In the first module were registered 58 participants from eleven EU Member States (Cyprus, Czech Republic, Finland, France, Greece, Italy, Poland, Portugal, Romania and Spain). They had a variety of backgrounds and areas of activity. Second module gathered 53 participants from 11 EU Member States (Belgium, Cyprus, Czech Republic, Germany, Spain, France, Greece, Italy, Poland, Portugal and Romania).
The fact that many of the participants from the first module (35 out of 53) followed the second would indicate the success of the modules in terms of concept and course organisation. Those who participated in both modules also gave additional and valuable feedback.
Changes were made to the second module in response to feedback from the first. Specifically, this related such aspects as organisation, curriculum and topics, adjustments made to address weaknesses, increased interaction between participants and trainers, as well as additional interactivity in terms of course materials and activities.
The second module opened with a CIP theory recap plenary. This comprised a very brief introduction to information on security risk management, the importance of risk in the national, sectoral and organisational context, and a brief review of relevant standards and frameworks. The issues covered focused on four main areas of critical infrastructure protection (Cyber, Transport, Energy and Space). There were alternating plenary sessions and “breakout rooms” in which groups of 7-9 participants interacted with a high level expert on a chosen topic.
One participant commented in the survey:
“The course was very intensive, and the right speakers were chosen for the topics. Improvements need to be made to the seminars – at times, owing to the limited time available, only a few of the participants expressed views. Grouping all seminars into one day would be more beneficial as people would start developing ties with one another and this would help ensure that the material is covered more thoroughly – an example of this was the exercise day, which was far way better in this respect. Other than that, the module was great, very comprehensive and very useful! Thanks!”
In addition, the course featured didactic online table-top exercises based on JRC’s POSEIDON platform, which has become a defining feature of the pilot course. POSEIDON (Platform-based Operational System for Events and Injects Distribution ONline) is a web-based platform, designed and developed by JRC. The platform supports the online running of complex, cross-sectoral exercises in both real and non-real time. This has increased the level of interaction between participants and experts. It has also helped the most reticent to speak up and take part in the conversations in the “breakout rooms”.
The participants were divided into four sectoral teams. These assumed specific CIP stakeholder roles giving responses to the events covered during the exercise. These teams were moderated by one or more individuals and a JRC expert was assigned to each team. The latter entered the findings of each team on to the POSEIDON platform.
Another participant commented on the course organization in the following terms:
“Much more interesting than the first module. I think it would be more interesting if there were two exercises, one at the beginning and one at the end to see whether the same solution was found. The exercise was very interesting, especially as you could see how other people of other nationalities and fields approached a specific problem.”
The scenario used was a EU military mobility exercise that a hostile actor had targeted through a physical and hybrid threats campaign. The participants were put into the following groups: critical infrastructure operators, the national coordinating authorities on CIP, the European coordinating authorities on CIP and an opportunistic actor, a geopolitical rival of the EU, looking to amplify the results of the disruptions (a “red team”). The teams debated and formulated responses to specific events that unfolded at certain time intervals during the scenario timeline. Feedback on interactivity and participation was very good, as was the interest in the unusual scenario.
Overall, the two-module course comprised a number of innovations. The first was the addition of table top scenarios, used as a pedagogical instrument to enhance learning. The second was the addition of pre-recorded lectures to the ILIAS platform, used as mandatory or optional course material. The lecturers had the same profile and role as those who taught the main course. In this way, optimal use was made of course time through asynchronous learning. A variety of course materials was assured, too. Thirdly, in the second module, fragmentation caused by the use of breakout rooms was addressed through note taking with data uploaded on to the ILIAS platform for the benefit other participants. When the course is rerun, it is recommended that use is made of the Big Blue Button application in ILIAS. This can simultaneously record breakout rooms discussions in the same classroom and optimise participants’ access to course content. This approach explains why the table top exercise was run in such a way as to generate detailed documentation of the decisions taken by each group. This affords participants an insight into the reasoning and approaches adopted by participants in other groups.
Comments by other participants:
- “It was a very good learning activity, thank you! Looking forward to a new module :)”
- “While some of the presentations need improvement, the overall course was excellent taking into consideration the difficulties of online training”
- “In my opinion, this course should have more than two modules. It is an extremely important course!”
