EU and US put security defences to the test in Cyber Atlantic exercise

The US and EU have completed a security operation to test Europe's ability to withstand attacks on government database and power management systems.

The Cyber Atlantic 2011 exercise simulated two international incidents in which attackers attempted to penetrate EU cyber security agencies and compromise Scada controllers in power plants.

The operation, hosted in Belgium, marked the first time that US government agencies joined their EU counterparts in a large-scale security exercise. Both have run their own security simulations in the past.

"Recent high-profile cyber attacks show that global threats need global action," said Neelie Kroes, European Commission vice president for the Digital Agenda. "Today's exercise provides valuable lessons for specialists on both sides of the Atlantic."

The first of the two simulations pitted government agencies against a fictional organised hacking group set on collecting information through an advanced persistent threat attack.

The 'attackers' attempted to extract and post information from cyber security groups online, while the EU agencies were tasked with rooting out the attack and co-ordinating with authorities in US to respond and prevent further infections.

In the second simulation, authorities attacked the Scada appliances that control power-generating wind turbines. Authorities were asked to respond to the hypothetical attack and then connect with government agencies and Scada hardware providers in the US to repair and protect vulnerable devices.

The two exercises involved hypothetical situations, but reflected recent high-profile incidents in the real world.

Local and federal government agencies have been favourite targets for the AntiSec hacktivist operation, while state-sponsored hackers are believed to be behind the intelligence-gathering Aurora and ShadyRAT attacks.

Prime minister David Cameron recently warned that the UK faces the threat of "industrial scale" data-harvesting operations targeted at government systems.

Meanwhile, researchers and government agencies have expressed concern over vulnerabilities in Scada devices and other embedded control systems.

Experts at this year's Black Hat conference suggested that a lack of adequate security is epidemic among industrial control devices, leaving power grids vulnerable to attack.