A trusted and cyber secure Europe

The EU Agency for Cybersecurity (ENISA) aims to act as a centre of expertise in cybersecurity, assisting with the development of Union policy, operational cooperation, cybersecurity certification and standardisation, and promoting capacity building.

The EU Agency for Cybersecurity (ENISA) aims to act as a centre of expertise in cybersecurity, assisting with the development of Union policy, operational cooperation, cybersecurity certification and standardisation, and promoting capacity building. These tasks were expanded upon by the Cybersecurity Act[1], providing a new mandate to the Agency.

The frequency and complexity of cyberattacks is increasing, while at the same time the use of ICT infrastructures and technologies by individuals, organisations, and industries is growing rapidly, as seen particularly during the Covid-19 pandemic.

The need for high-quality cybersecurity knowledge and competences exceeds the current supply. The EU has to invest in building competences and talents in cybersecurity at all levels, from the non-expert to the highly skilled professional. The investments aim to close the skills gaps but also endeavours for the different operational communities to have the necessary capacity to deal with the cyber threat landscape.

The Agency spearheads a number of capacity building actions to support the European Union to respond to cybersecurity challenges, namely:

Supporting National Cybersecurity Strategies

The Agency helps Member States develop their national cybersecurity strategies. The purpose of such strategies is to provide political guidance by defining policy options, prioritising objectives and providing advice for allocating limited resources. ENISA has developed a number of tools to help Member States design feasible approaches for matching their national needs in relation to their specific objectives, challenges and resources. An example of such tools is the National Cyber Security Strategies interactive map[2] gathering all strategy documents from Member States. ENISA has also developed an evaluation tool[3] to help Member States assess the maturity of their strategies.

Cyber exercises

Using simulations of large-scale cybersecurity incidents escalating into cyber crises, cyber exercises are inspired by real-life events. They offer participants an opportunity to analyse the processes behind advanced technical incidents and provide a truly unique way of preparing for real-life events by:

  • contingency planning in relation to complex business continuity and crisis management situations;
  • creating a unique set of circumstances for analysing different scenarios and for seeking synergies;
  • testing the cooperation needed between different actors;
  • examining the challenges from the communication perspective such as how to handle public relations and media.

The Agency has been organising Cyber Europe[4], a biannual pan-European exercise since 2010. The next Cyber Europe (2021) exercise will be revolve around a healthcare scenario based on real-life situations.
BlueOLEX is a high-level table-top exercise meant to establish a coordinated response to large scale cross-border cybersecurity incidents and crises. The last edition in 2019 took place in Paris and included the participation of 23 Member States and the Agency will continue to pursue this exercise framework in 2020 and beyond.
These exercises constitute a unique learning experience for participants and a valuable tool to help understand the many aspects of the cybersecurity challenges. They allow the testing of capabilities and of the decision-making powers of the Member States. In addition, they offer a meeting platform for stakeholders of the various levels within the cybersecurity ecosystem.

Learning and development

The Agency develops skills for the Incident Response community in the field of operational security. To achieve a cyber secure Europe, EU Member States need to attract a large number of students to pursue a career in cybersecurity. ENISA promotes cybersecurity skills development in the EU[5] and has recently launched a cybersecurity higher education database[6] to support such efforts.

Fostering international cooperation

As a newly mandated task for the Agency, ENISA is preparing a strategy for relations with third countries and international organisations. The strategic objectives set by the Union could act as incentives for other countries to follow suit, paving the way to possible harmonisation of legal frameworks around the globe.
The Agency is currently working on a new project to organise an international cybersecurity challenge in 2021 after the success of the European cybersecurity challenge[7]. One of the main purposes of the event is to raise awareness and invite more people to engage in cybersecurity careers as well as create a global network of experts.
Learn more by visiting the European Union Agency for Cybersecurity (ENISA) website[8]




Keep reading similar articles
Regional training on “Designing and Executing Cybersecurity Exercises”

The Latin America and Caribbean Cyber Competence Centre (LAC4) in Santo Domingo started the new training year with a regional seminar focused on the foundations of designing and executing cybersecurity exercises.

By Liina Areng, Regional Programme Lead, EU CyberNet
Cyber Capacity Building Collaborative Transformation: Good practice from the Dominican Republic [1]

This article takes a look on lessons from the Dominican Republic on how capacity building endeavours are enhanced if the recipient country adopts and replicates delivered trainings to engage wider local audience.

By César Moline Rodríguez, LAC4 Policy Expert
Regional Cybersecurity Conference for Internet Service Providers in Santo Domingo

The EU CyberNet, in collaboration with Cyber4Dev, Dominican Institute of Telecommunications (INDOTEL) and the National Cybersecurity Centre of the Dominican Republic are hosting a Regional Cybersecurity Conference for Internet Service Providers in Santo Domingo, Dominican Republic from 19-21 October 2021.

By Liina Areng, Regional Programme Lead, EU CyberNet
EU CyberNet – same kid, new and larger block

EU CyberNet, the EU’s external cyber capacity building network introduced in GCEM issue 6, has recently been granted an extended mandate with new tasks. With the CynAct platform now online and regular events taking place for the cyber security experts enlisted in the network, the project is to launch a new competence center for the Latin American and Caribbean region as well as to reach out to the EU Delegations worldwide. Siim Alatalu, Director of EU CyberNet, explains why this would be a good time to get involved.

Global Cyber Expertise Magazine / By Siim Alatalu, Director, EU CyberNet
How COVID-19 became a dominant issue in the cyber threat environment

Ilmar Üle from CERT-EU writes how COVID-19 became a dominating topic in current cyber threat environment as seen from the point of view an experts tasked with protecting the EU institutions, bodies, and agencies. Data related to research offers great interest to data thieves and teleworking from home via unsecured home networks is an additional favour COVID-19 has done to malicious hackers.

By Ilmar Üle, CERT-EU
To those who commit cyber crimes, national borders are meaningless lines on a map

It can prove rather difficult to explain the digitalised nature of Estonia to a complete stranger, particularly if they have zero experience of e-services and online solutions. But I’ll give it a go.

Margus Noormaa
By Margus Noormaa, Director General, Estonian Information System Authority