Building a trusted and Cyber Secure Europe

by ENISA
Friday, August 5th, 2022

The European Union Agency for Cybersecurity is dedicated to achieving a high common level of cybersecurity across Europe.
For more than 15 years, ENISA has played a key role in enabling digital trust and security across Europe, together with its stakeholders including the Member States and EU bodies and agencies.

What do we do? In line with our mandate of the EU’s 2019 Cybersecurity Act, we:

• Empower communities to stimulate active cooperation, knowledge sharing and new synergies between Member States, EU institutions, bodies and agencies, and other key stakeholders in the cybersecurity ecosystem.
• Provide technical advice and support to all relevant EU-level actors in the development and above all implementation of cybersecurity policy areas.
• Support Member States and EU institutions and bodies in addressing potential large-scale incidents and crises in the area of operational cooperation, as well as helping to facilitate faster responses and proper coordination of efforts at all levels.
• Assist in building cybersecurity capacities to align cybersecurity competencies, professional experience and education structures, as well as to raise cybersecurity awareness and develop the necessary capabilities for the evolving threat environment across the EU.
• Form a central part of the EU’s efforts to increase confidence in ICT products, services and processes and trusted solutions in general, which can respond to the broad needs of the digital environment through the deployment of certification schemes in key technological areas.
• Engage in foresight to better understand and assess emerging cybersecurity threats and patterns, and to improve EU resilience through collaboration with stakeholders and appropriate mitigation strategies.
• Ensure that the right knowledge is available to all across the cybersecurity ecosystem and to achieve continuous improvement of services, thanks to the appropriate methodology, infrastructures and tools.

Our mission

• The mission of the EU Agency for Cybersecurity is to achieve a high common level of cybersecurity across the Union in cooperation with the wider community.
• ENISA acts as a centre of expertise on cybersecurity, collecting and providing independent, high quality technical advice and assistance to Member States and EU institutions,bodies and agencies on cybersecurity.
• ENISA also plays a role in policy, contributing to the development and implementation of the Union’s cyber policies.

Areas of work

Some flagship initiatives:

Cybersecurity Certification

• Under its mandate ENISA has the important task of proposing cybersecurity certification schemes under the EU’s Cybersecurity Certification Framework (Regulation (EU) 2019/881).The purpose of this framework is to establish and maintain trust and security on cybersecurity products, services and processes.
• Drawing up cybersecurity certification schemes at the EU level aims at providing criteria to carry out conformity assessments to establish the degree of adherence of products, services and processes against specific requirements. Users and service providers alike need to be able to determine the level of security assurance of the products, services and processes they procure, make available or use.
• EU cybersecurity certification schemes serve as the vehicle to convey such requirements from the EU policy level to the industry service provision level and further to the users and conformity assessment bodies.

Cyber Europe

• ENISA manages the programme of pan-European exercisesnamed Cyber Europe. This is a series of EU-level cyber incident and crisis management exercises for both the public and private sectors from the EU and EFTA Member States.
• The Cyber Europe exercises are simulations of large-scale cybersecurity incidents that escalate to become cyber crises.
• They offer opportunities to analyse advanced technical cybersecurity incidents but also to deal with complex business continuity and crisis management situations.
• Cyber Europe exercises feature exciting scenarios, inspired by real-life events, developed byEuropean cybersecurity experts.
• Thus each of the exercises is effectively a flexible learning experience for the participants. Under its new mandate, ENISA will strengthen the existing preventive operational capabilities thanks to exercises like Cyber Europe.

European cyber security month (ECSM)

• The European Cybersecurity Month (ECSM) is the European Union’s annual campaign dedicated to promoting cybersecurity among EU citizens and organisations, and to providing up-to-date online security information through awareness raising and sharing of good practices.
• The ECSM campaign is coordinated by the European Union Agency for Cybersecurity (ENISA) and the European Commission, and supported by EU Member States and hundreds of partners from Europe, and beyond.
• Each year a number of activities take place across Europe, including conferences, workshops, trainings, webinars, presentations, online quizzes and more.

The European (ECSC) and International Cybersecurity Challenge (ICC)

• European Cybersecurity Challenge (ECSC)
  • It enhances cybersecurity talent across Europe by connecting high potential individuals with industry-leading organisations in a cybersecurity competition.
  • This year it will take place from 13 to 16 September 2022 in Vienna, Austria.

Please see details here: European Cyber Security Challenge — ECSC

• International Cybersecurity Challenge (ICC)
  • ENISA, jointly with other regional and international organisations, decided to design and host the first International Cyber Security Challenge in Athens, Greece from 14 to 17 June 2022.
  • The aim of the challenge is to attract young talent and raise awareness in the community globally on the education and skills needed in the area of cybersecurity.

Please see details here: International Cybersecurity Challenge (ICC) — ENISA (europa.eu)

Main studies

• ENISA Threat Landscape (ETL)
  • ETL is an annual report on the status of the cybersecurity threat landscape that identifies prime threats, major trends observed with respect to threats, threat actors and attack techniques, and also describes relevant mitigation measures.
  • ETL 2021 is the ninth edition of the ENISA Threat Landscape (ETL) report.
  • In the process of constantly improving our methodology for the development of threat landscapes, ETL 2021 has been supported by a newly formatted ENISA ad hoc Working Group on Cybersecurity Threat Landscapes (CTL).
  • ETL 2021 report addresses the first 8 cybersecurity threat categories.
  • Supply chain threats, which fall under the 9th category, are analysed in detail, in a dedicated ENISA report.

Please see details here: ENISA Threat Landscape 2021 (1).pdf

Threat Landscape for Supply Chain Attacks

• Aim of this report is to map and study the supply chain attacks that were discovered from January 2020 to early July 2021.
• Based on the trends and patterns observed, supply chain attacks increased in number and sophistication in the year 2020 and this trend continued in 2021, posing an increasing risk for organizations.
• With half of the attacks being attributed to Advanced Persistence Threat (APT) actors, their complexity and resources greatly exceed the more common non-targeted attacks, and, therefore, there is an increasing need for new protective methods that incorporate suppliers in order to guarantee that organizations remain secure.

Please see details here: ENISA Threat Landscape for Supply Chain Attacks.pdf