News Item

Blue OLEx 2022 tests the Standard Operating Procedures of the EU CyCLONe

Organised by the Lithuanian Ministry of National Defence (MoND) together with the European Union Agency for Cybersecurity (ENISA) and the support of the Czech presidency, this year's edition of the Blue OLEx exercise tested the standard operating procedures of the EU Cyber Crisis Liaison Organisation Network Executives (CyCLONe).

Published on November 07, 2022

Hosted in the Lithuanian capital of Vilnius, the 4th Blue OLEx exercise took place physically on 7 November 2022 for the first time since the outbreak of the Covid-19 pandemic. The overarching goal of the exercise is to further contribute to the EU operational (i.e. CyCLONe‘s) level common coordination in case of a large-scale cyber incident/crisis.

This edition of the exercise is meant to serve as a base to facilitate the development of the standard operating procedures to be applicable to the EU CyCLONe network. The exercise will also focus on the horizontal interaction between Member States and EUIBAs and is performed in light of the upcoming implementation of the revision Directive on Network and Information Security Systems, known as the NIS2 Directive.

Executives from the national authorities in charge of cyber crisis management and/or cyber policy in the 25 Member States played in the exercise, which also included the participation of the European Commission. The EU Agency for Cybersecurity participates both as the exercise organiser and the secretariat of the EU CyCLONe empowering the network both in terms of tools and expertise.

The CyCLONe in a nutshell

The EU CyCLONe was launched in 2021 during the second BlueOLEx and will be formally established with the adoption of NIS2 directive to support the coordinated management of large-scale cybersecurity incidents and crises at operational level and to ensure the regular exchange of relevant information among Member States and Union institutions, bodies and agencies.

The EU CyCLONe functions at the “operational level”, which is the intermediate level between the technical and strategic/political levels.

The formal tasks under NISD2 are:

  • increasing the level of preparedness of the management of large-scale cybersecurity incidents and crises;
  • developing a shared situational awareness for large-scale cybersecurity incidents and crises;
  • assessing the consequences and impact of relevant large-scale cybersecurity incidents and crises and proposing possible mitigation measures;
  • coordinating the management of large-scale cybersecurity incidents and crises and supporting decision-making at political level in relation to such incidents and crises;
  • discussing national cybersecurity incident and crisis response plans.

What is the role of ENISA in operational cooperation?

By coordinating both the secretariat of the EU CyCLONe and the CSIRTs Network, ENISA aims to empower all actors involved in the EU to collaborate and respond to large scale cyber incidents and crises by providing the best tools and support:

  • Enhance and improve incident response capabilities and readiness across the Union through CSIRTs Network;
  • Enable effective European cybersecurity crisis management via CyCLONe;
  • Ensure coordination in cybersecurity crisis management among relevant EU institutions, bodies and agencies (e.g. CERT-EU, EEAS, EUROPOL);
  • Improve maturity and capacities of operational communities (CSIRTs Network, CyCLONe and EUIBAs) including cooperation with Law enforcement;
  • Contribute to preparedness, shared situational awareness and coordinated response and recovery to large scale cyber incidents and crises across different communities;
  • Backing the evolution of EU joint response supporting the development of EU wide proposals.


Blue OLEx is a high-level event organised each year by one Member State and supported by the European Union Agency for Cybersecurity, ENISA, in collaboration with the European Commission. It aims to test the EU preparedness in the event of a cyber-related crisis affecting the EU Member States and to strengthen the cooperation between the national cybersecurity authorities, the European Commission and ENISA.

Further information

Blue OLEx 2020: the European Union Member States launch the Cyber Crisis Liaison Organisation Network (CyCLONe) — ENISA (

ENISA plays an active role at the first of its kind cyber crisis exercise, Blue OLEx 2019 — ENISA (

Press Contact

For questions related to the press and interviews, please contact press (at)

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


This site uses cookies to offer you a better browsing experience.
Aside from essential cookies we also use tracking cookies for analytics.
Find out more on how we use cookies.

Accept all cookies Accept only essential cookies