Preparedness support and mutual assistance

Topic description

ExpectedOutcome:

• preparedness support services
• threat assessment and risk assessment services
• risk monitoring services
• mutual assistance among Member States

This mechanism aims to complement and not duplicate efforts by Member States and those at Union level to increase the level of protection and resilience to cyber threats, by assisting Member States in their efforts to improve the preparedness for cyber threats and incidents by providing them with knowledge and expertise.

The mechanism should also support mutual assistance between Member States for both preparedness and incident response actions.

The provision of preparedness support services (ex-ante) shall include activities listed below:

1. Support for testing of essential entities operating critical infrastructure for potential vulnerabilities.

• Development of penetration testing scenarios for MS cybersecurity infrastructure (including infrastructure of Operators of Essential Services, Digital Service Providers and Governmental entities). The proposed scenarios should cover Networks, Applications, Virtualization solutions, Cloud solutions, Industrial Control systems, and IoT.
• Support for conducting testing of essential entities operating critical infrastructure for potential vulnerabilities.
• Support the deployment of digital tools and infrastructures supporting the execution of testing scenarios and for conducting exercises such as the development of standardised cyber-ranges or other testing facilities, able to mimic features of critical sectors (e.g., energy sector, transport sector etc.) to facilitate the execution of cyber-exercises, in particular within cross-border scenarios where relevant.
• Evaluation and/or testing of MS cybersecurity capabilities (including capabilities to prevent, detect and respond to incidents).
• Consulting services, providing recommendations on how to improve infrastructure security and capabilities.

1. Support for threat assessment and risk assessment.

• Threat Assessment process implementation and life cycle.
• Customised risk scenarios analysis.

1. Risk monitoring service.

• Specific continuous risk monitoring such as attack surface monitoring, risk monitoring of assets and vulnerabilities.

Preparedness actions should benefit entities in NIS2 (Directive (EU) 2022/2555) sectors (e.g., energy, transport, banking…) and entities in other relevant sectors, as well as including SMEs and start-ups. Also within scope are actions for mutual assistance among Member States, i.e., tailored and targeted short-term assistance upon request and depending on the specific needs arising from an incident.