ENISA publishes a study on ‘Best Practices for Cyber Crisis Management’ that assists in preparation for crisis management. The study was conducted for the EU Cyber Crisis Liaison Organisation Network (CyCLONe) and is now available publicly.
The geopolitical situation continues to impact the cyber threat landscape also within the European Union. Planning for expected or unexpected threats and incidents is vital for good crisis management.
EU Agency for Cybersecurity Executive Director, Juhan Lepassaar underlined that "Sharing best practices for Member States is a step in successfully strengthening cyber crisis management. This report serves as a tool to assist with implementing the provisions of the NIS2 Directive. Crisis management processes for business continuity are paramount.”
The study outlines the framework and circumstances with cyber crisis scenarios and proposes a series of best practices that will enable the transition into the new requirements of NIS2 Directive, the EU-wide legislation on cybersecurity. The study aims to bring a heterogeneous ecosystem towards stronger harmonisation.
The proposed best practices are clustered into the four phases of the cyber crisis management cycle (prevention, preparedness, response and recovery) and refer to issues arising during each stage with an all-hazards approach.
Concluding with a list of recommendations, ENISA proposes steps to improve Member States’ capacity-building and operational cooperation in the context of cyber crisis management.
Cyber Crisis Management Framework through NIS2
The long history of the EU regarding cybersecurity, and particularly cyber crisis, proves its commitment in building a solid legislative framework to safeguard Member States from emerging threats. Built upon the first directive on Network and Information Security (NIS) that was set in 2016, the NIS2 entry into force marks a transformative period in the field of cybersecurity in the EU due to the new, upgraded provisions and obligations for Member States to incorporate into their national legislation. A key change brought by the adoption of NIS2 includes the reinforced role of ENISA in coordinating cybersecurity actors, such as EU-Cyber Crises Liaison Organisation Network (EU-CyCLONe) and the EU CSIRTs Network.
The European cyber crisis liaison organisation network (EU-CyCLONe)
Under NIS2 Directive, ENISA's mandate has a role as the secretariat for Cyber Crises Liaison Organisation Network (EU CyCLONe), a network dedicated to enhance Member States' national authorities’ cooperation in cyber crisis activities and management.
The network collaborates and develops information sharing and situational awareness based on the support and tools provided by ENISA. The network is chaired in turns by a representative from the Presidency of the Council of the EU.
Formed by the representatives of Member States’ cyber crisis management authorities, the EU CyCLONe intervenes together with the European Commission in case of large-scale cybersecurity incidents likely to have a significant impact on services and activities falling into the scope of the NIS2. ENISA also supports the organisation of exercises for EU CyCLONe members, such as CySOPex (played by officers) and as, in this case, BlueOLEx (played by executives).
ENISA's Cybersecurity Support Action
ENISA pioneers the development of proper mechanisms and consistency for cyber incidents, crisis management and conducting cyber exercises. ENISA is tasked to roll-out the implementation of the Cybersecurity Support Action in 2022 that includes the provision of support to Member States to further mitigate the risks of large-scale cybersecurity incidents in the short term. ENISA assists Member States' national entities though this Support Action, a fund developed to provide cybersecurity services. These services are divided in terms of their purpose to those that enhance preparedness (ex-ante) and to those that reinforce response (ex-post) of Member States. Cybersecurity Support Action is one significant yet recent development of the duties of ENISA towards building expertise and establishing knowledge-sharing among Member States in order to:
- Increase cybersecurity prevention and detection capacities
- Strengthen cybersecurity situational awareness
- Support capabilities to respond to cyber threats and incidents
- Build-up cyber preparedness
- Assist with a cyber exercises and capabilities’ assessment
Further Information
ENISA report: Best Practices for Cyber Crisis Management
ENISA topic: Cyber Crisis Management
European Cyber Crisis Liaison Organisation Network: EU CyCLONe
ENISA Publication: ENISA Cybersecurity Support Action
Contact
For press questions and interviews, please contact press (at) enisa.europa.eu