2015 National and International Cyber Security Exercises Report
The purpose of this study, published by ENISA in December 2015, was to gather and analyse a primary dataset as the first step towards an EU-wide dataset on cybersecurity exercises, and to create a model for continued reporting on such exercises.
The study was the first step towards the larger goal of using the dataset as a resource for planning and collaboration between nations and agencies interested in cybersecurity exercises. A dataset consisting of over 200 cybersecurity exercises and specialised literature such as after-action reports and previous studies had contributed to the analysis.
The findings showed a continuous and accelerated increase in the total amount of exercises held after 2012, as well as an increase in the number of cooperative exercises involving private and public actors. This indicated that it is not just a matter of public agencies running more exercises, but also of more actors benefitting from these exercises.
The study also revealed that many cybersecurity exercises focus on exploring new structures and collaborations, rather than consolidating or building on established ones. Even though this exploration is an important step towards reaching consolidation, it might be in the best interest of the participants to take the next step of establishing procedures.
Finally, the public-affairs aspect, and in particular the explicit goal of educating both the public and decisionmakers, was left relatively unexplored in much of the exercise design and planning. While there were undoubtedly links between an increased awareness of cybersecurity issues and an increased number of exercises, this exact nature of this link required closer inquiry and required a rather different analytical lens. Nevertheless, as an understanding of cybersecurity issues becomes more and more relevant for an increasingly larger audience, the opportunity to reach such an audience was often missed.
Based on ENISA's analysis, the report provided four main recommendations that would help to increase the quality of future cybersecurity exercises.
- ENISA should establish a common ground for the exchange of best-practices regarding cybersecurity exercise development
- Member States should contribute to the cybersecurity exercises community
- ENISA should produce an Analysis report bi-annually
- The MS and ENISA should co-develop a European exercise calendar