ENISA has analysed the EU-level crisis management frameworks in five different sectors to make recommendations on more efficient cyber crisis cooperation and management. The subsequent report highlights the lessons that can be learnt from other sectors and that could be applicable in the cyber domain.
The ENISA report ‘Common Practices of EU-level Crisis Management and Applicability to Cyber Crises’ provides an overview of the current state-of-play of EU-level crisis management and offers an analysis, from a cyber crisis perspective, of numerous lessons learnt and challenges from decades of crisis management in the following sectors: aviation, civil protection, border control, counter-terrorism and health and disease control. The study takes a step further by providing five key recommendations on how to raise maturity in EU-level cyber crisis management. The study is based on a thorough review of the key legal and policy documents and interviews with key experts of the sectors in scope.
According to the report currently cyber crisis management at an EU-level lacks the proper mechanisms and consistency to effectively support the EU-wide cyber community in the event of a cyber crisis, despite a number of recent initiatives.
“The message we try to pass with this study is that the effective mitigation of any type of crisis caused by cyber incidents does not only depend on the mitigation of the impacts of that crisis. It depends also very much on the effective mitigation of the cyber incidents which caused it. Today, EU decision-makers are in the privileged position to take action before such a cyber crisis occurs; this study offers insight into what can be done,” said Udo Helmbrecht, executive director of ENISA.