The execution of the plan developed under the leadership of the High Commission for National Protection (Haut-commissariat à la protection nationale, HCPN) falls under the remit of the Prime Minister, Minister of State and the Minister of the Economy. All the ministries, agencies and departments of the State are required to cooperate with the implementation of the plan using all the means available to them.
A cyber emergency is a situation which results from an incident or attack which risks leading to a major malfunction or unavailability of communication systems and information processing which threatens the vital interests or essential requirements of all or part of the country or population of the Grand Duchy of Luxembourg.
In order to gain an understanding of an incident or cyber attack, the crisis management bodies either carry out an analysis of the information available on a national level or of information originating from abroad thanks to agreements in force.
As soon as the authorities become aware of a cyber incident, the Cyber Risk Evaluation Cell (CERC) is alerted and carries out an evaluation of the information available. If the incident is liable to have a significant impact, the High Commissioner for National Protection is alerted and informs the Prime Minister and Minister of State who then decides whether to activate the Crisis Cell.
The Crisis Cell (Cellule de crise, CC) is activated by the Prime Minister and Minister of State in the event that a crisis is imminent or has occurred. It initiates, coordinates and monitors the execution of all the measures intended to deal with the crisis and its effects in order to return the situation to normal. It prepares the necessary decisions and submits them to the government for approval. In the event that operational intervention is required on the ground, the CC's mission extends to coordinating and monitoring its execution.
In an emergency, the Crisis Cell is composed of:
- the High Commissioner for National Protection;
- the Director-General of the Grand Ducal Police;
- the Director of the State Intelligence Service;
- the Chief of Staff of the armed forces;
- the Director of the State Information Technology Centre;
- the head of the Media and Communications Service;
- the head of the Government Communication Centre;
- the Director of the government's Computer Emergency Response Team (CERT);
- the Director of the Computer Incident Response Center Luxembourg (CIRCL);
- the Director of the Office for crisis communication.
The CC operates throughout the duration of the crisis until the situation returns to normal.
Depending on the circumstances, the CC can be expanded to include representatives from the other ministerial departments involved and supplemented with representatives from Internet Service Providers (ISP) and sectors affected by the attack. The work of the government's CERT is mainly focussed on the public sector, and that of the CIRCL on the private sector.
The Crisis Cell can appoint an operational cell to execute, implement and monitor the ordered measures and activities.
In a cyber context, the functions of the Operational Cell are usually assumed by the CERC.
The Cyber Risk Evaluation Cell (CERC)
The CERC plays a two-fold role in crisis management:
- before the Crisis Cell (CC) is activated, the CERC firstly assesses the possible crisis situations and if they are sufficiently serious informs the High Commission for National Protection, and secondly makes preparations for the implementation of emergency measures;
- once the Crisis Cell has been activated, the CERC assessed the situation and provides the High Commissioner with regular updates.
Communication/Information Cell (CCI)
The CCI is in charge of communication and providing information for the media and citizens. The horizontal coordination of organising external communication falls to the Office for crisis communication.