WG3: Cyber Resilience of Economy, Infrastructure & Services WG3: Cyber Resilience of Economy, Infrastructure & Services

CISOs importance is growing but they lack links and support at the European level. Often CISOs do not have enough resources and weight and they are not as efficient as they could be when being alone. In addition, European legislations have an increasing impact on CISOs work frame. This is why a European approach is needed to build trust among CISOs (or equivalent) across sectors and countries.


  • 2016: Creation of WG3 around 8 identified sectors (Energy, Financial Services, Transportation, Health, Smart Cities, Industry 4.0, Telecom and Media, eGovernment).
  • September 2018: Creation of the Users Committee (UC) to gather CISOs and equivalent from ECSO members - Putting together initial ideas, identify priorities, challenges that could be addressed by this Committee.
  • 2020: Launch of the ECSO CISO survey supported by national public administrations to confirm issues and priorities identified in 2018 and provide the necessary kick-off to the re-organisation of WG3.
  • March 2021: ECSO Board approval of WG3 re-organisation and short term priorities: from WG3 and Users Committee to Cyber Resilience of Economy, Infrastructure & Services
  • April 2021: CISOs Survey Report published opening the door to new initiatives with CISOs

The WG3 has evolved into “CREIS”. It will be structured as a three-level pyramid. At the bottom, there will be the Community of Verticals (CoV). In the middle will be the CISOs European Community (CEC). And at the top level will feature the CISOs Strategic Committee (CSC). In the different levels of the pyramid the Traffic Light Protocol (TLP) will be applied according to the discussions specific to that level. as the confidentiality setting by default – red for the CSC, amber for the CEC, green for the CoV.

CISO Strategic Committee (CSC)

Trusted Cooperation and strategic intelligence sharing among CISOs of essential and important entities

The CSC will allow CISOs from essential and important entities (using the working of the NIS2) to have a confidential and trusted exchange of strategic intelligence among themselves and establish links with CSIRTs and law enforcement authorities. Membership is open to ECSO members’ CISOs only, and to non-ECSO members, while they finalise their ECSO membership procedure.

Main objectives:

  • IOCs (Indicator of Compromise) pan-European platform
  • Supply chain – Enhanced security-related contractual engagements
  • Strategic Threat Intelligence and Information sharing among Users & Operators.
  • Platform / network to support Rapid Reactions of private operators: umbrella to support private sector in case of crisis for operational cyber resilience
  • Risk Management & Threat Information Coordination - red level
  • Cooperation with the EU network of CSIRTs

CISOs European Community (CEC)

Policy support to CISO and general information sharing

The CEC will allow CISOs from all companies and EU countries to exchange lessons learned and best practices, share information on operational issues, develop positions and/or link with the ISACs and the European institutions, through regular networking and meetings on specific issues. Membership is open for free to ECSO members’ CISOs, but also to non-ECSO members CISOs on an ad personam level although non-ECSO members’ CISOs will have limited/restricted rights and an annual participation with a limited fee.

Main objectives:

  • Interaction with EU Institutions on policy and legislative priorities (e.g. NIS 2)
  • Link with EC initiatives, incl. Joint Cyber Unit for NIS 2 and NIS Coordination Group
  • Networking of CISOs across sectors and countries
  • Risk Management & Threat Information Coordination - amber level
  • Cooperation with / development of efficient and trusted ISACs at EU level
  • Other operational or policy initiatives from CISOs need

>> On June 7th, the CISOs European Community (CEC) was officially launched during a special webinar organised by ECSO. This event was a key opportunity to discuss what are the challenges CISOs encounter? What are their limitations? How do CISOs perceive and prioritise cyber-threats? What roles and responsibilities do CISOs hold inside their companies? How do CISOs approach certification in cybersecurity?

The CEC will allow CISOs to: 

  • NETWORK – The Community offers regular opportunities to expand your professional network with several events and meetings on relevant issues.
  • SHARE in a TRUSTED environment – The Community facilitates information and strategic cyber threat intelligence sharing among CISOs supported by a dedicated secure platform.
  • EXCHANGE – The Community offers the possibility to exchange lessons learned and best practices.
  • BE HEARD – The Community develops concrete recommendations addressed to both company management and political/legislative institutions at the national and European level as well as establishes strategic partnerships with European bodies/agencies such as ISACs, ENISA, etc.

Community of Verticals (CoV)

Policy support & networking for the different vertical applications

The CoV is intended to be an open forum ofexchange to facilitate the dialogue between Users (operators, companies,governments) and Suppliers/Providers of cybersecurity solutions to understandcyber threats and needs, envisage possible solutions, and supportimplementation of trusted and resilient solutions for key “verticals”.Membership is open to any representatives from ECSO members, but also tonon-ECSO members that are part of a stakeholders’ list.

Main objectives:

  • Link with EC activities (e.g.,certification – ECSO WG1 & legislative issues) – green level
  • Users’ strategic needs for sovereignsolutions
  • Federate European SOCs providers and Users
  • Support NIS-D implementation
  • Other policy or legislative aspectsstemming from the users / suppliers interaction


Contact ECSO Secretariat: