FantasticSearch

1. In order to support at operational level the coordinated management of major incidents affecting Union entities and to contribute to the regular exchange of relevant information among Union entities and with Member States, the IICB shall, pursuant to Article 11, point (q), establish a cyber crisis management plan based on the activities referred to in Article 22(2), in close cooperation with CERT-EU and ENISA. The cyber crisis management plan shall include at least the following elements:

(a) arrangements concerning coordination and information flow among Union entities for the management of major incidents at operational level;

(b) common standard operating procedures (SOPs);

(c) a common taxonomy of major incident severity and crisis triggering points;

(d) regular exercises;

(e) secure communication channels that are to be used.

2. The Commission representative in the IICB shall, subject to the cyber crisis management plan established pursuant to paragraph 1 of this Article and without prejudice to Article 16(2), first subparagraph, of Directive (EU) 2022/2555, be the point of contact for the sharing of relevant information in relation to major incidents with EU-CyCLONe.

3. CERT-EU shall coordinate among the Union entities the management of major incidents. It shall maintain an inventory of the available technical expertise that would be needed for incident response in the event of major incidents and assist the IICB in coordinating Union entities’ cyber crisis management plans for major incidents referred to in Article 9(2).

4. The Union entities shall contribute to the inventory of technical expertise by providing an annually updated list of experts available within their respective organisations detailing their specific technical skills.