The EU Agency for Cybersecurity (ENISA) aims to act as a centre of expertise in cybersecurity, assisting with the development of Union policy, operational cooperation, cybersecurity certification and standardisation, and promoting capacity building. These tasks were expanded upon by the Cybersecurity Act[1], providing a new mandate to the Agency.
The frequency and complexity of cyberattacks is increasing, while at the same time the use of ICT infrastructures and technologies by individuals, organisations, and industries is growing rapidly, as seen particularly during the Covid-19 pandemic.
The need for high-quality cybersecurity knowledge and competences exceeds the current supply. The EU has to invest in building competences and talents in cybersecurity at all levels, from the non-expert to the highly skilled professional. The investments aim to close the skills gaps but also endeavours for the different operational communities to have the necessary capacity to deal with the cyber threat landscape.
The Agency spearheads a number of capacity building actions to support the European Union to respond to cybersecurity challenges, namely:
Supporting National Cybersecurity Strategies
The Agency helps Member States develop their national cybersecurity strategies. The purpose of such strategies is to provide political guidance by defining policy options, prioritising objectives and providing advice for allocating limited resources. ENISA has developed a number of tools to help Member States design feasible approaches for matching their national needs in relation to their specific objectives, challenges and resources. An example of such tools is the National Cyber Security Strategies interactive map[2] gathering all strategy documents from Member States. ENISA has also developed an evaluation tool[3] to help Member States assess the maturity of their strategies.
Cyber exercises
Using simulations of large-scale cybersecurity incidents escalating into cyber crises, cyber exercises are inspired by real-life events. They offer participants an opportunity to analyse the processes behind advanced technical incidents and provide a truly unique way of preparing for real-life events by:
- contingency planning in relation to complex business continuity and crisis management situations;
- creating a unique set of circumstances for analysing different scenarios and for seeking synergies;
- testing the cooperation needed between different actors;
- examining the challenges from the communication perspective such as how to handle public relations and media.
The Agency has been organising Cyber Europe[4], a biannual pan-European exercise since 2010. The next Cyber Europe (2021) exercise will be revolve around a healthcare scenario based on real-life situations.
BlueOLEX is a high-level table-top exercise meant to establish a coordinated response to large scale cross-border cybersecurity incidents and crises. The last edition in 2019 took place in Paris and included the participation of 23 Member States and the Agency will continue to pursue this exercise framework in 2020 and beyond.
These exercises constitute a unique learning experience for participants and a valuable tool to help understand the many aspects of the cybersecurity challenges. They allow the testing of capabilities and of the decision-making powers of the Member States. In addition, they offer a meeting platform for stakeholders of the various levels within the cybersecurity ecosystem.
Learning and development
The Agency develops skills for the Incident Response community in the field of operational security. To achieve a cyber secure Europe, EU Member States need to attract a large number of students to pursue a career in cybersecurity. ENISA promotes cybersecurity skills development in the EU[5] and has recently launched a cybersecurity higher education database[6] to support such efforts.
Fostering international cooperation
As a newly mandated task for the Agency, ENISA is preparing a strategy for relations with third countries and international organisations. The strategic objectives set by the Union could act as incentives for other countries to follow suit, paving the way to possible harmonisation of legal frameworks around the globe.
The Agency is currently working on a new project to organise an international cybersecurity challenge in 2021 after the success of the European cybersecurity challenge[7]. One of the main purposes of the event is to raise awareness and invite more people to engage in cybersecurity careers as well as create a global network of experts.
Learn more by visiting the European Union Agency for Cybersecurity (ENISA) website[8]
[1] https://eur-lex.europa.eu/eli/reg/2019/881/oj
[2] https://www.enisa.europa.eu/topics/national-cyber-security-strategies/ncss-map/national-cyber-security-strategies-interactive-map
[3] https://www.enisa.europa.eu/topics/national-cyber-security-strategies/national-cyber-security-strategies-guidelines-tools/national-cyber-security-strategies-evaluation-tool
[4] https://www.enisa.europa.eu/topics/training-and-exercises/cyber-exercises/cyber-europe-programme
[5] https://www.enisa.europa.eu/publications/the-status-of-cyber-security-education-in-the-european-union
[6] https://www.enisa.europa.eu/topics/education/cyberhead#/
[7] https://ecsc.eu/
[8] https://www.enisa.europa.eu/