Deliverable D4.1 Guidelines on Cybersecurity Civil-Defence Cooperation

The deliverable D4.1 – Guidelines on Cybersecurity Civil-Defence Cooperation is part of COcyber’s Work Package (WP) 4, “Know-how, good practice sharing, and information transfer activities,” and brings together research and evidence on how Europe’s civilian and defence cybersecurity sectors can cooperate more effectively.
As cyber threats grow more complex and increasingly blur the boundaries between civilian and military domains, the report highlights the need for structured and trusted mechanisms for information exchange, joint response, and knowledge transfer. By analysing existing initiatives, extracting transferable lessons, and turning them into practical guidance, the deliverable supports stronger collaboration, knowledge sharing, and resilience across the European cybersecurity landscape.

From Research to Actionable Practices
Developed under Task 4.1, the report identifies and validates eleven transferable best practices that demonstrate successful civil-defence cooperation in cybersecurity. These practices address a range of operational needs, including real-time threat intelligence sharing, crisis management, joint training, and dual-use technology development.
Each practice was selected through a rigorous three-step process involving extensive desk research, stakeholder consultations, and expert validation. The work was led by the Université Libre de Bruxelles (ULB) with contributions from IVSZ and INFOBALT. More than 600 sources were reviewed, an open call for best practices was launched across the EU, and a panel of cybersecurity specialists provided final validation and rating of the shortlisted practices.
A Robust and Transparent Methodology
The study followed a structured, three-phase approach:
- Data collection and mapping of over 600 candidate practices from ENISA, EDA, NATO, and Horizon Europe repositories.
- Shortlisting and evaluation of 20 practices based on feasibility, scalability, innovation, and ethical considerations.
- Expert validation and rating of the final 11 practices, ensuring real-world relevance and transferability across national contexts.
This methodological transparency guarantees that the resulting guidelines are both evidence-based and operationally applicable.
Best Practices and Strategic Guidelines
Beyond identifying what works, the deliverable outlines seven strategic guidelines to enhance cross-sector cooperation in cybersecurity across the EU:
- Establish and promote common threat-intelligence frameworks.
- Harmonise governance and risk-management practices.
- Expand joint training, exercises, and capacity building.
- Foster legal and policy harmonisation.
- Promote operational integration and interoperability.
- Address workforce and resource challenges.
- Ensure continuous monitoring, evaluation, and improvement.
Together, these guidelines form a roadmap for a unified and adaptive European cybersecurity posture, enabling civilian and defence actors to collaborate more efficiently and respond collectively to emerging threats.
Deliverable D4.1 sets the foundation for the next stages of work, including Task 4.2 and Deliverable 4.5, which will translate these insights into policy recommendations and operational frameworks. By consolidating validated examples of cooperation and turning them into actionable guidance, this report contributes to a more integrated European cybersecurity ecosystem — one where civil and defence stakeholders share knowledge, resources, and innovation to safeguard Europe’s digital future.