Best practices for cyber crisis management

This study highlights the complexities behind the notion of cyber crisis and the degree of subjectivity it involves. The elevation of a large-scale cyber incident into a cyber crisis relies predominantly on a political decision, and depends largely on the level of risk that EU Member States (MS) are prepared to tolerate (i.e. ‘risk appetite’).

Differences in interpretation of what constitutes a cyber crisis between MS pose challenges at the EU level. The definition of cyber crisis is important as it directly influences the way the crisis is managed. In the meantime, identifying the causes, nature and impact of a cyber crisis can facilitate the assessment of the crisis and its severity, and influence the selection and adoption of appropriate measures for cyber crisis management.

The management of a cyber crisis involves a variety of actors at the organisational or corporate, sectoral, regional, national and EU levels. A cyber crisis is managed at the strategic, operational and technical levels, with the operational level playing a key role in bridging the gap between the other two, ensuring that information is shared at all levels and enhancing cooperation and coordination between all relevant stakeholders. In addition, cyber crisis management frameworks are part and parcel of general crisis management frameworks. As a result, the EU has a complex ecosystem of cyber security actors, structures and mechanisms, with a ‘highly complex and interwoven system of actors, structures and processes operating in the cyber domain’, mainly because cyber crises are often transboundary by nature.

While the EU has developed a crisis management framework specifically dedicated to the management of cyber crises – including through the Blueprint for coordinated response to large-scale cross-border cybersecurity incidents and crises (2017) (Blueprint) (1), the cybersecurity Act (2019) (2) or the network and information security (NIS) directive (2016) (3) – the NIS 2 directive (NIS2) (4) has the strongest impact on cyber crisis management at the strategic, operational and technical levels in the EU. At the operational level, it will consolidate ENISA’s support to MS (5 ) in cyber crisis management, introduce new obligations for MS and assert the EU-Cyber Crises Liaison Organisation Network (EU-CyCLONe) as the
key player in cyber crisis management. NIS2 enables a more coordinated approach through greater cooperation between MS and relevant EU institutions, bodies and agencies (EUIBAs).

In this study, cyber crisis management at the operational level in the EU is analysed around the four phases of the cyber crisis management cycle, namely prevention, preparedness, response and recovery, which should be framed by an all-hazards approach, given that threats can have many different origins.

Downlaod BEST PRACTICES FOR CYBER CRISIS MANAGEMENT

Source : © European Union Agency for Cybersecurity (ENISA), 2024