BlueOLEx 2024 exercise: EU-CyCLONe test its cyber crisis response preparedness

Back to News

In light of the NIS2 era, this year’s edition of the BlueOlex built upon the scenario of Cyber Europe 2024 and tested the executive layer of cooperation in the EU ecosystem.

The goal of the EU-CyCLONe executive level exercise was to strengthen the cooperation among cybersecurity crisis management executives and directors across EU. This time, technical layer experts participated as observer. The lessons learnt will complement the ongoing discussions on the revision of the Blueprint on coordinated response to large-scale cybersecurity incidents and crises, which is currently under review.  

BlueOlex 2024 convened the high-level executives of the EU Members States’ competent authorities responsible for cyber crisis management and/or cyber policy, the European Commission, the EU Agency for Cybersecurity, as well as the CSIRTs Network liaison coordinator as representative of the technical layer. Strategic discussions focusing on effective cybersecurity information sharing and criteria for escalation were also part of this year’s exercise.  

The EU Agency for Cybersecurity Executive Director, Juhan Lepassaar, highlighted: “The BlueOlex exercise serves as a vital platform for EU national authorities to test and advance the level of coordination and crisis management expertise. ENISA is committed to supporting EU Member States crisis preparedness and capabilities to respond effectively in times of crisis. This becomes essential in today’s complex geopolitical context.” 

The Chair of the EU-CyCLONe Network (Hungary) stated: “Today’s successful cyber crisis exercise truly demonstrates the critical role that EU-CyCLONe plays in managing complex cross-border incidents. Crisis management is also among the priorities of the Hungarian Presidency. We believe, that through rapid coordination, effective information-sharing, and strategic-decision making, CyCLONe has proven to be an invaluable asset in the EU’s cyber crisis management framework. BlueOLEX24 has not only allowed us to fine-tune our response capabilities, enhance cooperation but it brings together nations to confront and manage cross-border cyber threat effectively. Moving forward, CyCLONe will continue to drive resilience and unity in our response to the evolving cyber threat landscape." 

The Head of Operations and crisis management of the Italian National Cybersecurity Agency (ACN), Gianluca Galasso, said: “We are very pleased with the outcomes of the BlueOlex exercise and proud to have hosted it in Italy. It is essential for Member States to convene regularly to discuss cyber crisis management, aiming to promote and implement consistent, effective practices for responding to potential emergencies we may face together. The exercise model used in BlueOlex fosters valuable exchanges of ideas and perspectives among crisis management leaders from each Member State. This event also provides an exceptional opportunity to strengthen ties and build trust among network representatives. Moreover, the simulated crisis scenario has once again underscored how the cyber resilience of each Member State is intricately linked to that of Europe as a whole, particularly in interconnected sectors such as energy” 

BlueOlex was organised by ENISA and hosted in Rome by the Italian Cybersecurity Agency (ACN), under the Hungarian Presidency of the Council of the European Union.      

EU CyCLONe: Composition and objectives 

The European Cyber Crisis Liaison organisation network (EU-CyCLONe), is a cooperation network for EU Member States national authorities in charge of cyber crisis management. Network members collaborate and develop information sharing and situational awareness based on the daily operations. Vested by NIS2 as the EU-CyCLONe Secretariat, ENISA provides support and tools to the network which is chaired in turns by the Presidency of the Council of the EU.The EU- CyCLONe cooperates, together with the European Commission in case of large-scale cybersecurity incidents likely to have a significant impact on services and activities falling into the scope of the NIS2 Directive. 

ENISA Cyber Exercises 

ENISA supports the organisation of exercises for EU CyCLONe members, such as CySOPex for officers and BlueOLEx for executives. The aim of these exercises is to identify improvements and potential gaps in the standardised way of responding to incidents and crises (i.e. Standard Operating Procedures), train on situational awareness and information sharing processes. Since 2019, EU CyCLONe Members test their capabilities on an annual basis with BlueOLex and, since 2021, with CySOPex, while also participate in the biennial Cyber Europe exercise, alongside the CSIRTs Network. 

Further Information 

Best Practices for Cyber Crisis Management — ENISA 

Cyber Crisis Management — ENISA 

BLUE OLEX 2023: Getting Ready for the Next Cybersecurity Crisis in the EU — ENISA 

Blue OLEx 2022 tests the Standard Operating Procedures of the EU CyCLONe — ENISA 

Blue OLEx 2021 : Testing the Response to Large Cyber Incidents — ENISA 

Blue OLEx 2020: the European Union Member States launch the Cyber Crisis Liaison Organisation Network (CyCLONe) — ENISA 

ENISA plays an active role at the first of its kind cyber crisis exercise, Blue OLEx 2019 — ENISA