The EU Agency for Cybersecurity (ENISA), works hands-on with the EU the Member States, with the European Commission and with other Agencies, to help either prevent or effectively respond to cybersecurity incidents and crises. Within its policy remit, ENISA has been supporting the field of European cyber incident and crisis management for several years, with activities such as: daily operations of the CSIRTs Network and of the EU-CyCLONe, crisis simulation exercises, trainings, support to Member States in developing their crisis plans and structures and the organisation of international conferences and studies.
As an active actor in the context of the EU coordinated response to cyber security incidents crises, ENISA assists the Union whenever required, notably in the framework of the Integrated Political Crisis Response (IPCR) arrangements. ENISA works closely with Member States to develop EU-level cyber crisis management procedures in order to improve situational awareness in the event of cross-border cyber incidents. The Agency also assists both national and European decision-makers in making the most appropriate decisions.
In particular, ENISA supports EU-level cyber crisis management by:
- Enabling the operations of the EU CSIRTs Network and EU-CyCLONe by providing the Secretariat team, resources and expertise;
- Providing the IT infrastructure and tools for ENISA stakeholders and in particular the CSIRTs Network and the EU-CyCLONe to securely exchange information about incidents and ongoing threats;
- Contributing to the drafting and establishment of operational procedure to prepare and respond to large-scale cross-border incidents and crisis at Union level;
- Building and running tailored exercise and trainings to support the test of procedure at European and National level in the context of cyber crisis management;
- Contributing to Union common situational awareness based on ENISA’s monitoring as well as through ENISA’s Cyber Partnership Programme by sharing accurate and timely information on ongoing incidents and threats and producing an in-depth technical regular report as per the provisions of Art. 7(6) of the CSA;
- Contributing to EU-level common situational awareness by providing relevant and timely information to EEAS, HWPCI, and all relevant EU stakeholders;
- Providing preparedness (ex-ante) and response support (ex-post) services to Union’s essential, important or critical entities.
ENISA’s activities provide guidance to the cybersecurity bodies of EU Member States on their crisis management, situational awareness, coordination and political decision-making capacities. The Agency serves as an information hub and empowers cooperation and coordination among the CSIRTs Network, the EU-CyCLONe and all other relevant EU institutions, bodies and agencies (e.g. CERT-EU, EEAS, EUROPOL) in times of large-scale incidents and crises. Areas of effort encompass:
- Preparedness and incident response capabilities;
- Maturity and capabilities of operational communities (including cooperation with law enforcement);
- Coordinated response and recovery to large scale cyber incidents and crises across different communities;
- The evolution of EU joint response by enabling the deployment of EU level proposals.
