BlueOLEx 2025: Testing the Capabilities of EU Crisis Management Executives

Back to News

News Item Nov 04,2025

Driven by the revised Cyber Blueprint released earlier this year and inspired by a real-life scenario, the new edition of BlueOLEx evaluated the executive level of EU cooperation in case of large-scale cybersecurity incidents and crises.

The event, organised today by ENISA, was hosted in Cyprus by the Office of the Commissioner of Communications and ICT Academy, under the Danish Presidency of the Council of the European Union. 

Henna Virkkunen, Executive Vice-President for Tech Sovereignty, Security and Democracy, said: "When it comes to cybersecurity, we have to expect the unexpected and be ready to work together in the face of common threats. BlueOLEx is an opportunity to see how our crisis management procedures should work in lockstep at EU and national level."

George Michaelides, Commissioner of Communications, said: “Hosting BlueOLEx 2025 in Cyprus is both a privilege and a strong statement of our commitment for enforcing cyber resilience across Europe. For a smaller Member State like ours, hosting such a high-level exercise demonstrates that effective cybersecurity depends not on size, but on solidarity, coordination, and shared purpose. It’s about working together and being ready to act as one team when it matters. BlueOLEx 2025 offers a unique opportunity where national executives, ENISA, and the European Commission come together to test how we all respond, communicate, and coordinate under the pressure of a complex cyber crisis.

The EU Agency for Cybersecurity Executive Director, Juhan Lepassaar, said: “If we want to effectively adapt to the fast-evolving cyber threat landscape, crisis management can only benefit from a regular assessment of processes and of the cooperation among EU Member States. Because it allows EU national authorities to reflect on their modus operandi, BlueOLEx is an essential EU exercise as it encourages the coordination of efforts to maintain a high-level of crisis preparedness and capabilities among EU Member States.

This exercise strengthens the trust and operational cohesion that lie at the heart of the EU-CyCLONe network and ensures that when a large-scale incident occurs, Europe can act as one. It also feeds directly into the ambitions of the Cyber Blueprint 2025, transforming lessons learned into tangible improvements for Europe’s crisis management framework. Cyprus is proud to host this year’s exercise, contributing to a more united, better-prepared, and forward-looking European cyber community.”

Designed for the European Cyber Crisis Liaison organisation network, referred to as the EU-CyCLONe, BlueOLEx is an executive-level exercise. It is meant to assess and enhance cooperation among cybersecurity crisis management executives and directors across the EU. The event therefore convened the high-level executives of the EU Members States’ competent authorities responsible for cyber crisis management and/or cyber policy, the European Commission and the EU Agency for Cybersecurity. 

The insights gained will contribute to the ongoing discussions surrounding the implementation of the Cyber Blueprint 2025 which purpose is to further improve and develop a coordinated response to large-scale cybersecurity incidents and crises.
The strategic discussions focused on the role of executives in shaping a coherent framework for crisis management at EU level and on measures they can take to achieve that goal.

Executives met with the ENISA Cyber Partnership Programme on the day before the event to exchange views how public-private cooperation can be improved.

EU CyCLONe: Composition and objectives

The European Cyber Crisis Liaison organisation network (EU-CyCLONe), is a cooperation network for EU Member States national authorities in charge of cyber crisis management. Network members collaborate and develop information sharing and situational awareness based on the daily operations. Vested by NIS2 as the EU-CyCLONe Secretariat, ENISA provides support and tools to the network which is chaired in turns by the Presidency of the Council of the EU. The EU- CyCLONe cooperates, together with the European Commission in case of large-scale cybersecurity incidents likely to have a significant impact on services and activities falling into the scope of the NIS2 Directive.

ENISA Cyber Exercises

ENISA supports the organisation of exercises for EU CyCLONe members, such as CySOPex for officers and BlueOLEx for executives. The aim of these exercises is to identify improvements and potential gaps in the standardised way of responding to incidents and crises (i.e. Standard Operating Procedures), train on situational awareness and information sharing processes. Since 2019, EU CyCLONe Members test their capabilities on an annual basis with BlueOLEx and, since 2021, with CySOPex, while also participate in the biennial Cyber Europe exercise, alongside the CSIRTs Network.
 

Photo of the BlueOlex Participants

Contact

For press questions and interviews, please contact:
press@enisa.europa.eu.

Access to the press office

Related topics

Content written for: National / EU authorities

Related content

Best_Practices_for_Cyber_Crisis_Management.png

Best Practices for Cyber Crisis Management

This study highlights the complexities behind the notion of cyber crisis and the degree of subjectivity it involves.

Cybersecurity Support Action

The ENISA Cybersecurity Support Action provides ex-post and ex-ante services and assistance to Member States' NIS2 Directive entities.

Sustained Activity by Threat Actors- Joint Publication

ENISA, the EU Agency for Cybersecurity, and CERT-EU, the Computer Emergency Response Team of all the EU institutions, bodies and agencies (EUIBAs), have issued a joint publication to alert on sustained activity by particular threat actors.

2021 Report on CSIRT-Law Enforcement Cooperation

The purpose of this report is to further explore and support the cooperation between computer security incident response teams (CSIRTs), in particular national and governmental CSIRTs, and Law enforcement agencies (LEAs) and their interactions with the Ju

BROWSE ALL PUBLICATIONS

23rd CSIRTs Network Meeting

2024 May 22

EU-CyCLONe Executives meeting

2024 May 22

24th CSIRTs Network Meeting

2024 Sep 23

26th CSIRTs Network Meeting

2025 May 12

BROWSE ALL EVENTS

ENISA to operate the EU Cybersecurity Reserve with EUR 36 million

Press Release

The European Union Agency for Cybersecurity (ENISA) and the European Commission signed a contribution agreement, through which the Commission entrusts ENISA with the administration and operation of the EU Cybersecurity Reserve, and provides ENISA with

Joint Statement on SharePoint vulnerabilities - Assessment and advice on recovery and mitigating actions

News Item

The European Commission, the EU Agency for Cybersecurity (ENISA), the Cybersecurity Service for the Union institutions, bodies, offices and agencies (CERT-EU), and the network of the EU CSIRTs, are closely following the

New Cyber Blueprint to Scale Up the EU Cybersecurity Crisis Management

Press Release

The revised Blueprint for cybersecurity crisis management was adopted today by the Council of the EU.

BlueOLEx 2024 exercise: EU-CyCLONe test its cyber crisis response preparedness

Press Release

In light of the NIS2 era, this year’s edition of the BlueOlex built upon the scenario of Cyber Europe 2024 and tested the executive layer of cooperation in the EU ecosystem.

BROWSE ALL NEWS

CSIRTs by Country - Interactive Map

The European CSIRT Inventory gives an overview of the actual situation concerning CSIRT teams in Europe. It provides a list of publicly listed incident response teams that can be visualised by the interactive mapping tool. This tool allows the…

BROWSE ALL TOOLS