Resource Center

The CCB was invited by the Belgian Defence Cyber Command to be part of the Locked Shields team, a large-scale exercise organised by NATO. Is it possible to be fully prepared for cyber attacks? It's practically impossible. But NATO's large-scale exercise Locked Shields simulates a realistic scenario with problems and a context that are very close to reality. More than 4,000 people from no fewer than 41 different countries took part in this training exercise. The Centre for Cybersecurity Belgium (CCB) was invited by the Belgian Defence Cyber Command to be part of the team. Belgium, Latvia and Luxembourg formed a blue team of 260 people who were subjected to cyber attacks for four days. This enabled them to further optimise the various cyber capabilities available to the Cyber Command of the SGRS.‘The exercise requires months of preparation. Even so, we cannot be ready for what awaits us in the coming days,’ said one of the participants at the start of the exercise. During Locked Shields, organised by NATO's Cooperative Cyber Defence Centre of Excellence (CCDCOE), different teams around the world are simultaneously subjected to a large-scale cyberattack.Seventeen blue teams were tasked with protecting a fictional country, ‘Berylia,’ from realistic cyber attacks carried out by the red team. The more a blue team defends ‘Berylia,’ the more points it earns. There are also green, yellow, and white teams, which are neutral teams responsible for developing the scenario and simulating normal network use.The international Belgium-Luxembourg-Latvia blue team came fourth out of 17 blue teams. This is an impressive achievement, given the difficulty of the exercise. After the exercise, one participant proudly said: ‘Our team performed really well. I saw the team and myself improve during the exercise and we were also able to develop some great partnerships. Locked Shields 2025 was therefore a resounding success!’‘Train as you fight’We are hearing more and more about cyber attacks targeting critical systems. Examples include energy distribution, satellite communications and 5G. These systems must remain operational and user access must be maintained during attacks. A member of the reporting team explains that this requires a great deal of coordination: ‘Our own blue team consists of 19 sub-teams to control everything. We have teams that identify the source of attacks and fight them, others that monitor, draft legal opinions, follow the media and much more. Communication between the different teams is crucial, but it's also the biggest challenge to overcome in order to be successful.’Participants gain experience in how to respond in a war situation and how quickly they need to react and make decisions. Everyone is pushed to their limits, which is what makes Locked Shields so interesting.‘For me, it's important that participants not only gain knowledge and expertise to deal with these kinds of situations in the future, but also that they meet colleagues, expand their network and thus lay the foundations for long-lasting collaborations and partnerships across borders,’ says one of the organisers.Strategic decision-making under pressureIn parallel with the technical exercise, Belgium also took part in STRATEX – a remote strategic-level exercise designed to test national decision-making under cyber crisis conditions. While the core of the exercise took place in Tallinn, Estonia, the Belgian STRATEX team gathered at the CCB headquarters in Brussels. Key stakeholders such as Cyber Command, the National Crisis Centre, and the Permanent Representation to the EU and NATO joined forces to respond to complex scenario injects. Together with the Cyber Command liaison stationed in Tallinn, they assessed whether Belgium has the right plans, coordination mechanisms and communication structures in place. The exercise offered a valuable opportunity to strengthen cross-institutional collaboration and improve national preparedness for future cyber crises.

The Commission is inviting experts to submit their application to become a member of the newly created Health Cybersecurity Advisory Board. The Commission is inviting experts to submit their application to become a member of the newly created Health Cybersecurity Advisory Board.This expert group, set up by the Directorate-General for Communications Networks, Content and Technology (DG CONNECT) in collaboration with the Directorate-General for Health and Food Safety (DG SANTE), aims to enhance the cybersecurity resilience of healthcare systems across the European Union.In light of increasing cybersecurity threats targeting hospitals and healthcare providers, the Commission adopted the European Action Plan on the Cybersecurity of Hospitals and Healthcare Providers on 15 January 2025. The Health Cybersecurity Advisory Board will play a pivotal role in advancing and implementing this vital plan. Among its other tasks, the Board will advise the Commission on impactful actions for cybersecurity in the healthcare sector, facilitate public-private cooperation, and provide advice to the EU Agency for Cybersecurity (ENISA) in respect to the activities of the European Cybersecurity Support Centre for hospitals and healthcare providers.The group will also identify and share best cybersecurity practices, facilitate dissemination of information to hospitals and healthcare providers, and promote exchanges between professionals from the cybersecurity and the healthcare sectors.The Board will be made of up to 15 members, drawn from individuals and organisations across the healthcare and cybersecurity sectors. This can include healthcare providers and other entities in the health sector, cybersecurity providers, as well as members representing a common interest. Members will be appointed for a two-year term, with the potential for renewal. Deadline for application is 23 May. Read more information about this call for applications.Source: https://digital-strategy.ec.europa.eu/en/news/commission-launches-call-selection-members-newly-launched-health-cybersecurity-advisory-board 

The CCB has information about multiple cases in which the Ivanti vulnerability is being actively exploited with very serious consequences for the affected organisations. Organisations using EoL versions of these devices will certainly come under attack in the coming days or weeks. We therefore recommend that you take immediate action and remove the EoL devices. The CCB has information about multiple cases in which the Ivanti vulnerability is being actively exploited with very serious consequences for the affected organisations.Organisations using EoL versions of these devices will certainly come under attack in the coming days or weeks. We therefore recommend that you take immediate action and remove the EoL devices.We recommend to perform the following actions as soon as possible:Patch your Ivanti devices, replace them when End-of-LifeCheck for compromises with the Ivanti external Integrity CheckerCheck your environment for traces of compromiseWith this alert, we want to engage security teams to thoroughly check these devices and the entire network, start incident response if necessary and inform us on https://ccb.belgium.be/cert/report-incident. Read the flash report

We've uploaded the event recording for your convenience. We've uploaded the event recording for your convenience; you can watch it here on our Youtube channel. Feel free to share it!Don't forget we have a dedicated page with detailed information on Ransomware. Plus you can also download the slides here, providing practical insights and resources to help you protect your data against ransomware and act swiftly and effectively in the event of a ransomware attack.The CCB organises events regularly and you can already register for some of our future events. To stay informed, follow us on LinkedIn and Twitter.

On 15 January 2025, the European Commission adopted the Action Plan on the Cybersecurity of Hospitals and Healthcare Providers. A public consultation has been launched for all stakeholders in this area. On 15 January 2025, the European Commission adopted the Action Plan on the Cybersecurity of Hospitals and Healthcare Providers. This plan sets out concrete actions for ENISA, the European Commission, EU Member States and healthcare institutions themselves, with the goal of boosting the digital resilience of healthcare providers across Europe.To support the implementation of the plan, the Commission launched a public consultation. Its aim is to collect input from all relevant actors in the healthcare sector and the broader cybersecurity ecosystem, to ensure that the actions are well aligned with the sector’s needs.The consultation targets:• Management of hospitals and other healthcare providers• IT professionals in the healthcare sector• Healthcare workers (doctors, nurses, etc.)• Public authorities in charge of healthcare• Patients and patient organisations• Compliance and data protection officers• Cybersecurity professionals• Businesses active in the healthcare sectorParticipating takes about 15 minutes and is possible until 30 June 2025 via EUSurvey - Survey.The Centre for Cybersecurity Belgium encourages all Belgian stakeholders to share their expertise and experience. Your voice matters – for a secure, resilient and future-proof healthcare sector in Europe. To the EUSurvey