Powered by the EU Agency for Cybersecurity, the 8th edition of the Cyber Europe exercise took place on 10-11 June, with the goal of enhancing cyber preparedness and ensuring continuity of essential services while protecting European rail and maritime networks.
The two-day exercise simulated realistic large-scale cybersecurity incidents that escalated to cyber crises affecting EU’s interconnected transportation systems. Participants needed to analyse advanced technical cybersecurity incidents, while dealing with the pressure generated by complex scenarios, inspired by real-case events and threats. Central to their efforts was the effective sharing of relevant information with the right stakeholders and peers, contributing to an adequate level of situational awareness at technical, operational and political level. To bring this year's edition to life, ENISA collaborated with over 100 leading cybersecurity experts from national cybersecurity agencies, EU and EFTA's public and private sectors, as well as from EU Entities, bringing together over 5000 participants.
Henna Virkkunen, Executive Vice-President for Tech Sovereignty, Security, and Democracy, said: “Transport is essential to our economy and daily lives, but it is also a target for cyber threats. When ports or railways are hit, effects can reach far beyond transport, disrupting trade, military mobility and crisis response. As hybrid threats blur the line between civilian and military infrastructure, preparedness is not optional. Cyber threats cross borders in seconds. Europe must be able to act just as fast, together with its closest partners.”
ENISA Executive Director, Juhan Lepassaar, said: “Cyber dependencies across Europe’s critical infrastructure is our operational reality. Our interconnected systems that drive our economies and societies also expose us to common threats, thus cybersecurity is a shared responsibility. Cyber Europe is where we work together to build our preparedness and response to be ready when crisis hits.”
The transport sector holds a vital socioeconomic role amidst the current geopolitical situation. According to ENISA Threat Landscape findings, transport has been in the top-five most target sectors for the past two years. Both the rail and maritime subsectors are inherently complex environments composed of many different stakeholders. They exhibit comparable levels of digitalisation and share a common challenge: integrating legacy Operational Technology (OT) with modern systems without compromising strict safety and reliability standards. Their dependence on supply chains and third-party providers contributes to their overall exposure to cyber threats, while their increasing role in military logistics raises their strategic importance and potential attractiveness as targets. The ENISA NIS360 report revealed that both sectors are in the risk zone, with lower-than-average cybersecurity maturity and criticality that exceeds their maturity.
What happened in Cyber Europe: A glimpse of the scenario
Critical maritime and railway infrastructures across Europe were simultaneously targeted in a coordinated cyberattack, causing severe operational disruptions. Port logistics and navigation systems were compromised, leading to cargo movements being halted and safety risks such as near-collision incidents. At the same time, direct interference hit railway networks, causing cross-border trains to freeze and thousands of commuters and supplies to be delayed. Adding to the challenges, transport authorities and ticketing services were the target of a ransomware attack which paralysed administrative and passenger service operations. The attack exposed sensitive passenger and emergency information, fuelling hacktivist disinformation in social media.
Testing the EU Cybersecurity Blueprint and Cybersecurity Reserve
The evolution of the cybersecurity threat landscape coupled with geopolitics, accelerated the need for stronger cyber crisis management. This year's edition put the EU Cyber Blueprint to the test, as coordinated action was needed at the technical, operational, and political levels to respond in times of crisis. The revised Blueprint for cybersecurity crisis management was adopted in June 2025, aiming to strengthen the response to large scale incidents and crisis in the EU.
For the first time, the EU Cybersecurity Reserve was also tested under the umbrella of Cyber Europe. The Reserve mechanism was set in motion through a scenario, where players were expected to follow ENISA’s Standard Operating Procedure for activating cybersecurity incident response under the EU Cybersecurity Reserve. Foreseen in Article 14 of the EU Cyber Solidarity Act, the Reserve it is operated by ENISA and consists of incident response services from trusted managed security service providers.
What comes next
Rather than isolated events, exercises should be seen as part of a continuous cycle of building preparedness, enhancing skills and capabilities, and strengthening response in an evolving cybersecurity landscape. Following ENISA’s Cybersecurity Exercise Methodology, an evaluation and analysis will be carried out to obtain insights and identify weaknesses. The findings arising from this process will be consolidated in the After-Action reports that aims to highlight lessons learned and provide guidance for improvements towards strengthening our preparedness and response processes.
Contact
For press questions and interviews, please contact: press@enisa.europa.eu.
Content written for: National / EU authorities | Private Sector
