EU cybersecurity exercise to foster cooperation and promote free and fair EU elections
To evaluate and strengthen current working methods ahead of the 2024 elections, EU institutions have today organised a cybersecurity exercise. National and EU partners tested their crisis plans and possible responses to potential cybersecurity incidents affecting the European elections.
The exercise is part of the measures being implemented by the European Union to ensure free and fair elections in June 2024. It took place in the European Parliament and was organised by the European Parliament's services, the European Commission and the EU Agency for Cybersecurity (ENISA). The drill allowed participants to exchange experiences and best practices and will help them enhance their capacity to respond to cybersecurity incidents as well as to contribute to the update of existing guidelines and good practices on the cybersecurity of technology used in the election process.
Representatives from national electoral and cybersecurity authorities, together with observers from the European Parliament, the European Commission, CERT-EU and the EU Agency for Cybersecurity (ENISA), participated in the second edition of the exercise. While the main responsibility for protecting the integrity of the elections lies with EU Member States, this exercise helped fine-tune their common preparedness when facing potential cyber and other hybrid threats and their ability to swiftly develop and maintain situational awareness at national and EU level if a serious cybersecurity incident were to occur.
All is in place to ensure that European citizens can trust in the EU electoral process. Risks to elections can take various forms from information manipulation and disinformation to cyber-attacks that compromise infrastructures.
Based on various scenarios featuring potential cyber-enabled threats and incidents, the exercise allowed participants to:
- Deepen their knowledge of the level of critical aspects of European elections, including an assessment of the level of awareness among other stakeholders (e.g., political parties, electoral campaign organisations and suppliers of relevant IT equipment);
- Enhance cooperation between relevant authorities at national level (including elections authorities and other relevant bodies and agencies, such as cybersecurity authorities, Computer Security Incident Response Teams (CSIRTs), Data Protection Authorities (DPAs), authorities dealing with disinformation issues, etc.) as well as at EU level, such as the Commission services in charge of enforcement of the Digital Services Act (DSA);
- Verify existing EU Member States' capacity to adequately assess the risks related to the cybersecurity of European elections, promptly develop situational awareness and co-ordinate communication to the public;
- Test existing crisis management plans as well as relevant procedures to prevent, detect, manage and respond to cybersecurity attacks and hybrid threats, including disinformation campaigns;
- Identify all other potential gaps as well as adequate risk mitigation measures which should be implemented ahead of the European Parliament elections.