EUROCYBEX is a European cyber crisis exercise involving multiple European member states. The project is coordinated by CEIS and supported by the European Network and Information Society Agency (ENISA). It received funding from DG Home of the European Commission in the framework of the Prevention, Preparedness and Consequence Management of Terrorism and other Security-related Risks (CISP) programme. Integrated into the European programme of cyber crisis exercises, EUROCYBEX builds upon the results of the exercise Cyber Europe 2010. The objectives of the project are to test and improve cooperation procedures in cyber crises at European level.

Apart from cybercrime, other forms of illicit internet activities become more and more common, such as manipulation of websites and denial of services. These activities are often undertaken by more or less organised pirates and constitute a real threat to the sovereignty of the state. Because of the gradual fusion of ‘virtuality’ and ‘reality’ with ‘ubiquitous IT’, nanotechnologies and such like rendering us more and more dependent on IT systems, this threat is becoming ever greater.

On 27 September 2011, the EUROCYBEX exercise simulated a cyber crisis. Four national agencies responsible for the security of IT systems from EU Member States were involved, one of them being the French ANSSI ( Agence Nationale de la Sécurité des Systèmes d’Information). During the one-day exercise, representatives from France, Germany, Hungary, and Austria tested the communication procedures. About 30 observers from the ENISA and member states observed the exercise. It was organised and coordinated by the French strategic consulting and research company, CEIS. It was designed and held in cooperation with ISDEFE, a consulting and research centre affiliated to the Spanish Ministry of Defence. The objective of EUROCYBEX was to test and validate the communication procedures and the creation of a “crisis group” in the event of a cyber attack. The scenario was inspired by real events and simulated the leakage of confidential information from official websites and their publication by an activist website.

The exercise was held using the training platform CRITIS, developed by CEIS. This allowed observers to follow the developments and reactions of the players in real time. The exercise was followed by an evaluation phase of the lessons learned in a session involving players and observers. These will improve future exercises as well as the cooperation procedures between member states.

Co-financed in the framework of DG Home’s CIPS, the EUROCYBEX project was a continuation of the first pan-European cyber crisis exercise, Cyber Europe 2010, which was organised by the ENISA. Building on the conclusions and identified areas of improvement of Cyber Europe 2010, the participants of the project began preparing in early 2010 for EUROCYBEX. The results of EUROCYBEX will help to improve communication procedures, notably in view of the upcoming EU-US exercise Cyber Europe 2012, which will be organised by ENISA and take place at the end of 2011.

The lessons learned from EUROCYBEX will be communicated to member states and relevant European institutions, but will not be published for security reasons.