EU Cybersecurity exercise for EU elections

To evaluate and strengthen current working methods ahead of the 2024 elections, EU institutions have organised a cybersecurity exercise today.

National and EU partners tested their crisis plans and possible responses to potential cybersecurity incidents affecting the European elections.

The exercise is part of the measures being implemented by the European Union to ensure free and fair elections in June 2024. It took place in the European Parliament and was organised by the European Parliament’s services, the European Commission and the EU Agency for Cybersecurity (ENISA). The drill allowed participants to exchange experiences and best practices, and will help them enhance their capacity to respond to cybersecurity incidents as well as to contribute to the update of existing guidelines and good practices on the cybersecurity of technology used in the election process.

All is in place to ensure that European citizens can trust the EU electoral process. Risks to elections can take various forms from information manipulation and disinformation to cyber-attacks that compromise infrastructures.

Based on various scenarios featuring potential cyber-enabled threats and incidents, the exercise allowed participants to:

  • Deepen their knowledge of the level of critical aspects of European elections, including an assessment of the level of awareness among other stakeholders (e.g. political parties, electoral campaign organisations and suppliers of relevant IT equipment);
  • Enhance cooperation between relevant authorities at national level (including elections authorities and other relevant bodies and agencies, such as cybersecurity authorities, Computer Security Incident Response Teams (CSIRTs), Data Protection Authorities (DPAs), authorities dealing with disinformation issues, as well as at EU level, such as the Commission services in charge of enforcement of the Digital Services Act (DSA);
  • Verify existing EU Member States’ capacity to adequately assess the risks related to the cybersecurity of European elections, promptly develop situational awareness and co-ordinate communication to the public;
  • Test existing crisis management plans as well as relevant procedures to prevent, detect, manage and respond to cybersecurity attacks and hybrid threats, including disinformation campaigns;
  • Identify all other potential gaps as well as adequate risk mitigation measures which should be implemented ahead of the European Parliament elections.