EU incident response and cyber crisis management

Content

ENISA works together with EU Member States, the European Commission, and other agencies to prevent and respond effectively to cybersecurity incidents and crises.

The EU Agency for Cybersecurity (ENISA), works hands-on with the EU the Member States the European Commission and other Agencies, to help either prevent or effectively respond to cybersecurity incidents and crises. Within its policy remit, ENISA has been supporting the field of European cyber incident and crisis management for several years, with activities such as: daily operations of the CSIRTs Network and EU-CyCLONe, crisis simulations exercises, trainings, support to Member States in developing their crisis plans and structures, organisation of international conferences and studies.

ENISA is an actor in the context of the EU coordinated response to cyber security incidents crises, assisting the Union whenever required, notably in the framework of the Integrated Political Crisis Response (IPCR) arrangements. ENISA works closely with the Member States to develop EU-level cyber crisis management procedures to improve situational awareness in the event of cross-border cyber incidents. It also assists both national and European decision-makers in taking the most appropriate decisions.

In particular, ENISA supports the EU-level cyber crisis management by:

  • Enabling the operations of the EU CSIRTs Network and EU-CyCLONe by providing the Secretariat team, resources and expertise.
  • Providing the IT infrastructure and tools for ENISA stakeholders and in particular CSIRTs Network and EU-CyCLONe to securely exchange information about incidents and ongoing threats.
  • Contributing to the drafting and establishment of operational procedure to prepare and response to large-scale cross-border incidents and crisis  at Union level.
  • Building and running tailored exercise and trainings to support the test of procedure at European and National level in the context of cyber crisis management.
  • Contributing to Union common situational awareness based on ENISA’s monitoring as well as through ENISA’s Cyber Partnership Programme by sharing accurate and timely information on ongoing incidents and threats, and producing an in-depth technical regular report according to CSA Art 7(6).
  • Contributing to EU-level common situational awareness by providing relevant and timely information to EEAS, HWPCI, and all relevant EU stakeholders. 
  • Providing preparedness (ex-ante) and response support (ex-post) services to Union’s essential, important or critical entities.

ENISA’s activities provide guidance to cybersecurity bodies in Member States on their crisis management, situational awareness, coordination and political decision-making capacities. The Agency serves as an information hub and empowers cooperation and coordination among CSIRTs Network, EU-CyCLONe and all other relevant EU institutions, bodies and agencies (e.g. CERT-EU, EEAS, EUROPOL) in times of large-scale incidents and crises. Areas of effort encompass:

  • Preparedness and incident response capabilities
  • Maturity and capabilities of operational communities (including cooperation with law enforcement)
  • Coordinated response and recovery to large scale cyber incidents and crises across different communities
  • The evolution of EU joint response by enabling the deployment of EU level proposals
     

Related content

AI an opportunity for the EU cyber crisis blueprint - Report

December 16, 2024

On the 3rd and 4th of June 2019, ENISA organized in Athens, Greece, a conference on Artificial Intelligence in the EU cyber crisis blueprint context under the title ‘ Artificial Intelligence-An opportunity for the EU cyber-crisis management’.

Best_Practices_for_Cyber_Crisis_Management.png

Best Practices for Cyber Crisis Management

February 28, 2024

This study highlights the complexities behind the notion of cyber crisis and the degree of subjectivity it involves.

Cybersecurity Support Action

May 15, 2023

The ENISA Cybersecurity Support Action provides ex-post and ex-ante services and assistance to Member States' NIS2 Directive entities.

Sustained Activity by Threat Actors- Joint Publication

February 15, 2023

ENISA, the EU Agency for Cybersecurity, and CERT-EU, the Computer Emergency Response Team of all the EU institutions, bodies and agencies (EUIBAs), have issued a joint publication to alert on sustained activity by particular threat actors.

BROWSE ALL PUBLICATIONS

16th EU-CyCLONe Officers meeting

2024 Aug 07

24th CSIRTs Network Meeting

2024 Aug 06

23rd CSIRTs Network Meeting

2024 Apr 30

EU-CyCLONe Executives meeting

2024 Apr 30

BROWSE ALL EVENTS

BlueOLEx 2024 exercise: EU-CyCLONe test its cyber crisis response preparedness

Press Release November 08, 2024

In light of the NIS2 era, this year’s edition of the BlueOlex built upon the scenario of Cyber Europe 2024 and tested the executive layer of cooperation in the EU ecosystem.

Cyber Europe tests the EU Cyber Preparedness in the Energy Sector

Press Release June 20, 2024

The 7th edition of Cyber Europe, one of the largest cybersecurity exercises in Europe, organised by the European Union Agency for Cybersecurity (ENISA) challenged the resilience of the EU energy sector.

Geopolitics Accelerates Need For Stronger Cyber Crisis Management

Press Release February 28, 2024

ENISA publishes a study on ‘Best Practices for Cyber Crisis Management’ that assists in preparation for crisis management. The study was conducted for the EU Cyber Crisis Liaison Organisation Network (CyCLONe) and is now available publicly.

CSIRT - Law Enforcement Cooperation Workshop - 10 Years of Joint Efforts against Cybercrime

News Item October 19, 2021

The European Union Agency for Cybersecurity, (ENISA) and Europol’s European Cybercrime Centre (EC3) organised the 10th Annual Workshop for CSIRTs and law enforcement.

BROWSE ALL NEWS

CSIRT Maturity - Self-assessment Tool

This tool helps CSIRTs to self-assess their team’s maturity in terms of 44 parameters of the SIM3 model. SIM3 is also at the base of TI certification scheme under the TF-CSIRT and considered by FIRST for membership process. For several parameters…

CSIRTs by Country - Interactive Map

The European CSIRT Inventory gives an overview of the actual situation concerning CSIRT teams in Europe. It provides a list of publicly listed incident response teams that can be visualised by the interactive mapping tool. This tool allows the…

BROWSE ALL TOOLS