ENISA Cyber Europe 2014 - After Action Report

ENISA's After Action Report of the pan-European cybersecurity exercise Cyber Europe 2014 (CE2014) was approved by the EU Member States and gives a high-level overview of the complex cybersecurity exercise that was carried out in 2014. The full after action report includes an engaging action plan which ENISA and Member States are committed to implement.

Quelle: www.enisa.europa.euCyber Europe 2014 After Action Report PUBLIC.pdf  

Executive Summary

 

Cyber Europe offers to 32 different countries, Member States of the European Union (EU) and the European Free Trade Association, hereafter collectively referred to as the Member States (MS), the possibility to engage in cooperation activities at various levels with the shared objective to mitigate jointly large-scale cybersecurity incidents. The EU Standard Operational Procedures (EU-SOPs), used to support these cooperation activities, provide Member States with guidelines which they can use in the face of large-scale cybersecurity incidents.

The main goal of Cyber Europe 2014 was to train Member States to cooperate during a cyber crisis . The exercise also aimed at providing an opportunity to Member States to test national capabilities, including the level of cybersecurity expertise and national contingency plans, involving both public and private sector organisations. In order to address the different layers of cyber crisis management, Cyber Europe 2014 was divided in three escalating phases, spread over 2014 and early 2015.

The exercise was a success, for it allowed ENISA to draw numerous lessons, recommendations and concrete actions, which will help to enhance cyber crisis preparedness in Europe. The common ability to mitigate large scale cybersecurity incidents in Europe has progressed significantly since 2010 when the first Cyber Europe exercise was organised. In particular, Cyber Europe 2014 has shown how valuable it is to share information from many different countries in real-time in order to facilitate high-level situation awareness and swift decision-making. Nevertheless, such processes are unprecedented in real-life and hence requires primarily capability development and possibly also policy guidance from both the Member States as well as the EU Institutions and Agencies.

It is crucial that Member States continue to rely upon and improve multilateral cooperation mechanisms, which complement the bilateral and regional relations they have with trusted partners. The EU-SOPs, which are meant to support the former, will be further improved to better take into account the evolving cybersecurity policy context in Europe. In addition, experience gathered throughout this exercise and the previous ones will strongly guide the development of future EU cyber cooperation instruments and exercises.

The full after action report includes an engaging action plan which ENISA and Member States are committed to implement.