The European Union Agency for Network and Information Security (ENISA) is a centre of network and information security expertise for the EU, its member states, the private sector and Europe’s citizens. ENISA works with these groups to develop advice and recommendations on good practice in information security.
Every two years, they hold a large-scale exercise called Cyber Europe.
The executive summary of the Exercise Report is reproduced below;
Cyber Europe offers to 32 different countries, Member States of the European Union (EU) and the European Free Trade Association, hereafter collectively referred to as the Member States (MS), the possibility to engage in cooperation activities at various levels with the shared objective to mitigate jointly large-scale cybersecurity incidents. The EU Standard Operational Procedures (EU-SOPs), used to support these cooperation activities, provide Member States with guidelines which they can use in the face of large-scale cybersecurity incidents.
The main goal of Cyber Europe 2014 was to train Member States to cooperate during a cyber crisis .
The exercise also aimed at providing an opportunity to Member States to test national capabilities, including the level of cybersecurity expertise and national contingency plans, involving both public and private sector organisations. In order to address the different layers of cyber crisis management, Cyber Europe 2014 was divided in three escalating phases, spread over 2014 and early 2015.
The exercise was a success, for it allowed ENISA to draw numerous lessons, recommendations and concrete actions, which will help to enhance cyber crisis preparedness in Europe. The common ability to mitigate large scale cybersecurity incidents in Europe has progressed significantly since 2010 when the first Cyber Europe exercise was organised. In particular, Cyber Europe 2014 has shown how valuable it is to share information from many different countries in real-time in order to facilitate high-level situation awareness and swift decision-making.
Nevertheless, such processes are unprecedented in real-life and hence requires primarily capability development and possibly also policy guidance from both the Member States as well as the EU Institutions and Agencies. It is crucial that Member States continue to rely upon and improve multilateral cooperation mechanisms,which complement the bilateral and regional relations they have with trusted partners. The EU-SOPs, which are meant to support the former, will be further improved to better take into account the evolving cybersecurity policy context in Europe.
In addition, experience gathered throughout this exercise and the previous ones will strongly guide the development of future EU cyber cooperation instruments and exercises.
Click the image to read the full report;