The European Union’s defense ministers participated in the EU CYBRID 2017 exercise on Thursday that simulated a cyberattack on institutions and systems in the EU within a hybrid threat scenario. With the exercise, the Estonian EU council presidency is hoping to start a discussion about the EU’s means and capabilities, and how to use the union’s existing structures to respond to such an attack.
The field of cyberdefense is developing and changing constantly, and presenting the EU’s institutions with the formidable challenge to find ways how the member states can coordinate their actions and response, and also how they exchange information.
Adding to a complex technical dimension there are strategic as well as policy questions that need to be addressed, for example how the response to an attack fits into international law, and what the according diplomatic and political steps should be.
The scenario of the exercise, though entirely fictional, used an attack on the systems of various organizations like they exist within the EU, covering authorities and virtual targets as well as the points where the virtual realm meets actual executive systems, e.g. the control systems of a power plant.
As the cybersphere doesn’t discriminate, the number of potential targets is equivalent to the number of systems and their access points used. This includes state institutions, but also utility companies and a whole range of services so common today that they are hardly seen as such, including search engines and social media.
The ministers also practise how to respond to a threat scenario in terms of how they deal with the media, making decisions concerning different authorities’ strategic communication as well as the cooperation with other government institutions, e.g. within the competencies of a defense ministry’s foreign policy council.
Preparations for CYBRID began already in 2016, led by the Estonian Ministry of Defence. The ministry developed the scenario as well as the simulation with the European Defence Agency as well as the European Union’s network and information security agency, ENISA. The presidency are hoping to raise awareness among ministers as well as giving them a better understanding of the dimensions of the issue.
In the discussion following the exercise, they are hoping to get a better understanding of the EU’s resources and measures available, and how they can be applied. The exercise is also taking cyber-related issues to the political level, giving them a political context and framework and offering an opportunity to discuss how the topic belongs into the EU’s common security and defense policy (CSDP).
The aim is for the ministers as well as the observing parties to gain a comprehensive understanding of what cyberattacks can cause, and what the options are to respond to them. NATO Secretary-General Jens Stoltenberg as well as the EU’s foreign policy high representative, Federica Mogherini, participated as observers.
Editor: Dario Cavegn