News BlogMissions Operations

In Tallinn, ministers play hybrid cyber warfare (V2)

(B2) It was a small first of which the Estonians are not a little proud. In Tallinn, during the informal defense, the 28 EU ministers have been invited to play their own role in what is the first cyber exercise, conducted at strategic level.

The scenario: an EU military operation under attack

From the “EU CYBRID 2017” scenario, B2 had some elements (even if the Europeans do not want to expand, just to preserve the susceptibilities of the big Russian neighbor). A scenario designed around cascading events affecting an EU military operation deployed at sea. This attack continues for a certain period of time. First of all, we learn of the crash of an observation drone. Then there was a cyber attack on a computer server of the military headquarters which degraded not only the local reaction capabilities but its command and the Brussels – field connections. A second drone crashes… then events accelerate.

Malware and false information

We discover a 'malware', malware, which was introduced into European systems. And finally it is communication with the deployed ships that is lost. At the same time, the Union must face an offensive, via social media, of disinformation, even destabilization, with the dissemination of false news. It is therefore important to react quickly to inform the population.

The 28 must react, tablet in support

A ministerial meeting is called to decide what measures to take. The question facing Europeans is: what to do? how to communicate? As in reality, information comes from the field, partly given by the media, and ministers are invited to give their position. For this, each delegation was provided with a tablet. And, faced with a multiple-choice questionnaire, which scrolls on a touch screen, each minister must indicate their position. All in a limited time. Because, as in reality, the important thing in the event of a cyber and hybrid attack is to react quickly… and to keep a cool head. At each stage, the result of the decision is displayed in near real time, under the direction of Jonathan Vseviov, the permanent secretary of the Estonian Ministry of Defense, who plays the role of conductor.

Involve as many actors as possible

Apart from ministers, other EU structures are involved: the European Diplomatic Service (EEAS), the European Network and Information Security Agency (ENISA, based in Heraklion in Greece) and the Agency European Defense (based in Brussels), just like NATO. Which is both an advantage – benefiting from the advice of experts – but also complicates the decision-making process (as in reality).

Oil procedures

The objective of the exercise is first of all to “ become aware of the situation » as an expert in the case explains, then “ provide crisis management ” like the public position (NB: strategic communication) between all the Member States, in short “ oil procedures » to arrive at a common political guideline in the face of a case of cyber attack which threatens the military structures of the European Union.

The ministers got caught up in the game

A bit skeptical at first, the ministers got caught up in the game " In fact. And, during the good hour that the exercise lasted (explanation time included), each of the participants was led to reflect on the need to make rapid, strategic decisions, by consulting both their capital but above all arriving at a common position, to avoid giving the “attacker” victory or the feeling of victory.

A difference in appreciation throughout the exercise

At the start of the exercise, when the first news arrived, “ everyone almost agreed to have as broad a communication as possible, factual about the events ” tells B2, the Belgian Minister of Defense, Steven Vandeput. " But as the news came it got harder, most [states] were shutting down ". Which shows the difficulty of this type of attack. “The defense likes to put a 'classified defense' on all these documents to prevent any information", specifies an expert in the file.

Questions that arise

The exercise also raised a few questions: at what point can we speak of an attack, of a conflict, in the international sense of the term? This would lead to the establishment of solidarity procedures (mutual assistance clause such as article 42.7 at the EU level or collective defense article 5 for NATO). The 28 are not automatically on the same wavelength, one of the participants told us.

Other questions: What tools does the European Union have (or should it equip itself with) to deal with such attacks? How can we cooperate, practically and politically, with NATO, which appears more “armed” to face cyberattacks on its defense structures? “ At NATO level, there are procedures. At EU level, it is less developed, there is still room for improvement says Steven Vandeput.

Cyber ​​knows no borders

The exercise shows that “ different 'technical' problems can quickly turn into issues requiring political direction", then summed up Estonian Defense Minister Jüri Luik. " The cyber world and cyber threats know no national boundaries or barriers between organizations ».

A NATO – EU response community

It is therefore " important to carry out this type of joint exercises, between the Member States of the European Union as well as the EU and NATO. We need to exchange information and have a common understanding, to ensure better preparedness to face cyber threats ". NB: A replica of this exercise should be held at NATO level in October, where the European Union will be invited.

(Nicolas Gros-Verheyde, in Tallinn)


The memory of ten years ago

Estonians are particularly aware of cyber attacks with hybrid overtones. Some ten years ago, on April 27, 2007 exactly, the small Baltic republic suffered a large-scale computer attack (organized from Russia) which seriously destabilized its banking system. The attack was accompanied by more or less significant aftershocks in the following months, accompanied by the dissemination of false information about a possible devaluation of the Estonian currency which put Estonia in a more than uncomfortable situation.


updated at 16:45 p.m. with more detailed material on the scenario, the game between the ministers and the questions asked

Nicolas Gros Verheyde

Chief editor of the B2 site. Graduated in European law from the University of Paris I Pantheon Sorbonne and listener to the 65th session of the IHEDN (Institut des Hautes Etudes de la Défense Nationale. Journalist since 1989, founded B2 - Bruxelles2 in 2008. EU/NATO correspondent in Brussels for Sud-Ouest (previously West-France and France-Soir).