Skip to main content Logo of the federal government
2018 Annual Report

New website for

The federal Computer Emergency Response Team, or for short, is the operational service of the Centre for Cyber Security Belgium (CCB).'s mission is to detect, observe and analyse security problems online and to inform various target groups about them.

In August 2018, we launched a new website for You can report incidents, find advice and warnings and view our vacancies. It also contains general news and thematic guidelines. Be sure to take a look at

Participation in the Cyber Europe cyber exercise

Imagine this: It is a normal day at the airport, but suddenly there is a problem with the automatic check-in machines. Smartphone travel apps no longer work. The operators at the check-in desks no longer have access to their computers. Queues are forming immediately, and on the screens all flights are shown as cancelled. A radical group is said to be in control of the airport's critical systems. They have claimed responsibility for the incident and are using their propaganda channels to spread a call for action.

This was the scenario that more than 900 European cybersecurity specialists from 30 countries were presented with during the 2018 Cyber Europe (CE2018) exercise, which was held on 6 and 7 June 2018. A large team from Belgium participated.

As an international point of contact for cyber threats, the Centre for Cyber Security Belgium (CCB) organised and coordinated Belgium's participation in this biennial cyber exercise. The aim of the exercise is to promote European cooperation. In addition to, the CCB's operational department, the Crisis Centre (ADCC), ADIV, FCCU, BIPT, FPS Mobility, Belgocontrol, Proximus and Brussels Airport also took part.

Mission accomplished?

Ultimately, the participants were able to mitigate the incidents in a timely and effective manner. This shows that the European cybersecurity industry has become more professional in recent years and that actors are much better prepared. ENISA and the participants are planning a follow-up to the exercise and ENISA will publish a final report.

Such an exercise is not just useful, but absolutely necessary to test our procedures and to teach the various participants how to respond. Exercises need to be organised across national borders. After all, a large-scale cyber-attack almost always impacts several countries. We consider our participation to be very valuable and will draw lessons from the evaluation.

What is CyberEurope #2018?

The two-day exercise was organised by ENISA at their headquarters in Athens, Greece, while participants either stayed at their usual workplaces or gathered in crisis cells. ENISA led the exercise through a Cyber Exercise Platform (CEP), a virtual universe for a simulated world, including incident material, virtual news sites, social media, corporate websites and security blogs.

Participating countries: 30 (28 Member States + Switzerland and Norway)
Participating organisations: 300
When: 6-7 June 2018
Number of participants: more than 900 cyber security professionals.
Number of injections: 23,222's experts enjoy national and international recognition

Every day, new cyber threats are appearing. Our goal is to be prepared for these evolving threats by developing extensive expertise within

The recruitment and retention of qualified IT personnel is a challenge for several reasons: there is a general shortage of cyber security experts, there are limited university courses in the area of ICT security, and faces strong competition not only from the private sector but also from international organisations.

In addition, the information technology and information security industry is constantly evolving. The persons responsible for responding to security incidents must constantly adapt to new threats and tactics.'s employees therefore regularly receive appropriate training in various cyber security domains.

Personal development is necessary to keep employees up to date and satisfied. Having employees with advanced technological knowledge is a key success factor.

That is why offers its employees the opportunity to follow a number of valuable high-level training courses each year.

Interested in joining our dynamic team? Our vacancies can be found here.

  • Various on-site training courses took place in Stockholm, San Francisco, London, Paris, Amsterdam, Berlin, Rome, Prague, etc.
  • 24 courses x 5 days: 120 training days. 19 different participants in SANS: 6.31 training days per person.

International cooperation is very important to build a national CSIRT (Computer Security Incident Response Team). That is why is a member of a number of international networks.

  • Trusted Introducer (TI-CSIRT) was founded in 2000 to enable good cooperation between national CSIRTs in Europe. became a member in 2010.
  • is also a member of the European CSIRT Network, which is the network created in the NIS directive in which all member states, ENISA and the European Commission are represented.
  • In 2017, became a full member of the European Governments CERTs (EGC) group once again. This is a select group of about ten European CSIRTs, who work together closely on incident response and information exchange by building mutual trust.
  • FIRST is the CSIRTs’ global, international network. This year, is taking the necessary steps to become a member. In addition to active participation in multilateral networks, there are also good bilateral contacts with other cyber security services.

In order to maintain these international contacts, employees are actively involved in the meetings and workshops organised by these networks.

Early Warning System (EWS) and Quarterly Threat Reports

The EWS became operational, and staff are gradually adding their sources of information to the system and systematically delivering more reports and warnings.

The intelligence and security services were able to gradually increase their use of this platform in 2018, in accordance with the speed of their training. Since 2018, the CCB has organised Quarterly Threat Report meetings for Information and Security Services to discuss the main threats, vulnerabilities and incidents.

Within, an Early Warning System (EWS) has been set up to quickly inform Belgian providers of essential services about cyber threats, vulnerabilities and incidents. 

This EWS is fed with information from specialised companies and from partners, such as foreign CSIRTs. These information sources or feeds are shared with intelligence and security services and providers of essential services via the central EWS platform. In this way, threat warnings are sent out quickly and uniformly, to ensure appropriate measures can be taken.