Europe’s telecoms ministers have adopted an EU Blueprint for cyber crisis management, which gives guidance for the EU’s response to large-scale cybersecurity incidents or cyber crises.
“The EU Blueprint for cyber crisis management clarifies how member states can detect, respond to, recover and learn from large-scale cybersecurity incidents and cyber crises that could affect the whole EU,” said Poland deputy prime minister Krzysztof Gawkowski, for the EU presidency.
The blueprint is a key guideline for EU member states to enhance preparedness, detection capabilities and response to cyber security incidents, and takes on board recently adopted legislation such as the NIS2 directive and the Cyber Solidarity Act.
The EU Cyber Blueprint aims to tackle an increasingly complex cyber threat landscape by strengthening existing EU networks, fostering cooperation between member states.
An increasingly interconnected and digital society increases the risks of cybersecurity incidents and cyberattacks. Hybrid campaigns and cyberattacks can directly affect the EU’s security, economy and society.
While member states have the primary responsibility in managing cybersecurity incidents and cyber crises, large-scale incidents could cause such a level of disruption that it exceeds a member state’s capacity to respond, or they can have an impact on several member states.
As such an incident could evolve into a fully-fledged crisis, affecting the functioning of the EU’s internal market or posing serious public security and safety risks, cooperation at technical, operational and political level is seen as essential for effective crisis management for this kind of incidents.
The EU Cyber Blueprint provides a clear explanation for when the crisis framework should be triggered and what the roles of relevant E U-level networks, its actors and mechanisms are (such as ENISA, the EU’s Agency for Cybersecurity or EU-CyCLONe, the European cyber crisis liaison organisation network). The text also points to the importance of coordination of public communication before, during and after crisis incidents.
The EU Cyber Blueprint highlights the importance of civilian-military cooperation in the context of cyber-crisis management, including with NATO, through enhanced information-sharing mechanisms where possible and when needed.
Finally, the EU Cyber Blueprint also contains chapters on recovery, while trying to enhance the exchange of lessons learned between member states.
