EU CYBRID 2017 is a table-top cyber exercise focused on strategic choices and considerations at the EU ministerial level. The goal of the exercise is to highlight a number of strategic concerns and topics that arise in connection with any hypothetical cyber crisis. This exercise should serve as a forum for discussion at ministerial level and provide strategic guidance to address future crises. The exercise scenario included an orchestrated cyber-attack campaign against an EU-led military operation affecting both an EU Headquarter in Rome (OHQ Rome) and its subordinated maritime assets. 
Multiple cyber-attacks covering a range of cyber threats combined with other incidents took place over the course of the exercise. The exercise scenario refers to fictitious countries, organisations and operations. 
 
Cyber Defence and the European Defence Agency
Cyber defence is one of the priorities of the EDA’s capability development plan and of the NATO-EU Joint Declaration. A project team consisting of EDA and its participating Member States' representatives is responsible for jointly developing cyber defence capabilities within the EU CSDP, supported by R&T experts. 
 
The Agency’s main focus is on supporting member states in building a skilled military cyber defence workforce and in ensuring the availability of proactive and reactive cyber defence technology. The EDA for example develops, pilots and delivers a variety of cyber security & defence courses and exercises from basic awareness over expert level to decision maker training.
 
European Defence Agency:           Reuters
 
You Might Also Read: 
 
NATO Cyber War Games 2017: Czechs Win:
 
Cybercrime In The EU -  Where Are You Safe?:
 

 

 

 

 
 
 
« The New GDPR Rules Focus On Consumer Protection
In Demand: Cybersecurity Specialists »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

StickyMinds

StickyMinds

StickyMinds is the web's first interactive testing community exclusively engaged in improving software quality throughout the software development lifecycle.

Code Dx

Code Dx

Code Dx is a software application vulnerability correlation and management system.

Markel International

Markel International

Markel International is an international insurance company which looks after the commercial insurance needs of businesses. Specialist services include Cyber Risk insurance.

Seric Systems

Seric Systems

Seric is a technology business specialising in security, infrastructure and data management.

Cynerio

Cynerio

Cynerio develops cybersecurity protections for medical devices, comparing network behavior with a database of medical workflows.

Sponge

Sponge

Sponge is a world-renowned digital learning provider on a mission to make learning unforgettable.

Dataprovider.com

Dataprovider.com

Our Brand Protection Suite gives you the tools to discover trademark infringement on the Internet, such as websites selling counterfeit products, even when this is not immediately noticeable.

SAST

SAST

SAST provide Static Application Security Testing as a service based on SAST Tools.

AML Global Solutions (AMLGS)

AML Global Solutions (AMLGS)

AMLGS delivers Financial Crime prevention training programmes and consultancy services encompassing Anti-Money Laundering (AML), Counter Terrorism Financing (CTF), Bribery & Corruption and Fraud.

GeoEdge

GeoEdge

GeoEdge is the premier provider of ad security and quality solutions for the online and mobile advertising ecosystem.

National Coordinator for Security and Counterterrorism (NCTV) - Netherlands

National Coordinator for Security and Counterterrorism (NCTV) - Netherlands

The NCTV serves the Netherlands’ national security. We protect national interests, identify threats and strengthen resilience.

Eleos Labs

Eleos Labs

Eleos Labs' suite of security tools prevent Web3 cyber attacks, reduce economic risks, and protect digital assets.

Cytek

Cytek

Cytek is a leading provider of cybersecurity and HIPAA compliance for dental practices and other industries.

BSS

BSS

BSS is a solutions and services business based in the UK with a focus on Cyber Security, Data, Financial Crime, Internal Audit, Change, Risk and Resilience.

FoxPointe Solutions

FoxPointe Solutions

FoxPointe Solutions is a full-service cyber risk management and compliance firm.

Loccus AI

Loccus AI

Loccus are developers of AI solutions in the voice safety space. We build identity verification solutions, deepfake detection systems and fraud protection products for companies and end-users.