Mr. Wolfgang Roehrig:

On the strategic decision-making exercises which we are running since 2014, the member states with which we have executed this type of exercise so far are Portugal, the Czech Republic, Austria, Greece, Cyprus, Latvia and Slovenia. We were designing this type of exercise from the beginning on the principle that in the cyber world, what is technically possible will most probably happen. Therefore, we were designing the scenarios from the beginning in 2014 along the aspect of “think the unthinkable” and make it into a scenario. The Deputy mentioned the very recent ransomware attacks on the Irish national health system. This scenario was already part of our initial way of doing the exercises or scenarios from 2014. This scenario also has the opportunity and option to be expanded into a hybrid environment, so it was also the baseline which was part of the hybrid exercise which was run with the Defence Ministers in 2017 under the Estonian Council Presidency.

The other aspect concerns the point on connecting capacities. This is exactly what we are aiming for with the MilCERT Interoperability Conference, MIC. Here, we are clearly striving for a network of operational capacity within member states to increase their information exchange and their co-operation because we clearly see a gap in the defence community. What is already standard on the civil side with, for example, the Computer Emergency Response Team, CERT-EU, network, which is fostered by ENISA, is not happening yet in the military community and we are now trying to foster this in line with the cyber security strategy from 2020, where it is explicitly addressed. We will also be an interlocutor for the civil network of CERTs.