The European Union Agency for Cybersecurity (ENISA) conducted the 8th edition of the Cyber Europe exercise on 10-11 June 2026, simulating large-scale cyberattacks on European rail and maritime infrastructure to test collective crisis response and resilience. The exercise involved over 5,000 participants from national cybersecurity agencies, EU and EFTA public and private sectors, and EU entities, coordinated by more than 100 cybersecurity experts.
Participants faced realistic scenarios inspired by real-world events, including coordinated attacks on port logistics and navigation systems causing cargo halts and near-collisions, interference with railway networks freezing cross-border trains, and ransomware targeting transport authorities and ticketing services that exposed sensitive passenger data and fueled hacktivist disinformation. The exercise aimed to enhance information sharing and situational awareness at technical, operational, and political levels.
Testing the EU Cybersecurity Blueprint and the Cybersecurity Reserve
This year's edition put the revised EU Cybersecurity Blueprint for crisis management, adopted in June 2025, to the test by requiring coordinated action across technical, operational, and political levels. For the first time, the EU Cybersecurity Reserve was activated under the exercise scenario, following ENISA's Standard Operating Procedure. The Reserve, established under Article 14 of the EU Cyber Solidarity Act and operated by ENISA, provides incident response services from trusted managed security service providers.
Executive Vice-President for Tech Sovereignty, Security, and Democracy Henna Virkkunen said: "Transport is essential to our economy and daily lives, but it is also a target for cyber threats. When ports or railways are hit, effects can reach far beyond transport, disrupting trade, military mobility and crisis response. As hybrid threats blur the line between civilian and military infrastructure, preparedness is not optional." ENISA Executive Director Juhan Lepassaar added: "Cyber dependencies across Europe's critical infrastructure is our operational reality. Our interconnected systems that drive our economies and societies also expose us to common threats, thus cybersecurity is a shared responsibility."
Transport sector vulnerability and next steps
According to ENISA's Threat Landscape findings, transport has been among the top-five most targeted sectors for the past two years. The ENISA NIS360 report indicates both rail and maritime sectors are in the risk zone, with lower-than-average cybersecurity maturity and criticality exceeding their maturity. The sectors face challenges integrating legacy operational technology with modern systems while maintaining safety and reliability, and their increasing role in military logistics raises their strategic attractiveness as targets.
Following ENISA's Cybersecurity Exercise Methodology, an evaluation and analysis will be conducted to identify weaknesses, with findings consolidated in After-Action reports providing guidance for improving preparedness and response processes.
Stakeholder impact and trade-offs
The exercise highlights a tension between operational continuity and cybersecurity investment. For transport operators (rail and maritime), the simulated disruptions demonstrate that cyber incidents can halt cargo, delay commuters, and compromise safety, imposing direct economic and reputational costs. However, participating in such exercises requires dedicating staff and resources away from daily operations, a burden particularly heavy for smaller operators. For EU and national cybersecurity authorities, the exercise provides valuable data to refine crisis coordination but also reveals gaps in cross-border information sharing and incident response capabilities. For passengers and businesses relying on transport, the exercise underscores the risk of service disruptions and data breaches, though no direct consumer impact occurred. For managed security service providers, the activation of the Cybersecurity Reserve opens a new market for incident response services, but also imposes compliance with ENISA's standard operating procedures and potential liability in crisis situations.
← Atlas › News › Digital & Communication