The director of the European Network and Information Security Agency, Udo Helmbrecht, told The Associated Press that Thursday’s one-day exercise involving 29 countries and 200 agencies dealt with attack scenarios against “critical infrastructure.”
Helmbrecht said European countries were working to improve their coordination between national security agencies and to further standardize protective software and methods.
Examples of serious past incidents, he said, include a wave of cyber-attacks against Estonia in 2007 that severely affected the country’s banks and government agencies, and the Stuxnet computer virus that was used to target energy and industrial sites in Iran.
“Now this malware is out in the world, so if you are a criminal you can re-engineer it and use it to attack a water supply, or a car manufacturing plant, or a government,” said Helmbrecht, speaking in a windowless office in an EU building where part of the exercise is being held.
The EU agency, based in Iraklio, on the Greek island of Crete, says web-based attacks increased globally by nearly a quarter in 2013 from a year earlier, directed from an increasing number of countries.
“The sophistication and volume of cyber-attacks are increasing every day,” Neelie Kroes, the EU Commission vice president, said in a statement Thursday.
“They cannot be countered if individual states work alone or just a handful of them act together.”
The European cyber-security exercise is held every two years and the results of the current safety tests are due to be issued by the end of the year.