The after action report provides an overview of the 2024 edition of the Cyber Europe exercise which was conducted in June and aimed at identifying gaps and increasing cybersecurity preparedeness and resilience.
The purpose of the exercise was to assess and ensure adequacy of processes as well as improve standard operating procedures (SOPs). It also contributed towards building strong internal and external communication channels that are of significant importance in times of a cybersecurity crisis. In addition, it raised cybersecurity awareness at the corporate level, underscoring the significance of cybersecurity preparedness.
Cyber Europe 2024 gathered approximately 5.000 participants coming from different sectors, such as energy, digital infrastructure and public administration, EU-level cybersecurity networks, as well as EU institutions, bodies, and agencies. During this year’s edition, around 28.000 injects carried the exercise forward and stepped up the quality of the scenario.
Compared to previous years, this after action report places greater emphasis on meaningful insights from participants and identifies potential areas of improvement, incorporating lessons identified and actionable recommendations. The report provides a comprehensive view of the exercise's effectiveness and highlights ways for enhancement in future exercises.
Overall, both players and planners of Cyber Europe 2024 reported a high level of satisfaction with the exercise. More than 90% of players expressed enhanced readiness and preparedness to handle cybersecurity incidents, viewing the exercise as an opportunity to test their cybersecurity capabilities and procedures. With regards to crisis management, incident reporting processes were successfully deployed while securing business continuity across sectors.
Cyber Europe 2024 had also specific aims for the Computer Security Incident Response Team (CSIRT) Network and the European Cyber Crisis Liaison Organisation Network (EU-CyCLONe). These included ensuring the adequacy of EU-level operational cooperation and escalation mechanisms during cybersecurity crises and ensuring the existence, adequacy, effectiveness, and speed of communication channels and SOPs between CNW (CSIRTs Network), and EU-CyCLONe. An additional aim was to assess the completeness, quality, and timeliness of information exchange.
In relation to the areas that could be further improved, it was observed that greater emphasis should be placed on cross-border sectorial coordination and the allocation of sufficient resources to support these efforts. Findings of the report also suggest that despite efficient collaboration between energy operators and national authorities in incident reporting, there are still limitations in indicating the cross-border impact of a potential incident. It underlined that a regional approach is crucial to address connection and collaboration between national cybersecurity authorities and operators across Member States during multi-state incidents.
In the context of the exercise, identified lessons were used to develop recommendations that will be taken into consideration for the preparation of the next Cyber Europe exercise. Following-up on recommendations for improvements made in previous years, not only leads to concrete improvements but also demonstrates the valuable impact of the Cyber Europe as an initiative.
About Cyber Europe 2024
Cyber Europe 2024 exercise focused on a scenario featuring cyber threats targeting the EU energy infrastructure deriving from friction caused by geopolitical tension between the European Union and a fictitious foreign nation. With propaganda swaying public opinion and concerns about APTs (Advanced Persistent Threat) groups exploiting vulnerabilities, the energy sector became a prime target. In the effort to prevent a large-scale attack threatening the European economy and destabilising political balance, stakeholders had to swiftly coordinate their actions and response. The two-day event simulated a series of large-scale cyber incidents where players were called on to practice their coordination and crisis management skills to tackle challenges and ensure business continuity in the face of a crisis.