The European Union Agency for Cybersecurity (ENISA)

The European Union Agency for Cybersecurity (ENISA) 

The European Union Agency for Cybersecurity, ENISA, is the Union's agency dedicated to achieving a high common level of cybersecurity across Europe.

This agency has been working to make Europe cyber secure since 2004. The Agency is located in Athens, Greece and has a second office in Heraklion, Greece.

ENISA is actively contributing to European cybersecurity policy, supporting Member States and European Union stakeholders to support a response to large-scale cyber incidents that take place across borders in cases where two or more EU Member States have been affected. This work also contributes to the proper functioning of the Digital Single Market.

The Agency works closely together with Member States and private sector to deliver advice and solutions as well as improving their capabilities. This support includes inter alia:

• the pan-European Cybersecurity Exercises,
• the development and evaluation of National Cybersecurity Strategies,
• CSIRTs cooperation and capacity building,
• studies on IoT and smart infrastructures, addressing data protection issues, privacy enhancing technologies and privacy on emerging technologies, eIDs and trust services, identifying the cyber threat landscape, and others.

ENISA also supports the development and implementation of the European Union's policy and law on matters relating to network and information security (NIS) and assists Member States and European Union institutions, bodies and agencies in establishing and implementing vulnerability disclosure policies on a voluntary basis.

Since 2019, following the bringing into force of the Cybersecurity Act (Regulation 2019/881), ENISA has been tasked to prepare the ‘European cybersecurity certification schemes’ that serve as the basis for certification of products, processes and services that support the delivery of the Digital Single Market.

The  European Cybersecurity Act introduces processes that support the cybersecurity certification of ICT products, processes and services. In particular, it establishes EU wide rules and European schemes for cybersecurity certification of such ICT products, processes and services.

What we do

Empowering Communities

Cybersecurity is a shared responsibility. Europe strives for a cross sectoral, all-inclusive cooperation framework. ENISA plays a key role in stimulating active cooperation between the cybersecurity stakeholders in Member States and the EU institutions and agencies. It strives to ensure complementarity of common efforts, by adding value to the stakeholders, exploring synergies and effectively using limited cybersecurity expertise and resources. Communities should be empowered to scale up the cybersecurity model.

Cybersecurity Policy

Cybersecurity is the cornerstone of digital transformation and the need for it permeates all sectors, therefore it needs to be considered across a broad range of policy fields and initiatives. Cybersecurity must not be restricted to a specialist community of technical cyber experts. Cybersecurity must therefore be embedded across all domains of EU policy. Avoiding fragmentation and the need for a coherent approach while taking into account the specificities of each sector is essential.

Operational Cooperation

The benefits of the European digital economy and society can only be fully attained under the premise of cybersecurity. Cyber-attacks know no borders. All layers of society can be impacted and the Union needs to be ready to respond to massive (large scale and cross-border) cyber-attacks and cyber crisis. Cross-border interdependencies have highlighted the need for effective cooperation between Member States and the EU institutions for faster response and proper coordination of efforts at all levels (strategic, operational, technical and communications).

Capacity Building

The frequency and sophistication of cyberattacks is rising speedily, while at the same time the use of ICT infrastructures and technologies by individuals, organisations, and industries is increasing rapidly. The needs for cybersecurity knowledge and competences exceeds the supply. The EU has to invest in building competences and talents in cybersecurity at all levels, from the non-expert to the highly skilled professional. The investments should focus not only on increasing the cybersecurity skillset in the Member States but also on making sure that the different operational communities possess the appropriate capacity to deal with the cyber threat landscape.

Trusted Solutions

Digital products and services bring benefits as well as risks, and these risks must be identified and mitigated. In the process of evaluating security of digital solutions and ensuring their trustworthiness, it is essential to adopt a common approach, with the goal to strike a balance between societal, market, economic and cybersecurity needs. A neutral entity acting in a transparent manner will increase customer trust on digital solutions and the wider digital environment.

Foresight

Numerous new technologies, still in their infancy or close to mainstream adoption, would benefit from the use of foresight methods. Through a structured process enabling dialogue among stakeholders, decision- and policy-makers would be able to define early mitigation strategies that improve the EU resilience to cybersecurity threats and find solutions to address emerging challenges.

Knowledge

The energy that fuels the mill of cybersecurity is information and knowledge. For cybersecurity professionals to be efficient at tackling our objectives, to work in a constantly moving environment – in terms of digital developments as well as with regard to actors – to face the challenges of our time, we need a continuous process of collecting, organising, summarising, analysing, communicating, and maintaining cybersecurity information and knowledge. All phases are essential to ensure that information and knowledge is shared and expanded within the EU cybersecurity ecosystem.

ENISA Topics

• Awareness Raising
• Certification
• Cloud
• COVID19
• Critical infrastructure
• Cryptography
• Cyber Crisis Management
• Cyber Threats
• Cybersecurity Policy
• Education
• Emerging Technologies
• Foresight
• Incident Reporting
• Incident response
• Market
• National Cybersecurity Strategies
• Research and Innovation

Promoting targeted R&I of cybersecurity technology and solutions that actually meet the needs and priorities to protect the Union from cyber threats.

Subtopics:

• R&I Roadmap
• R&I observatory
• EU funding in cybersecurity

Explore topic

• Risk Management
• Standards
• Training and Exercises
• Vulnerability Disclosure

See also :

• ENISA: Programming Document 2020-2022
• ENISA: 15 years of building cybersecurity bridges together
• ENISA: EU Cybersecurity Institutional Map
   

ENISA's activities
ENISA's approach is further illustrated below by presenting its activities in different areas:

• Recommendations on cybersecurity and independent advice
• Activities that support policy making and implementation
• ‘Hands On’ work, where ENISA collaborates directly with operational teams throughout the EU
• Bringing together EU Communities and coordinating the response to large scale cross-border cybersecurity incidents
• Drawing up cybersecurity certification schemes