EU Cybersecurity Resilience, Coordination and Cybersecurity Ranges

Outcomes and deliverables

The expected outcomes will be a strong capacity in the Member States to react in a coordinated way to large scale cybersecurity incidents, as well as top-level cybersecurity ranges offering advanced skills, knowledge and testing platforms.

The implementation of this topic has two main objectives:

• To strengthen the capacity of cybersecurity actors in the Union to monitor cyber-attacks and threats and supply chain risks, to react jointly against large incidents, and to improve relevant knowledge, skills and training. This objective will be pursued through the implementation of the Blueprint and the future Joint Cyber Unit considering the important role of the Computer Security Incident Response Teams (CSIRTs) network and of the Cyber Crisis Liaison Organization Network (CyCLONe).
• To create, interconnect and strengthen Cybersecurity ranges at European, national and regional level as well as within and across critical infrastructures, including in but not limited to sectors covered by the NIS Directive, in view to share knowledge and cybersecurity threat intelligence between stakeholders in the Member States, better monitor cybersecurity threats, and respond jointly to cyber-attacks.

Proposals addressing the first objective should build capacity of cybersecurity actors to react in a coordinated way to large scale cybersecurity incidents, while fostering the role of CSIRTs, the CyCLONe network, the future Joint Cybersecurity Unit, and taking into account the Blueprint.

Proposals addressing the second objective should support the creation, operation, capacity increase and/or uptake of cybersecurity ranges, as well as foster networking between them in view to develop cybersecurity skills and expertise in key technologies (e.g. 5G, Internet of Things, Cloud, Artificial Intelligence, industrial control systems) as well as application sectors (e.g. health, energy, finance, transport, telecommunication, agri-food production, resource management) including consideration to cascading effects across sectors. This action will aim to:

• exchange knowledge between cybersecurity ranges and create common data repositories;
• support large-scale and cross-sector scenarios covering a wide range of adversaries and attack strategies, including for example cross centre serious gaming exercises; allow realistic traffic simulation that reflect network conditions;
• support structured training and cybersecurity exercises to prepare cybersecurity defenders at both public and private organisations to enhance the protection and resilience of critical infrastructures, enterprises and communications networks; enable the conduct of hybrid trainings engaging all levels relevant to detecting, mitigating and preventing cyber-attacks (tactical, operational, strategic) while creating an environment where they can train communication, coordination and decision making;
• provide additional services to stakeholders such as structured test methodologies, vulnerability database and forensic tools; develop of automated content delivery options supporting specific job profiles.