Resource Center

On 24 February 2025, following a proposal by the European Commission, the Council of the European Union began discussions on a new cybersecurity blueprint On 24 February 2025, following a proposal by the European Commission, the Council of the European Union began discussions on a new cybersecurity blueprint. After several rounds of negotiations through its preparatory bodies, the Council formally adopted the new text today during the Transport, Telecommunications and Energy Council in Luxembourg.BackgroundIn recent years, the European Union has steadily strengthened its approach to comprehensive cyber risk management through various instruments and initiatives. The 2016 Network and Information Security Directive (NIS1 – EU Directive 2016/1148) led to the creation of the CSIRT network, which connects national cybersecurity and incident response teams across all Member States. In response to major incidents like WannaCry, the European Commission issued a recommendation in 2017 (2017/1584) on coordinated response to large-scale cybersecurity incidents—this became known as the “Cyber Blueprint.” However, this recommendation was never formally adopted by Member States and has since become outdated due to the rapidly evolving cyber crisis landscape.In 2019, the EU Agency for Cybersecurity (ENISA) received a strengthened and permanent mandate, enabling it to better support situational awareness and operational coordination across the EU. The following year, the EU Cyber Crisis Liaison Organisation Network (EU-CyCLONe) was established at the request of Member States as an operational coordination layer supported by ENISA. In 2022, the NIS2 Directive (EU Directive 2022/2555) formalised the role of EU-CyCLONe and required Member States to establish dedicated national authorities for cyber crisis management. In 2025, the Cyber Solidarity Act further supports EU-wide situational awareness and coordinated responses.At the same time, large-scale exercises, such as the biannual Cyber Europe and the EU-CyCLEs exercise (held under the French Presidency), have yielded valuable lessons.Moreover, geopolitical developments such as the Russia’s war of aggression against Ukraine, led the EU to increase reliance on digital infrastructure, and a rising number of cyber incidents have significantly heightened the cyber threat landscape. Moreover, reports such as the ENISA State of Cybersecurity and Niinistö Report have called for enhanced European readiness for large-scale cyber crises.Lastly, and under the Belgian Presidency, Council conclusions titled “On the Future of Cybersecurity: Implement and Protect Together” (10133/24) were adopted, calling for a prompt revision of the 2017 Cyber Blueprint in the form of a Council Recommendation.What’s in the New Blueprint?The newly adopted Cybersecurity Blueprint updates the EU’s framework for cyber crisis management. It clearly maps out the roles of relevant EU actors across all phases of a cyber crisis, from preparation and detection to response and recovery.The blueprint aligns with existing EU mechanisms, such as the Integrated Political Crisis Response (IPCR) and the EU Cyber Diplomacy Toolbox and reflects recent policy developments including the Critical Infrastructure Blueprint and the network code on cybersecurity for the electricity sector.Key highlights:Enhances coordination between civilian and military actors, including cooperation with NATO.Reflects goals of the upcoming EU Preparedness Strategy.Promotes secure EU-wide communication systems.The blueprint comprises 13 chapters: aim, scope, and guiding principles; definitions; national structures and responsibilities for cyber crisis management; key networks and actors in the EU cyber crisis ecosystem; preparation for large-scale incidents and crises; detection of incidents with potential to escalate; EU-level response coordination; public communication strategies; diplomatic response and international cooperation; coordination with military actors; recovery and lessons learned; secure communications; and, final provisions.The document is guided by the principles of proportionality, subsidiarity, complementarity, and confidentiality.Why It Matters to the CCBThe Centre for Cybersecurity Belgium (CCB) played a leading role in shaping Belgium’s position during the negotiations, led by its International Relations department and in close cooperation with the Permanent Representation to the EU.As Belgium’s national cybersecurity authority—and the national cyber crisis management authority designated under the Royal Decree transposing the NIS2 Directive—the CCB is responsible for updating and maintaining Belgium’s cyber crisis management framework. Ensuring Belgium’s priorities were effectively reflected in the final EU text was critical to aligning this new EU framework with ongoing national efforts. More about the EU Cyber Blueprint

The Belgian Wall of Fame celebrates the achievements of ethical hackers who have made exceptional contributions to the protection of our country's digital infrastructure. The Centre for Cybersecurity Belgium (CCB) is launching a ‘Belgian Wall of Fame’, an initiative aimed at highlighting the exceptional contribution of ethical hackers working to protect the national digital infrastructure.As true guardians of our digital ecosystem, ethical hackers are an essential link in the country's cybersecurity strategy. Thanks to their vigilance and responsible approach to detecting and reporting vulnerabilities, they enable potential threats to be anticipated and neutralised before they can be exploited maliciously. Their technical expertise, combined with their civic commitment, is a major asset in ensuring the digital security of citizens, the economic fabric and public institutions.Well-deserved recognition for decisive contributionsThe Belgian Wall of Fame, now available online (via https://ccb.belgium.be/cert/vulnerability-reporting-ccb/wall-of-fame), honours dozens of security researchers who have reported critical vulnerabilities in accordance with the principles of responsible disclosure. This initiative goes beyond mere symbolic recognition to serve as a concrete expression of gratitude and a catalyst for collaboration between public services and the cybersecurity expert ecosystem.This initiative follows on from the major legislative advance in February 2023, when Belgium adopted an innovative legal framework legitimising IT vulnerability research activities carried out by ethical hackers, subject to specific conditions.The CCB calls on the entire ethical hacker community to continue to put their know-how and expertise at the service of the public interest.

The CCB was invited by the Belgian Defence Cyber Command to be part of the Locked Shields team, a large-scale exercise organised by NATO. Is it possible to be fully prepared for cyber attacks? It's practically impossible. But NATO's large-scale exercise Locked Shields simulates a realistic scenario with problems and a context that are very close to reality. More than 4,000 people from no fewer than 41 different countries took part in this training exercise. The Centre for Cybersecurity Belgium (CCB) was invited by the Belgian Defence Cyber Command to be part of the team. Belgium, Latvia and Luxembourg formed a blue team of 260 people who were subjected to cyber attacks for four days. This enabled them to further optimise the various cyber capabilities available to the Cyber Command of the SGRS.‘The exercise requires months of preparation. Even so, we cannot be ready for what awaits us in the coming days,’ said one of the participants at the start of the exercise. During Locked Shields, organised by NATO's Cooperative Cyber Defence Centre of Excellence (CCDCOE), different teams around the world are simultaneously subjected to a large-scale cyberattack.Seventeen blue teams were tasked with protecting a fictional country, ‘Berylia,’ from realistic cyber attacks carried out by the red team. The more a blue team defends ‘Berylia,’ the more points it earns. There are also green, yellow, and white teams, which are neutral teams responsible for developing the scenario and simulating normal network use.The international Belgium-Luxembourg-Latvia blue team came fourth out of 17 blue teams. This is an impressive achievement, given the difficulty of the exercise. After the exercise, one participant proudly said: ‘Our team performed really well. I saw the team and myself improve during the exercise and we were also able to develop some great partnerships. Locked Shields 2025 was therefore a resounding success!’‘Train as you fight’We are hearing more and more about cyber attacks targeting critical systems. Examples include energy distribution, satellite communications and 5G. These systems must remain operational and user access must be maintained during attacks. A member of the reporting team explains that this requires a great deal of coordination: ‘Our own blue team consists of 19 sub-teams to control everything. We have teams that identify the source of attacks and fight them, others that monitor, draft legal opinions, follow the media and much more. Communication between the different teams is crucial, but it's also the biggest challenge to overcome in order to be successful.’Participants gain experience in how to respond in a war situation and how quickly they need to react and make decisions. Everyone is pushed to their limits, which is what makes Locked Shields so interesting.‘For me, it's important that participants not only gain knowledge and expertise to deal with these kinds of situations in the future, but also that they meet colleagues, expand their network and thus lay the foundations for long-lasting collaborations and partnerships across borders,’ says one of the organisers.Strategic decision-making under pressureIn parallel with the technical exercise, Belgium also took part in STRATEX – a remote strategic-level exercise designed to test national decision-making under cyber crisis conditions. While the core of the exercise took place in Tallinn, Estonia, the Belgian STRATEX team gathered at the CCB headquarters in Brussels. Key stakeholders such as Cyber Command, the National Crisis Centre, and the Permanent Representation to the EU and NATO joined forces to respond to complex scenario injects. Together with the Cyber Command liaison stationed in Tallinn, they assessed whether Belgium has the right plans, coordination mechanisms and communication structures in place. The exercise offered a valuable opportunity to strengthen cross-institutional collaboration and improve national preparedness for future cyber crises.