The Network and Information Security (NIS) Directive has already established a framework for voluntary cooperation at the technical level between Member States through the CSIRTs network, which was efficiently tested during the Cyber Europe 2018 exercise.
In 2017, the European Commission also adopted a recommendation – called Blueprint. It proposes that Member States and the European institutions agree on European cooperation and exchange procedures for the management of major incidents and cyber crises. Three levels of crisis management are thus identified: political, operational, technical. Member States then called in June 2018 for the establishment of a European framework for cooperation in the management of cyber crises, respecting their sovereign prerogatives.
That is why France has proposed, jointly with Spain, to bring together the different stakeholders in a new format: a table-top exercise gathering the national cybersecurity authorities of the EU Member States’ heads, the European Commission and ENISA.
On the basis of several short scenarios, Guillaume Poupard, Director General of ANSSI, and his European counterparts will think, in Paris, July 3, 2019, about the mechanisms that could be implemented to efficiently manage a cyber crisis affecting the EU Member States.
This exercise will document the operational level of the European cyber crisis response’s framework. This intermediate level makes it possible to organize the political decision in such a context, while making the connection with the technical work carried out by the national incidents response’s teams, in cooperation with the CERT-EU and ENISA. These exchanges and the feedback will feed the drafting, in the coming months, of European cooperation and exchange procedures, which complete the procedures already in place at the technical and political levels.
“The Blue OLEx 2019 exercise illustrates the Member States’ engagement to define efficient and voluntary cooperation and exchange procedures, to collectively manage cyber-related crisis situations impacting European countries” said Guillaume Poupard, Director General of ANSSI.
This innovative exercise will also open the debate between Member States, the European Commission and ENISA on the current and future European cybersecurity challenges.