EU, ENISA, member states join forces on Blue OLEx ’23 tabletop exercises to boost cybersecurity preparedness

The European Commission, in collaboration with member states, stages an extensive cyberattack simulation to bolster readiness and preparedness. Senior cybersecurity representatives from EU member states, the Commission, and the EU Agency for Cybersecurity (ENISA) are taking part in a two-day ‘Blueprint Operational Level Exercise’, or Blue OLEx 2023, to test EU preparedness in the event of a cyber-related crisis. Together with the European Commission under the Spanish Presidency of the EU Council, the ENISA co-organized and co-hosted the Blue OLEx tabletop cyber exercise in the Hague, Netherlands.

Blue OLEx ‘23 tested the EU preparedness in the event of a cyber-related crisis affecting the EU member states and strengthened the cooperation between the national cybersecurity authorities, the European Commission, and ENISA. The aim of the exercise is to build a stronger relationship among the cybersecurity community participating in the exercise, increase situational awareness, and share best practices. It also sets the scene for a high-level political discussion, on cyber policy issues, in particular, shaping a coherent framework for crisis management at the EU level.

The latest edition of the exercise gathered high-level executives of the 27 member states’ competent authorities in charge of cyber crisis management and/or cyber policy, the European Commission, and the ENISA. It was the opportunity for them to exercise the interaction between the new network and the EU political level and strengthen trust and collaboration which is key for joint response.

The exercise is organized within the framework of the European Cyber Crisis Liaison Organisation Network, or ‘EU-CyCLONe,’ which contributes to the implementation of the Commission’s blueprint for rapid emergency response in case of a large-scale cross-border cyber incident or crisis. It complements the existing cybersecurity structures at the EU level by linking the cooperation at a technical level, through the Computer Security Incident Response Team, and the political level, for example, through the Integrated Political Crisis Response. The latter facilitates swift and coordinated decision-making at the political level in response to major and intricate crises.

Furthermore, the participants will discuss strategic cyber policy issues, in particular, how to shape a coherent framework for crisis management at the EU level.

”Cyber crises have no borders and the EU must continue strengthening its capacities especially when it comes to cyber crisis management,” Roberto Viola, director general for Communications Networks, Content and Technology (CNECT), said in an ENISA media statement. “I am pleased that the EU-CyCLONe, combining EU and Member States capabilities, is testing its resilience and how to act in the case of cyberattacks and large-scale cyber incidents. A stronger cyber response makes the EU a safer continent.”

Juhan Lepassaar, executive director of the ENISA, said that the EU CyCLONe is an invaluable asset. “Only a stronger cyber crisis coordination will allow us to best mitigate future large-scale incidents and cross-border crises in the EU.”

“Crisis management has been a priority for Spain for years. I would like to remember that the origin of CyCLONe was set up in our country, with the celebration of a Seminar in 2019 in Madrid on Large-scale cyber incidents and crisis,” according to the chair of the EU-CyCLONe Network (Spain). “The first conclusion was the need to set up an Exercise (Blue OLEx) to develop the operational layer. These exercise series allow to test EU preparedness in the event of a cyber-related crisis affecting the EU Member States for strengthening the cooperation between all relevant actors.” 

The chair added that the “2023 BlueOlex edition, has again showed us the strong commitment that all Member States, European Commission, and ENISA have against threats and challenges that, for sure, we will face in a near future to guarantee a more cyber secure and resilient Europe.”

Launched in 2020, the EU CyCLONe network was formally established by the Directive on measures for a high common level of cybersecurity across the Union (NIS2 Directive) in January 2023. The network collaborates and develops information sharing and situational awareness based on the support and tools provided by ENISA, also acting as the CyCLONe Secretariat. The network is chaired in turns by a representative from the Presidency of the Council of the EU.

Formed by the representatives of Member States’ cyber crisis management authorities, the EU CyCLONe intervenes together with the European Commission in case of large-scale cybersecurity incidents likely to have a significant impact on services and activities falling into the scope of the NIS2 directive.

The EU Cybersecurity Strategy and new rules aim to make physical and digital critical entities more resilient. The initiative led to driving norms for ‘world-class’ solutions and standards of cybersecurity for essential services and critical infrastructures, as well as driving the development and application of new technologies. Governments, businesses, and citizens will all share a responsibility in ensuring a cyber-secure digital transformation.

The strategy aims to ensure a global and open Internet with safeguards where there are risks to security and the fundamental rights of people in Europe. Following the progress achieved under the previous strategies, it contains concrete proposals for deploying three principal instruments. The three instruments are regulatory, investment, and policy initiatives to address three areas of EU action. These include bolstering resilience, asserting technological sovereignty and leadership, enhancing operational capacity for prevention, deterrence, and response, as well as fostering cooperation to promote a global and open cyberspace.

ENISA also supports the organization of exercises for EU CyCLONe members, such as CySOPex (played by officers) and as in this case Blue OLEx (played by executives). These exercises aim to identify improvements and potential gaps in the standardized way of responding to incidents and crises (i.e. Standard Operating Procedures) and train on situational awareness, and information-sharing processes. 

EU CyCLONe members also participated in Cyber Europe 2022, and are gearing up for CySOPex 2023 and Cyber Europe 2024.

Anna Ribeiro

Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.