Exercises enable competent authorities to target specific weaknesses, increase cooperation across the sector, identify interdependencies, stimulate improvements in continuity planning, and generate a culture of cooperative effort to boost resilience.
On 2009, ENISA, in its effort to support EU Member State authorities to enhance the resilience of critical information infrastructure, developed a good practice guide on planning and conducting national exercises.
The guide was prepared by surveying (questionnaire) and interviewing public authorities, network operators, IT industry players, and network security experts about their experiences, expertise, and recommendations for effective practices in planning and executing exercises. In parallel to the survey and interviews, secondary research was conducted to identify exercises and practices in the critical information infrastructure sector on other regions of the world.
The guide aims to support authorities that do not have significant experience in planning and executing exercises. The guide helps authorities to identify and develop the skills needed to select measures and processes to be tested, plan, execute and evaluate interdependencies focused exercises themselves and use this experience gained by the stakeholders to improve their measures and processes. These skills could potentially help these authorities to participate in pan-European exercises in this sector.
In this light, on 2010 ENISA launched the project "Seminars on Conducting National Exercises on CIIP". After request from the Member States ENISA experts conduct seminars, sharing information and knowledge on how to plan, organize and conduct national exercises. In this way ENISA is supporting Member States to conduct national exercises on CIIP, realizing the CIIP COmmunication Plan stating that “The Commission invites Member States to organize regular exercises for large scale networks security incident response and disaster recovery...”.