The third Strategic Decision Making Course & Exercise on Cyber Crisis Management within the framework of the European Defence Agency (EDA) takes place in Vienna from the 14th to 16th September 2015. The event is a joint initiative of the EDA, the European Cyber Security Initiative (Estonia), the Austrian Ministry of Defence and the Austrian Ministry of Interior. Forty representatives from the Austrian Federal Chancellery, the Ministries of Interior, Justice, European and International Affairs, Defence and Sports as well as from seven private companies participate in the exercise which is hosted at the Austrian Defence College. The exercise is also observed by 40 national and international cyber security experts.
The main aim of the exercise is to prepare strategic leaders to deal with cyberspace crisis management processes in complex situations and to promote a cyber security and cyber defence strategic culture. It also concentrates on stimulating national synergies and to foster EU member states cooperation.
The exercise set-up includes presentations as well as a decision-making exercise and an in-depth feedback session. The exercise audience is confronted with a customised fictional political scenario where a crisis situation outside EU boundaries spills back to an EU member state, here Austria. Manifestations of this spill over are an escalating sequence of targeted cyber-attacks of different degree of severity which are affecting both Austrian public and private sector entities, including national critical infrastructures such as telecommunications and Internet service providers, the energy sector, water supply and the public health care sector;all of this has had an impact on the public up to the level of casualties. The exercise audience is asked to apply the existing Austrian legal and political framework to the escalating scenario. At the same time participants must react to the population’s perception of the situation and to maintain public order. The exercise is following a playbook of more than 200 pages.
Cyber defence – a key capability
The previous two cyber defence exercises for decision-makers were organised in Portugal in May 2014 and Prague in June 2015. The initiative is part of the EDA’s cyber defence work strand which among others aims at improving training, education and exercises opportunities as highlighted in the "Cyber Defence Policy Framework" which was adopted by the European Council in November 2014.
"The 2013 EDA landscaping study on cyber defence capabilities among EDA member states revealed a need for harmonised cyber training for decision makers. The present course and exercise are the direct result of this study. The courses are constantly being improved according to participant’s feedback to ensure that our offer corresponds with Member State’s needs", said Peter Round, Director Capability, Armament & Technology at the European Defence Agency.
Cyber defence is the military dimension of cyber security. The military requirements are to prepare for, prevent, detect, respond to, recover from and learn lessons from attacks, damage or un-authorized access originated from cyber space affecting systems and services that support and enable military tasks and operations.
In the EDA’s capability development plan, cyber defence is one of the priority actions. A project team of EDA and its participating Member States' representatives is responsible for jointly developing cyber defence capabilities within the EU common security and defence policy (CSDP). A network of EDA and Member States research & technology experts support this work by collaborative activities delivering the required technologies at the right time. All of this is positioned next to existing and planned efforts by civil communities (national and EU institutions) and NATO. Given that threats are multifaceted, a comprehensive approach is taken, seeking to enhance synergies between the civilian and military domains in protecting critical cyber assets.