A trusted and cyber secure Europe

The EU Agency for Cybersecurity (ENISA) aims to act as a centre of expertise in cybersecurity, assisting with the development of Union policy, operational cooperation, cybersecurity certification and standardisation, and promoting capacity building.

The EU Agency for Cybersecurity (ENISA) aims to act as a centre of expertise in cybersecurity, assisting with the development of Union policy, operational cooperation, cybersecurity certification and standardisation, and promoting capacity building. These tasks were expanded upon by the Cybersecurity Act[1], providing a new mandate to the Agency.

The frequency and complexity of cyberattacks is increasing, while at the same time the use of ICT infrastructures and technologies by individuals, organisations, and industries is growing rapidly, as seen particularly during the Covid-19 pandemic.

The need for high-quality cybersecurity knowledge and competences exceeds the current supply. The EU has to invest in building competences and talents in cybersecurity at all levels, from the non-expert to the highly skilled professional. The investments aim to close the skills gaps but also endeavours for the different operational communities to have the necessary capacity to deal with the cyber threat landscape.

The Agency spearheads a number of capacity building actions to support the European Union to respond to cybersecurity challenges, namely:

Supporting National Cybersecurity Strategies

The Agency helps Member States develop their national cybersecurity strategies. The purpose of such strategies is to provide political guidance by defining policy options, prioritising objectives and providing advice for allocating limited resources. ENISA has developed a number of tools to help Member States design feasible approaches for matching their national needs in relation to their specific objectives, challenges and resources. An example of such tools is the National Cyber Security Strategies interactive map[2] gathering all strategy documents from Member States. ENISA has also developed an evaluation tool[3] to help Member States assess the maturity of their strategies.

Cyber exercises

Using simulations of large-scale cybersecurity incidents escalating into cyber crises, cyber exercises are inspired by real-life events. They offer participants an opportunity to analyse the processes behind advanced technical incidents and provide a truly unique way of preparing for real-life events by:

  • contingency planning in relation to complex business continuity and crisis management situations;
  • creating a unique set of circumstances for analysing different scenarios and for seeking synergies;
  • testing the cooperation needed between different actors;
  • examining the challenges from the communication perspective such as how to handle public relations and media.

The Agency has been organising Cyber Europe[4], a biannual pan-European exercise since 2010. The next Cyber Europe (2021) exercise will be revolve around a healthcare scenario based on real-life situations.
BlueOLEX is a high-level table-top exercise meant to establish a coordinated response to large scale cross-border cybersecurity incidents and crises. The last edition in 2019 took place in Paris and included the participation of 23 Member States and the Agency will continue to pursue this exercise framework in 2020 and beyond.
These exercises constitute a unique learning experience for participants and a valuable tool to help understand the many aspects of the cybersecurity challenges. They allow the testing of capabilities and of the decision-making powers of the Member States. In addition, they offer a meeting platform for stakeholders of the various levels within the cybersecurity ecosystem.

Learning and development

The Agency develops skills for the Incident Response community in the field of operational security. To achieve a cyber secure Europe, EU Member States need to attract a large number of students to pursue a career in cybersecurity. ENISA promotes cybersecurity skills development in the EU[5] and has recently launched a cybersecurity higher education database[6] to support such efforts.

Fostering international cooperation

As a newly mandated task for the Agency, ENISA is preparing a strategy for relations with third countries and international organisations. The strategic objectives set by the Union could act as incentives for other countries to follow suit, paving the way to possible harmonisation of legal frameworks around the globe.
The Agency is currently working on a new project to organise an international cybersecurity challenge in 2021 after the success of the European cybersecurity challenge[7]. One of the main purposes of the event is to raise awareness and invite more people to engage in cybersecurity careers as well as create a global network of experts.
Learn more by visiting the European Union Agency for Cybersecurity (ENISA) website[8]




Keep reading similar articles
How COVID-19 became a dominant issue in the cyber threat environment

Ilmar Üle from CERT-EU writes how COVID-19 became a dominating topic in current cyber threat environment as seen from the point of view an experts tasked with protecting the EU institutions, bodies, and agencies. Data related to research offers great interest to data thieves and teleworking from home via unsecured home networks is an additional favour COVID-19 has done to malicious hackers.

By Ilmar Üle, CERT-EU
To those who commit cyber crimes, national borders are meaningless lines on a map

It can prove rather difficult to explain the digitalised nature of Estonia to a complete stranger, particularly if they have zero experience of e-services and online solutions. But I’ll give it a go.

Margus Noormaa
By Margus Noormaa, Director General, Estonian Information System Authority
COVID-19 impact measures & recommendations from EU cyber projects

The COVID-19 crisis and subsequent lockdown rules have left its mark on every aspect of our lives. The cross-border nature of capacity building work meant that lockdown presented also challenges to continuation of implementation to EU funded cyber capacity building projects.

By EU CyberNet team
EU CyberNet – The new kid on the EU cyber capacity building block

It has now been 7 years since the EU adopted its first strategy for dealing with cyberspace. The 2013 “EU Cybersecurity Strategy: An open, Safe and Secure Cyberspace” inter alia urged the European Commission to recognize the need to develop cybersecurity capacity building initiatives.

Global Cyber Expertise Magazine / By Siim Alatalu, Director, EU CyberNet
International projects of the Information System Authority (RIA)

International projects are very important for RIA, as they help maintain Estonia’s positive image and raise the level of cybersecurity worldwide. They also provide a good opportunity for our staff to put their training skills to the test, establish work-related contacts across the globe, and share their best knowledge and experience with other countries.

Riigi Infosüsteemi Ameti aastaraamat 2020 / By Estonian Information System Authority