IJISC

  • Indexed in

    --- See all the databases ---

  • Latest News

    December 24, 2025
    Volume 14, Issue 2 of the International Journal of Information Security and Cybercrime was published
    June 29, 2025
    Volume 14, Issue 1 of the International Journal of Information Security and Cybercrime was published
    December 30, 2024
    Volume 13, Issue 2 of the International Journal of Information Security and Cybercrime was published
  • --- More News ---

    • Enhancing Civil-Military Cyber Resilience Lessons from the ECYBRIDGE Tabletop Exercise


    Author(s): PREDA, Marius; POPESCU, Valeria; ARGINT, Cornel; IANCU, Niculae; RAICU, Gabriel; ENE, Gabriel

    Quick view | Full article | Citations | Views: 836


    Author(s) keywords: , , ,


    Reference keywords: , ,


    Abstract:

    The ECYBRIDGE Tabletop Exercise (TTX), organized by the Romanian National Cyber Security Directorate in October 2024, brought together civilian and military cybersecurity stakeholders to respond to a simulated cyber crisis impacting critical infrastructure jointly. This paper presents a comprehensive analysis of TTX, highlighting insights at the organizational, technical, and policy levels. The exercise scenario - a multi-phase cyber attack on significant port and military unit infrastructures - provided a realistic test of incident response plans and civil-military cooperation. TTX successfully met its objectives, achieving high scenario realism, strong multisector engagement (with over 25 participants from 10 civilian and defence organizations across 5 EU states), and effective strategic–technical coordination. Key findings include the need for formalized cross-sector communication protocols, integrated incident command structures, improved patch management and network segmentation, and enhanced diplomatic coordination during cyber crises, particularly when essential critical infrastructure in high-criticality sectors is involved. Participant feedback rated the scenario as highly relevant and the exercise as engaging, while suggesting improvements in scenario context and injecting complexity. The lessons learnt from TTX align with the EU cybersecurity strategies, policies and directives and include valuable recommendations for strengthening Europe’s cyber resilience. Moreover, we identified actionable recommendations to strengthen civil-military cyber crisis response within the E.U. digital landscape. These include unified response frameworks, joint training programs, and multinational cyber task forces, offering practical guidance for practitioners and policymakers across both civilian and defence communities.



    References:

    [1]. JOINT COMMUNICATION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL The EU’s Cybersecurity Strategy for the Digital Decade. 2020. Accessed: Apr. 16, 2025. [Online]. Available: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex:52020JC0018
    [2]. Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148 (NIS 2 Directive) (Text with EEA relevance)Text with EEA relevance. 2022. Accessed: Apr. 16, 2025. [Online]. Available: http://data.europa.eu/eli/dir/2022/2555/2022-12-27/eng
    [3]. “Regulation - 2019/881 - EN - EUR-Lex.” Accessed: Apr. 16, 2025. [Online]. Available: https://eur-lex.europa.eu/eli/reg/2019/881/oj/eng
    [4]. A.-C. Belciu Vasilescu and M. Preda, “Cyber Resilience Under the EU Framework: Insights from an Applied Case Study on Critical Sectors,” Int. J. Inf. Secur. Cybercrime, vol. 13, no. 2, pp. 18–32, Dec. 2024, doi: 10.19107/IJISC.2024.02.02.
    [5]. “ECYBRIDGE.” Accessed: Apr. 16, 2025. [Online]. Available: https://ecybridge.eu/
    [6]. A. Bendiek, M. C. Kettemann, and Stiftung Wissenschaft Und Politik, “Revisiting the EU cybersecurity strategy: a call for EU cyber diplomacy,” SWP Comment, p. 16/2021, 2021, doi: 10.18449/2021C16.
    [7]. J. Kävrestad, S. Johansson, and E. Bergström, “Using Tabletop Exercises to Raise Cybersecurity Awareness of Decision-Makers,” in Critical Information Infrastructures Security, vol. 15549, G. Oliva, S. Panzieri, B. Hämmerli, F. Pascucci, and L. Faramondi, Eds., in Lecture Notes in Computer Science, vol. 15549. Cham: Springer Nature Switzerland, 2025, pp. 231–248. doi: 10.1007/978-3-031-84260-3_14.
    [8]. V. Kopustinskas et al., “Tabletop exercise: Coherent Resilience 2019 (CORE 19).” Joint Research Centre, European Commission Luxembourg, 2019.
    [9]. S. C. Smith, S. Raio, R. F. Erbacher, and T. W. Parker, “Quantitative measurement of cyber resilience: A tabletop exercise”.
    [10]. J. Kim, K. Kim, and M. Jang, “Cyber-physical battlefield platform for large-scale cybersecurity exercises,” in 2019 11th international conference on cyber conflict (CyCon), IEEE, 2019, pp. 1–19.
    [11]. P. K. Kilroy II, Cyber Defense Planning in Tabletop Exercises and Consideration of a Fractured Flaw Theory for Security Applications. Liberty University, 2024.
    [12]. J. Young and S. Farshadkhah, “Backdoors & breaches: Using a tabletop exercise game to teach cybersecurity incident response,” in Proceedings of the EDSIG Conference ISSN, 2021, p. 4901.
    [13]. “BLUE OLEX 2023: Getting Ready for the Next Cybersecurity Crisis in the EU | ENISA.” Accessed: Apr. 16, 2025. [Online]. Available: https://www.enisa.europa.eu/news/blue-olex-2023-getting-ready-for-the-next-cybersecurity-crisis-in-the-eu
    [14]. “CISA Tabletop Exercise Packages | CISA.” Accessed: Apr. 16, 2025. [Online]. Available: https://www.cisa.gov/resources-tools/services/cisa-tabletop-exercise-packages
    [15]. “The EU Cyber Diplomacy Toolbox: An In-Depth Analysis of Cyber Diplomacy.” Accessed: Apr. 16, 2025. [Online]. Available: https://www.cyber-diplomacy-toolbox.com/
    [16]. “ECYBRIDGE TTX #1.” Accessed: Apr. 16, 2025. [Online]. Available: https://ecybridge-ttx1.cyber-edu.co/?tenant=cyberedu



    Additional Information

    Article Title: Enhancing Civil-Military Cyber Resilience Lessons from the ECYBRIDGE Tabletop Exercise
    Author(s): PREDA, Marius; POPESCU, Valeria; ARGINT, Cornel; IANCU, Niculae; RAICU, Gabriel; ENE, Gabriel
    Date of Publication: 2025-06-30
    Publication: International Journal of Information Security and Cybercrime
    ISSN: 2285-9225 e-ISSN: 2286-0096
    Digital Object Identifier: 10.19107/IJISC.2025.01.01
    Issue: Volume XIV, Issue 1, Year 2025
    Section: Advances in Information Security Research
    Page Range: 11-27 (17 pages)



    Copyright ©2012-2026
    The International Journal of Information Security and Cybercrime (IJISC)

    All rights reserved
    The International Journal of Information Security and Cybercrime is a trademark of the Romanian Association for Information Security Assurance (RAISA).
    No part of this publication may be reproduced, stored in a retrieval system, photocopied, recorded or archived, without the written permission from RAISA. When authors submit their papers for publication, they agree that the copyright for their article be transferred to the Romanian Association for Information Security Assurance, if the articles are accepted for publication. The copyright covers the exclusive rights to reproduce and distribute the article, including reprints and translations.