Practices and Challenges in National Risk Assessment and Cyber Crisis Cooperation

Ref. Code P/25/12/TCD

Deadline: Jan 25, 2013

This project is related to the area of cyber crisis management, cyber contingency plans, cyber crisis cooperation and cyber exercises.The Tender is divided into two LOTS. You may bid for one or both LOTS.

LOT 1 – Study on National-level Risk Assessment and Threat Modelling for Critical Information Infrastructures

Critical Information Infrastructures (CII) are vulnerable to a variety of disruptions of a diverse impact. Many CII vulnerabilities may be  reduced or eliminated through technical, management, or operational measures as part of the risk management effort. However, it is nearly impossible to completely eliminate all risks. Thus effective contingency planning, execution, and testing are essential to mitigate the risk of system and service unavailability. In this study we would like to deepen the existing work of ENISA on the National Contingency Plans (NCPs), by focusing on a specific part of the NCP lifecycle, namely the National-level Risk Assessment and Threat Modelling for CIIs by developing the relevant good practice guide/methodology with emphasis on the ‘how-to’ that would help Member States to further improve their national contingency planning and their national risk assessment for CII.

LOT 2 – Cyber Crisis Cooperation report and Conference

ENISA organised the 1st International Conferenceon Cyber Crisis Cooperation in 2012, focussing on the cyber crisis cooperation topic of Cyber Exercises and published its findings as a report. In 2013 ENISA will organise the 2nd International Conference on Cyber Crisis Cooperation, with a focus on other cyber crisis cooperation topics, such as information gathering and common situational awareness, escalation processes and procedures, the cyber crisis management in the general crisis management context, cross-country cyber exercises, means and tools of information exchange and communication etc. The findings from the conference will be complemented by a state of the art survey and analysis and will be published as a report explaining the major topics on cross-country cyber crisis cooperation, the challenges and recommendations for future work in each area.