L 239/36
Official Journal of the European Union
EN
19.9.2017
RECOMMENDATIONS
COMMISSION RECOMMENDATION (EU) 2017/1584
of 13 September 2017
on coordinated response to large-scale cybersecurity incidents and crises
THE EUROPEAN COMMISSION,
Having regard to the Treaty on the Functioning of the European Union, and in particular Article 292 thereof,
Whereas:
(1)
The use of and dependence on information and communication technologies have become fundamental aspects
in all sectors of economic activity as our companies and citizens are more interconnected and interdependent
across sectors and borders than ever before. A cybersecurity incident affecting organisations in more than one
Member State or even the entire Union with potential serious disruptions to the internal market and more
broadly to the network and information systems on which the Union economy, democracy and society rely is
a scenario that Member States and EU institutions have to be well-prepared for.
(2)
A cybersecurity incident may be considered a crisis at Union level when the disruption caused by the incident is
too extensive for a concerned Member State to handle on its own or when it affects two or more Member States
with such a wide-ranging impact of technical or political significance that it requires timely coordination and
response at Union political level.
(3)
Cybersecurity incidents can trigger a broader crisis, impacting sectors of activity beyond network and information
systems and communication networks; any appropriate response must rely upon both cyber and non-cyber
mitigation activities.
(4)
Cybersecurity incidents are unpredictable, often occur and evolve within very short periods of time and therefore
affected entities and those with responsibilities as regards responding to and mitigating the effects of the incident
must coordinate their response quickly. Furthermore, cybersecurity incidents are often not contained with any
specific geographical area and may occur simultaneously or spread instantly across many countries.
(5)
An effective response to large-scale cybersecurity incidents and crises at the EU level requires swift and effective
cooperation amongst all relevant stakeholders and relies on the preparedness and capabilities of individual
Member States as well as coordinated joint action supported by Union capabilities. Timely and effective response
to incidents relies therefore on the existence of previously established and, to the extent possible, well-rehearsed
cooperation procedures and mechanisms having clearly defined the roles and responsibilities of the key actors at
national and Union level.
(6)
In its conclusions (1) on Critical Information Infrastructure Protection of 27 May 2011, the Council invited the
EU Member States to ‘strengthen collaboration among Member States and contribute, on the basis of national
crisis management experiences and results and in cooperation with ENISA to the development of European cyber
incident cooperation mechanisms to be tested in the framework of the next Cyber Europe exercise in 2012’.
(7)
The 2016 Communication ‘Strengthening Europe's Cyber Resilience System and Fostering a Competitive and
Innovative Cybersecurity Industry’ (2) encouraged Member States to make the most out of the NIS Directive (3)
(1) Council conclusions on Critical Information Infrastructure Protection ‘Achievements and next steps: towards global cyber security’,
document 10299/11, Brussels, 27 May 2011.
(2) COM(2016) 410 final, 5 July 2016
(3) Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level
of security of network and information systems across the Union (OJ L 194, 19.7.2016, p. 1).