European Union to Launch Supply Chain Attack Simulation

The European Union (EU) is planning a major supply chain cyber-attack simulation, it has been reported.

According to Bloomberg, the exercise will take place in the coming days and continue for six weeks. The drill is designed to test member states’ preparedness for an attack affecting the continent’s distribution networks.

Citing internal documents and sources “familiar with the matter,” Bloomberg said that the simulated attack will mainly target supply chains across Europe. The coordinated attack will be based on past supply chain hacks or those considered to be likely in the future to be as realistic as possible.

Those participating in the ‘stress test’ will coordinate diplomatic and public responses to the attacks and deal with the spillover of socioeconomic impacts in other member states.

It is believed the drill was proposed by France, which took over the presidency of the council of the European Union on January 1 2022. Following the exercise, the EU aims to develop a framework for a joint response to a major incident, which it currently lacks.

Recent incidents such as SolarWinds and Kaseya have demonstrated the widespread damage that supply chain cyber-attacks can cause, which appears to be a growing target for threat actors.

Commenting, Todd Carroll, CISO at CybelAngel, said: “Supply chain attacks are an ongoing trend and will only grow in severity. This is largely attributed to the fact that, as a state or organization’s supply chain and digital ecosystems expand, their attack surface grows exponentially along with it. In a few months from now, attacks like SolarWinds may look comparatively small.

“Ransomware can’t be called a hypothetical, systemic risk anymore. It’s now a systemic issue that will only grow. This is yet another clear illustration that cybersecurity impacts physical security and the daily lives of all of us at scale.  

“Unfortunately, we expect more supply chain attacks to occur. As companies increasingly entrust a large part of their services to single points of failure – think AWS or Google – this is becoming a problem, and as such, companies become targets of choice.

“This stress test is a welcomed action plan and highlights the increasing need for early threat detection capabilities and ransomware preparedness. Member states and businesses urgently need to get ahead of threats before attackers beat them to it.”

In December last year, Israel led a similar 10-country attack simulation targeting the global financial system.