ENISA, the European Network and Information Security Agency, publishes an in-depth focus interview with Agency Experts on the forthcoming Cyber Security Exercise, and the cooperation between the Agency and the Member States, in the context of the Agency's Critical Infrastructure Information Protection and Resilience programs.

Interview on ENISA’s first pan-European CIIP exercise with Evangelos Ouzounis, Panagiotis Trimintzios & Panagiotis Saragiotis on the Resilience and CIIP Program

First of all, what does CIIP stand for?

It stands for Critical Information Infrastructure Protection.

What is the background to this first pan-European CIIP exercise?

The idea for the first pan-European exercise was proposed by the European Commission in their CIIP Action Plan in 2009. The Tallinn Ministerial conference confirmed the importance of the first pan-European exercise and asked the Commission, the Member States and ofcourse ENISA to work together for the implementation of this idea by the end of 201. After that the Member States started to mobilise resources accordingly.

You have now had four preparatory workshops for the first pan-European CIIP exercise. What have you been focusing on in these workshops?

The first workshop was in the beginning of January. We then started to plan the exercise and position it among the Member States to get their views and agree upon the exercise.

We also created a team of planners from different Member States and started working together on the tasks, planning, the scenario, policies, etc.

During the second workshop, ENISA and the planners submitted the planning and asked the Member States if they agree with the tasks, deadlines etc.

During the third workshop, held in Tallinn in May, ENISA and the planners discussed with all Member States the ideas for different scenarios, and during the fourth workshop in June, we finalised the scenario details, policies for the observers, media policies, infrastructure logistics etc.

In addition to these preparatory workshops we will also have a training seminar in September. We will also test the infrastructure before the exercise in November.

Who is participating in these planning workshops?

First of all, there was a significant interest for these planning workshops and a lot of the Member States are taking part in these discussions. Some of the Member States are extremely active and have also volunteered to help organise and plan the exercise. The team of planners involved staff from DK, FI, FR, HU, IT, PT, SE, UK, and the contribution of staff from ENISA and the EU's Joint Research Centre (JRC).

There are also other Member States that are interested in participating, or have an interest in how the exercise develops and many of them will participate as observers. At the moment all Member States have expressed interest in taking part in the exercise either as players or observers.

What organisations do the participants come from?

There are different profiles for the participating countries, which varies between the Member States. It depends on where the competences and experiences in each Member State lie. For example, in the Netherlands, the Ministry of Economic Affairs is responsible for this topic. In Sweden it is The Swedish Post and Telecom Agency (PTS), who is the regulator. However, during the exercise itself the countries will also include other players from other relevantorganisations.

What are the main objectives of the pan-European CIIP exercise?

The main objective of the exercise is to bring the Member States together and enhance the Member States’ coordination efforts during a crisis. We also want to test the Member States’ abilities to find the right contacts and assess the competences in the other Member States during a crisis. This is the first time we have a pan-European CIIP exercise, i.e. the first time that the Member States come together and work on a NIS related topic. We are all very much looking forward to this and we have been spending a lot of time analysing what the best approach for this kind of exercise is. Several Member States have already had national exercises.

You can, of course, not reveal the scenario for the exercise, but could you give us a general idea of what the scenario will look like?

The general idea is that the Internet will become gradually unavailable, and as a result citizens, businesses and public institutions could not access critical online services. As the phenomenon will continue one Member State after the other will increasingly suffer from this problem. In that case, all Member States have to co-operate to jointly respond to such crisis.

What is ENISA’s role in the pan-European exercise?

The Member States are the drivers of this exercise. ENISA and EU Commission’s JRC facilitate, organise and manage the exercise.

The full interview is available in .pdf format from the ENISA website.

www.enisa.europa.eu