Press Release

Blue OLEx 2021 : Testing the Response to Large Cyber Incidents

Together with the Romanian National Cyber Security Directorate, the European Union Agency for Cybersecurity organised the third Blue OLEx exercise to test the operating procedures for the EU Cyber Crisis Liaison Organisation Network (CyCLONe).

Published on October 12, 2021

The Blue OLEx exercise of 12th October was designed to test the Standard Operating Procedures (SOP) of the EU CyCLONe at executive level in case of a large-scale cross-border cyber crisis or incident affecting EU citizens and businesses. Organised by the Romanian National Cyber Security Directorate with the support of the EU Agency for Cybersecurity (ENISA), the event took place in Bucharest as well as online.

Executive Director, Juhan Lepassaar stated that “The Blue OLEx exercise is the opportunity for a practical assessment of and possible improvements to the standard operating processes to be followed in case of a cyber crisis. The European Union Agency for Cybersecurity supports EU Member States in their efforts to test and strengthen the efficiency of the procedures to be implemented should large-scale cross-border incidents occur.”

Blue OLEx 2021: Key Takeaways

This third edition of the table-top Blueprint Operational Level Exercise (Blue OLEx) marks the first anniversary of operation of the Cyber Crisis Liaison Organisation Network (CyCLONe).

This is also the first year that the same scenario is tested at technical and operational levels:

  • At the technical level with CySOPEx 2021, by the CSIRTs Network, the network of EU Member States’ appointed CSIRTs and CERT-EU established by the NIS Directive;
  • At the operational level, where CyCLONE operates, with both
    • CySOPex 2021, the exercise tailored for the CyCLONe Officers and;
    • BlueOlex 2021 the exercise tailored for the high-level actors of national cybersecurity authorities.

Role of the EU CyCLONe in Blue OLEx 2021

The Cyber Crisis Liaison Organisation Network (CyCLONe) is a cooperation network for Member States national authorities in charge of cyber crisis management to collaborate and develop timely information sharing and situational awareness based on tools and support provided by the EU Agency for Cybersecurity, which serves as the CyCLONe Secretariat.

The objective of the CyCLONe’s is to contribute to the implementation of the European Commission's Blueprint for rapid emergency response in case of a large-scale cross-border cyber incident or crisis.

The results of the Blue OLEx 2021 will therefore feed into developing and enhancing the standard operating procedures of the EU CyCLONe and help shape the future response to large-scale cross-border cyber incident or crisis in the EU.

Objectives of the Blue OLEx 2021

The exercise tests the role of the high-level actors in the Standard Operating Procedures (SOP) of the EU CyCLONe, and to:

  • improve on situational awareness and information sharing processes based on results;
  • develop roles and responsibilities of the CyCLONe both at high-level actors and officer’s levels;
  • identify improvements and/or potential gaps in the standardised way of responding to incidents and crises (namely CyCLONe Standard Operating Procedures);
  • enhance the relationship among the members of the cybersecurity high-level actors of national cybersecurity authorities of CyCLONe to strengthen coordination in case of large-scale cross-border cyber incident or crisis affecting EU citizens and businesses.

Who was involved?

The event gathered high level actors from the competent authorities in charge of cyber crisis management and/or cyber policy of 22 Member States. It also included the participation of the European Commission. The EU Agency for Cybersecurity participates both as exercise organiser and as the secretariat of the EU CyCLONe.

The CyCLONe in a nutshell

The EU CyCLONe was launched in 2020 during the 2nd edition of the BlueOLEx.

The goals of EU CyCLONe are to:

  • establish a network to enabling the cooperation of the appointed national agencies and authorities in charge of cyber crisis management;
  • provide the missing link between the EU CSIRTs Network (technical level) and the EU political level.

Considering the importance of the network within the EU cybersecurity landscape, the European Commission proposal for the revised NIS Directive includes a provision for the formal establishment of the European Cyber Crises Liaison Organisation Network (EU CyCLONe).

The role of Romania in the EU CyCLONe initiative

A first BLUE OLEx pilot-exercise was organised in Paris in 2019 following the initiative of France and Spain, respectively, within the NIS Cooperation Group. Romania strongly supported this initiative during the EU Presidency. This year, the execise is hosted by the recently established Romanian National Cyber Security Directorate.

What is the role of ENISA in operational cooperation?

By coordinating both the secretariat of the EU CyCLONe and the CSIRTs Network, ENISA means to synchronise the technical and operational levels and all actors involved in the EU to collaborate and respond to large-scale incidents and crises by providing the best tools and support by:

  • Enabling operation and information exchange by resorting to infrastructure, tools and expertise;
  • Acting as a facilitator (switchboard) between the different networks, the technical and operational communities as well as decision makers responsible for crisis management;
  • Providing the infrastructure and support for exercises and training sessions.

Background

Blue OLEx is a high-level event organised each year by one Member State and supported by the European Union Agency for Cybersecurity, ENISA, in collaboration with the European Commission. It aims to test the EU preparedness in the event of a cyber-related crisis affecting the EU Member States and to strengthen the cooperation between the national cybersecurity authorities, the European Commission and ENISA.

Further Information

Blue OLEx 2020: the European Union Member States launch the Cyber Crisis Liaison Organisation Network (CyCLONe)

ENISA plays an active role at the first of its kind cyber crisis exercise, Blue OLEx 2019

4th CyCLONe Officers Meeting

Press Contact

For questions related to the press and interviews, please contact press (at) enisa.europa.eu.

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

This site uses cookies to offer you a better browsing experience.
Aside from essential cookies we also use tracking cookies for analytics.
Find out more on how we use cookies.

Accept all cookies Accept only essential cookies