Current CRRT Rotation

Flag BE

For the year of 2025, Rotating Participant, Chairing the Cyber Rapid Response Teams (CRRT) Council, is Belgium. The Rotating Participant will continue to enhance the collaboration between participating Member States, ensure the planned and unplanned activities in 2025 will be implemented smoothly. The 2025 will bring about a handful of important plans, including international cyber exercises and annual CRRT Council meetings, CRRT support for partner-states, etc.

The role of the Rotating Participant:

The Rotating Participant is responsible for leading the operational aspects of the CRRT capability, such as:

  • Implementing the CRRTs Annual Activity Plan.
  • Initiating and co-chairing the CRRT Council meetings together with the Lead Participant when a cyber incident takes place.
  • Organising CRRT exercise once per each rotation during the first half of the year.
  • Organising a training for the CRRT.
  • Coordinating planned activities, as approved by the CRRT Council.
  • Organising the Annual meeting of Participants in the first quarter of each calendar year, if needed.

CRRT rotations in perspective:

2024: Sixth CRRT rotation led by Lithuania:

  • 2 International cyber exercises – AmberMist24 (Lithuania) and CyberNet24 ( the Netherlands).
  • 3 CRRT activations managed: twice in support of Moldova (the second activation being the largest so far, with 2 CRRT teams being deployed consequently), and in support of cyber security during European Parliamentary elections in Lithuania.
  • 3 new project Member States (Austria, Latvia and Italy).
  • 2 trainings for CRRT experts – one organised in Poland by PL Cyber Command and another training in Lithuania.
  • 2 CRRT Council meetings in Vilnius – Celebratory and Annual.
  • Major updates to the CRRT SOPs introduced and to be adopted in 2025.

2023: Fifth CRRT rotation led by Croatia:

  • Organized participation in 2 international cyber exercises – AmberMist23 and CyberNet23.
  • CRRT activation in EUTM Mozambique.
  • 3 new project Member States (Belgium, Slovenia and Denmark) and 1 new observer (Austria).
  • CRRT Council procedures test in MILEX23 exercise.

2022: Fourth CRRT rotation led by Romania:

  • Organized 2 common operational cyber exercises ('SANS CTF', NL and 'Amber Mist', LT).
  • CRRT mechanism adopted and successfully used beyond EU: CRRT support was requested and organized in third-states.

2021: Third CRRT rotation led by Poland:

  • Full Operational Capability (FOC) reached: Exercise Alarmex 2021 was executed in unusual conditions, COVID-19 related risks had to be managed as well, however, the objectives have been achieved and the decision-making has been tested, CRRT deployment and incident management have been executed.
  • CRRT took part in International CTF exercise and were ranked 19th among 54 participants.
  • CRRT webpage was launched.

2020: Second CRRT rotation: first multinational capability, led by Lithuania:

  • 2 common operational cyber exercises ('SANS CTF', NL and 'Amber Mist', LT).
  • 1 ITU 'Building an effective cybersecurity team' training course conducted.
  • a black box vulnerability assessment of the business critical Central Electoral Commission's web-servers accomplished before the Parliamentary elections in Lithuania.
  • Memorandum of Understanding “Cyber Rapid Response Teams and Mutual Assistance in Cyber Security” between project Member States signed.

2019: First CRRT rotation: Dutch national team, led by the Netherlands:

  • Initial Operational capability reached.
  • Common cyber operational exercise 'Amber Mist' 2019.
EU logo