EU Member States adopted today the Council Recommendation for an EU Blueprint on cyber crisis management to strengthen the response to large scale incidents and crisis in the EU.
The necessity for a revised cyber crisis management Blueprint was driven by the evolution of the cybersecurity threat landscape where geopolitics accelerated the need for stronger cyber crisis management as anticipated in an ENISA report and as outlined in the EU’s first ever report on the State of Cybersecurity in the Union.
Subsequently, if we want to effectively prepare and respond to cyber crises of much higher complexity than ever before, cybersecurity crisis management processes need to take all such new parameters into account.
The situation therefore called for a review of processes already in place and for new mechanisms to be adopted in order to strengthen the Union capacities in cyber crises management. The Commission presented a proposal on 24 February 2025 to ensure an effective and efficient response to large-scale cyber incidents. The EU Member States in record speed adopted the Council Recommendation for an EU Blueprint on cyber crisis management during the Formal meeting of the Transport, Telecommunications and Energy Council.
Henna Virkkunen, Executive Vice-President for Tech Sovereignty, Security and Democracy, said: “I welcome today’s adoption of the Cyber Blueprint. In crisis situations, there is no room for improvisation, especially in today’s rapidly evolving and uncertain geopolitical environment. It is a key component of our Union Preparedness Strategy. It serves as a practical tool for Member States and EU bodies to work together to prepare for and respond to a cyber crisis that could affect our critical infrastructure and public security.”
ENISA would like to thank and congratulate the Polish Presidency chairing the Horizontal Working Party on Cyber Issues of the Council of the EU for the work done to make the revised Blueprint a reality.
Katarzyna Prusak-Gorniak, Chair of the Horizontal Working Party on Cyber Issues of the Council of the EU said: “EU Cyber Blueprint puts in place a framework to effectively respond to a cyber crisis at the EU level and enables CSIRT Network together with the EU-CyCLONe, powered by ENISA, to further strengthen cooperation.»
The EU Agency for Cybersecurity Executive Director, Juhan Lepassaar, declared: “With a cyber threat landscape continually evolving, the revision of the cybersecurity Blueprint came at just the right time. With years of effective support to cyber crises management to its name, ENISA has been an active enabler for the cyber crisis community in the EU. Strengthening our cooperative efforts is how we will be able to further secure our digital economy and society.”
Following the provisions of its mandate, ENISA has been supporting European cyber incident and crisis management for years with the daily operations of the CSIRTs Network and of the EU-CyCLONe, with situational awareness, annual crisis simulation exercises and dedicated trainings. The Agency has also been supporting Member States in developing their own cyber crisis plans and structures and works every day to ensure collaboration and information sharing across the operational communities.
ENISA therefore considers the revised Blueprint as an essential step forward since it:
- clarifies the interactions and processes between the high number of actors now involved;
- helps support the implementation and strengthening of existing and upcoming efforts;
- enhances the whole cyber crisis life cycle faced with a complex and fast evolving cyber threat environment.
How is ENISA to support the implementation of the Blueprint?
- By supporting Member States & relevant EU bodies
ENISA stands ready to strengthen its support to the Members States and the European Commission, CERT-EU, Europol and all other relevant Union entities to best respond to this call for action.
- By boosting the operational networks operational capacity
The Agency is eager to offer its expertise and contribute to gather relevant information in order to increase the EU capacity to produce an overview of the technical and operational activities in place at national level.
Moreover, the Agency aims to streamline ENISA’s support to the EU-CyCLONe and the CSIRTs network. The intention is to further bolster cooperation across all networks and communities, to improve information sharing regarding incidents, vulnerabilities and situational awareness as a whole.
- By empowering the cybersecurity community
ENISA’s goal is to empower network members by ensuring they have the expertise and make full use of the available tools for information sharing.
The EU-CyCLONe and the CSIRTs Network have both central roles in the revised Blueprint. This is why ENISA supports the development and alignment of the different Standard Operating Procedures in accordance with each network and Chair Presidencies. In doing so, the Agency aims to enhance the response capacity during large-scale cybersecurity incidents and crises and also contribute to an EU integrated situational awareness.
- By contributing to achieve a common taxonomy
ENISA will support the efforts outlined in the revised Blueprint to create a common aligned taxonomy. The Agency therefore intends to make use of the wider expertise across all the different areas of its portfolio to facilitate this by fostering interoperability and integration across all networks and communities.
What’s next?
ENISA is able to share and adopt lessons learnt from past exercises and cyber crises. The Agency can therefore effectively support the Commission with both the annual rolling programme of cyber exercises and with the testing of the Cyber Blueprint at the next edition of the Cyber Europe exercise, in coordination with the High Representative.
ENISA recommends that to make the revised Blueprint a success, it will also be essential to align the tasks and avoid duplication within the relevant EU governance and framework.
Based on joint efforts ENISA will bridge networks and communities, including the civilian, law enforcement, defence and the private sector, for instance through the ENISA Cyber Partnership Programme (CPP).