European Union Agency for Network and Information Security

PhD students from Norway meet with ENISA experts

Fri, 07/19/2019 - 11:28

ENISA experts and the PhD students conversed about IoT and smart infrastructure security, certification and standardisation, blockchain, and maritime security. Among important discussion topics was the new role and mandate of the Agency and the future activities of ENISA in this context.

Raising awareness and reaching out to cybersecurity communities is one of the key activities of ENISA that contributes to the improvement of EU’s cybersecurity posture. Thus, ENISA occasionally meets with representatives from academia, industry, and public sector.

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Annual report Trust Services Security Incidents 2018

Mon, 07/15/2019 - 11:25

The document gives an aggregated overview of security breaches with significant impact reported in 2018 by EU national supervisory bodies. It shows root causes, statistics and trends, and marks the third round of security incident reporting for the EU’s trust services sector.

According to the eIDAS regulation, trust service providers must notify these security breaches to their national supervisory body. The annual summary reporting for 2018 totalled 18 incident reports. A total of 28 EU countries and one 1 EFTA country take part in annual summary reporting.

Key statistics relating to the 2018 incidents

Malicious actions and system failures are the dominant root causes of reported incidents: System failures amount for 39% of the total incidents (consistent with 36% in 2017). Malicious actions have gone up to 39% (compared to 7% in 2017).

A few, but critical security breaches with cross border impact: Some 25% of the reported incidents had a cross-border impact. Although the ratio is small, the seriousness of the incidents was high: 75% of them were classified as level 4 – severe and 5 – disastrous.

Qualified e-signatures certificates creation – the most affected service: Roughly 50% of the incidents reported affected the qualified creation of qualified certificates for e-signatures.

The EU Agency for Cybersecurity ENISA

ENISA will provide advice and input on the upcoming eIDAS review by the Commission, due mid-2020. The Agency will also continue to support the national supervisory bodies with implementing the breach reporting under Article 19 eIDAS and to work towards making this process efficient and effective, yielding useful data, for the supervising bodies, for the authorities of other sectors, as well as for the trust service providers and the organisations relying on these trust services. 

Outlook

The cooperation network of authorities for national electronic identity systems and the group of national supervisory bodies for the electronic trust services market will benefit from the close collaboration on security supervision and information sharing about incidents, threats, good practices, etc.

Basic situational awareness about vulnerabilities and large-scale threats will help the supervisory bodies to do a more effective supervision. ENISA will continue to facilitate information sharing between the relevant authorities and supervisory bodies.

A close connection with regular exchange and updates about past incidents, threats, good practices, etc. between eIDAS, the European Electronic Communication Code (EECC) and the Digital infrastructures part of the NIS Directive is important, because these are closely related areas. ENISA will facilitate this and act as a bridge.

For the full report: Trust Services Security Incidents 2018 - Annual report


Background information

Electronic trust services are a range of services around digital signatures, digital certificates, electronic seals, timestamps, etc. which are used in electronic transactions, to make them secure. eIDAS, an EU regulation, is the EU wide legal framework ensuring interoperability and security of these electronic trust services across the EU. One of the goals of eIDAS is to ensure that electronic transactions can have the same legal standing as traditional paper based transactions. eIDAS is important for the European digital market because it allows businesses and citizens to work and use services across the EU. The eIDAS regulation was adopted in July 2014 and came into force in 2016.

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

ENISA Panel on Digital Sovereignty at CODE Annual Conference

Fri, 07/12/2019 - 08:54

© Copyright: @FI_CODE

Titled ‘How to Achieve Digital Sovereignty of Europe’, the panel saw the participation of high-level members: Klaus Vitt, State Secretary, Federal Ministry of Interior, Building and Community, Benedikt Zimmer, State Secretary, Federal Ministry of Defence, Roberto Viola, Director General, DG CONNECT, European Commission, Jorge Domecq, Executive Director, European Defence Agency, and Evert Dudok, Executive Vice President Communications, Intelligence and Security, Airbus Defence and Space.

Discussions revolved around current hot topics on the EU agenda, namely:

  • What exactly is digital sovereignty? Is there a clear priority or challenge that relates to digital sovereignty in Europe?
  • Are there possible mechanisms or clear responses to strengthen the EU’s position in the global digital society? Should this be driven by regulation, academic research, and/or subvention of public funding?
  • From a global perspective: how should Europe respond to the current market development and strength of global tech giants from outside the EU? Should Europe create its own champions? Should Europe invest in specific niches and further intensify its innovation by using the strength of its SMEs?
  • Should the EU change or develop specific regulation to support digital sovereignty? What kind of cooperation model has the most potential for success? What would be the role of government, industry and academia on local, national and European level?

On this occasion, Mr. Helmbrecht also launched ENISA’s consultation paper ‘EU ICT Industrial Policy: Breaking the Cycle of Failure’, a paper that aims to explore, amongst other topics, the area of digital sovereignty. He noted that the outcomes of this consultation will serve as input for a further publication and input into the discussions with the new European Commission and European Parliament.

The paper looks into the strengths and shortcomings of the ICT industrial policy in the EU from a cybersecurity perspective, with a view to how Europe can do better, and how the development of EU cybersecurity industry in the years to come can be rendered a success.

 “The question is if and why are examples of European leadership in ICT beginning to fade. Is there insufficient coordination in relation to cybersecurity in the EU? Could resources be deployed more efficiently? These are some of the questions that are being presented for discussion. We look forward to receiving your input into this consultation”, said Mr. Helmbrecht.

Secondly, ENISA also gave a workshop at the conference on ‘Challenges and Application of Threat Intelligence’ introducing our CTI Capability Framework and Maturity Model in the annual threat landscape report.

Finally, ENISA’s Head of Core Operations, Steve Purser moderated the workshop ‘Digital Souvereignty - A Must for Europe’ which provided a discussion on how a policy shift can be achieved and how we can move towards a more competitive and more digitally sovereign European ICT sector.

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

ENISA puts out EU ICT Industrial Policy paper for consultation

Wed, 07/10/2019 - 07:45

Copyright: Shutterstock

The paper serves as the basis for a consultation, where ENISA seeks the views of citizens, private and public stakeholders on how the European market may be understood and improved.

Interested parties are invited to submit their comments by 31 August 2019 by filling in the electronic survey.

The outcomes of this consultation will serve as input for a further publication and input into the discussions with the new European Commission and European Parliament.

The paper looks into the strengths and shortcomings of the ICT industrial policy in the EU from a cybersecurity perspective, with a view to how Europe can do better, and how the development of EU cybersecurity industry in the years to come can be rendered a success.

The paper identifies the current European ICT state-of-play, where in an average European office, ICT software and hardware are generally built and developed in Asia and the USA. Where Europe once led the world in the deployment of initially analogue and then mobile telecommunications technology such as GSM, Europe is now debating the appropriateness of the supply of 5G technology from non-European suppliers. Traditional EU mobile handset manufacturers are struggling to compete with major Asian and US suppliers.

Moreover, successful European businesses have been or are often acquired by larger companies from outside the EU. It is surprising to see how the European ICT industry is falling behind in the global competition race, while according to the European Commission, the EU Member States are among the most digitally advanced in the world.

Executive Director of ENISA Prof. Dr. Udo Helmbrecht: “The question is if and why are examples of European leadership in ICT beginning to fade. Is there insufficient coordination in relation to cybersecurity in the EU? Could resources be deployed more efficiently? These are some of the questions that are being presented for discussion. We look forward to receiving your input into this consultation.”

More information

ENISA Consultation Paper - EU ICT Industrial Policy
Privacy Statement



Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Technical dry-run training provided by ENISA

Tue, 07/09/2019 - 18:10

The training delivery is based on a newly developed training material in 2018 'Introduction to Network Forensics'.

This is the first time that the facility is used for a group training. The audience includes students from the Institute of Computer Science (ICS) of the Foundation for Research and Technology - Hellas (FORTH).

The training is half a day theoretical and 1,5 days of hands-on training. Based on the lessons learned from this dry-run, the training delivery will be tweaked and eventually the material will be delivered to CSIRT teams later this year.

More information on the training itself can be found here

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Visit to ENISA by the Agency's Management Board Chair and Vice-Chair

Wed, 07/03/2019 - 17:06

The visit at ENISA's premises in Marousi, Athens also included an engaged discussion with ENISA staff on the future role of the European Union Agency for Cybersecurity, which was presided by the chair, Jean-Baptiste Demaison, Vice-Chair, Krzysztof Silicki, Reinhard Posch and the ENISA executive director, Udo Helmbrecht.

The objective of the visit was the exchange of views on a variety of different subjects associated with the new European Cybersecurity Act, which gives ENISA a reinforced role and new tasks. Furthermore the ENISA's work programme was discussed as well as an increased collaboration with EU Member States.

 For more information:  ENISA Management Board

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

ENISA plays an active role at the first of its kind cyber crisis exercise, Blue OLEx 2019

Mon, 07/01/2019 - 15:52

This is a table-top exercise gathering the heads of national cybersecurity authorities of the EU Member States’, the European Commission and the European Union Agency for Cybersecurity.

The exercise will focus on the operational level of the European cyber crisis response’s framework also known as Blueprint, originally proposed by the European Commission in 2017.

The conclusions of this exercise will drive current and future initiatives for a closer and more efficient collaboration between Member States and EU Institutions in the framework of the Blueprint strategy.

For more information, refer to Blue Olex19 official press release.

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Join ENISA's Informal Expert Group on Technical Trainings

Tue, 06/25/2019 - 17:41

© Copyright: Shutterstock

As part of its efforts in supporting the development of Member States’ national incident response preparedness, ENISA offers a collection of CSIRT training material aimed at improving the skills of CSIRT teams and their personnel. ENISA regularly updates specific training resources in order to include content that is in line with current technologies and methodologies.

The updated material will help reinforce Member States (MS) CSIRTs skills and capacities in order to help them manage cybersecurity events efficiently. This is in line with Output 3.1.1 of the ENISA 2019 Work Programme (Update and provide technical trainings for MS and EU bodies).

The Informal Expert group on Technical Trainings should assist ENISA and its current and future Contractors with the current effort and with future Technical Training updates and similar initiatives.

For more information on the goal, composition and working methods of the Informal Expert group on Technical Trainings, please consult the Terms of Reference.

Experts of the group shall have technical background expertise and direct exposure on one or several of the following domains:

  • Providing technical trainings, preferably aimed at CSIRT and/or incident handling and response (IR) staff;
  • Developing technical trainings, preferably aimed at CSIRT and/or incident handling and response (IR) staff;
  • CISRT operations, tools and processes;
  • Development and/or orchestration of software tools aimed at CSIRT or IR teams.

Before applying please read the Terms of Reference and the Privacy Statement. Click here to apply.

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Vision for a Stronger Cybersecurity Community going forward – an ENISA industry event

Thu, 06/13/2019 - 11:15

Pictured from left to right: Falk Hermann, (Rohde & Schwarz), Axel Deininger (Secunet), Ilias Chantzos (Symantec), Brian Honan (BH Consulting), Udo Helmbrecht (ENISA), Steve Purser (ENISA), Ursula Pachl (BEUC), Oscar Tapp Scotting(UK), Aidan Ryan (ENISA)

The year 2019 already marks a challenging year for the European Union. The EU is facing multiple geopolitical challenges simultaneously, such as Brexit, but also cybersecurity related challenges such as maintaining EU’s digital sovereignty and securing European elections from outside interference. The EU is confronted with finding the right balance between the digital transformation of our society and preserving our core democratic values.

We must ensure that the EU ICT industry retains and develops essential cybersecurity technological capacities to secure its EU Digital Single Market. The Union must be in a position to autonomously secure its digital assets and to compete on global cybersecurity market. In 2018 the Union was a net importer of cybersecurity products and solutions and largely depending on non-European providers. The cybersecurity market is globally a 600 billion EUR market that is expected to grow in the next five years on average by approximately 17% in terms of sales, number of companies and employment.[1]

However, the European ICT industry is falling behind in the global competition race. Sandwiched between the giants of the ICT industry in the US and China, Europe is struggling to keep up and is losing hold of its own digital sovereignty. Surprisingly, this is while the EU and EU Member States are among the most digitally developed world economies. [2] 

Digital development should work for and not against the European market. Success requires risk. New business and regulatory frameworks need to be produced that anticipate the evolution of the market over the next 5 to 10 years and lay the groundwork for the success of the European ICT industry. In an increasingly inter-connected world, the European ICT sector should be strengthened and stimulated to improve its competitiveness in the global marketplace, as well as in the domestic marketplace.

In this context, the ‘Vision for a stronger cybersecurity community going forward’ event aims to look at a number of topics including the regulation of the internet and social media specifically with speeches from Thomas Myrup Kristensen, Facebook's Managing Director of EU Affairs and Oscar Tapp Scotting, the UK Government’s Online Harms Deputy Director.

Other speakers included Brian Honan from BH Consulting who spoke on threat intelligence, Jean-Pierre Quémard, President of Alliance pour la Confiance Numérique (ACN) on European competiveness and Gabi Dreo Rodosek from the CODE Research Institute at Universität der Bundeswehr München who expressed her concern for the lack of European market leaders in R&D.

Finally, a panel discussed the regulatory agenda for the new European Commission and the newly elected European Parliament, which provided preliminary recommendations from the industry on future potential policy initiatives.

ENISA, Executive Director, Udo Helmbrecht stated that “in an average European office, ICT software and hardware are generally built and developed in Asia and USA. Where Europe once led the world in the deployment of initially analogue and then mobile digital technology such as GSM, Europe is now debating the appropriateness of the supply of 5G technology from non-European suppliers. Traditional EU mobile handset manufacturers are struggling to compete with major Asian and US suppliers. We should emphasise to people European values such as trustworthiness and security of ICT products and services.”

Background

Since 2015, ENISA has been organising its Industry Events in an effort to stimulate the development of the EU network and information security (NIS) industry. The event aims to improve collaboration between ENISA and the private sector particularly SMEs.

ENISA is celebrating its 15th anniversary and on 27 June 2019 its new and permanent mandate will enter into force. The new mandate includes a role for ENISA in certification but also that ENISA will actively support the European Commission and EU Member States in the development, implementation and review of cybersecurity policy. Therefore following the important changes in the European Parliament and European Commission, ENISA takes the opportunity to discuss the future of European cybersecurity with its industry stakeholders.

[1] Proposal for a European Cybersecurity Competence Network and Centre (September 2018): http://ec.europa.eu/newsroom/dae/document.cfm?doc_id=54252

[2] European Commission, “I-DESI 2018”, 26 October 2018. Available at: https://ec.europa.eu/digital-single-market/en/news/how-digital-europe-compared-other-major-world-economies

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

The EU Cybersecurity Act: a new Era dawns on ENISA

Fri, 06/07/2019 - 15:53

The EU Cybersecurity Act will come into force on 27th June 2019.

In a shift towards a role that adds more value to the European Union, ENISA, which will henceforth be known as the EU Agency for Cybersecurity and will receive a permanent mandate.

Find out more: https://europa.eu/!bX86Fp.

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

ICANN CEO visits ENISA to discuss cybersecurity of the internet infrastructure

Mon, 06/03/2019 - 17:15

ICANN is an international, non-governmental and non-profit organization which manages the internet's namespace, i.e. the internet domain names, the DNS root registries. ICANN coordinates the global IP address space by handing out blocks of IP addresses to regional internet registries, like RIPE NCC for Europe. ICANN also hosts the archive of IETS RFCs which define today's internet protocols.  Much of the work that ICANN does is closely related to cybersecurity.

Among the topics of discussion were the big DNS hijacks which have been observed this year (also referred to as DNSpionage), the security issues of DNS in general, the issue of network slicing, elasticity of DNS for IoT, and the influence of EU companies and EU countries in international standards setting bodies like IETF and ITU.

Steve Purser, head of ENISA's core operations department, said: "ENISA acts as a cybersecurity hub, bringing together the right stakeholders and the right experts to develop a common approach to cybersecurity issues. We are looking forward to leverage ICANN's expertise on relevant cybersecurity issues, like the vulnerabilities in DNS. "

The EU's NIS Directive, adopted in 2016, which came into force in 2018, covers critical internet infrastructure like the European internet exchange points, top level domains and DNS. In the context of the NIS Cooperation Group, the NIS Directive's cooperation mechanism, ENISA is currently working with national authorities to develop an efficient approach to supervising of these critical parts of the EU's internet backbone.

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

ENISA meets Energy Community

Mon, 06/03/2019 - 11:04

The objective of the meeting was to engage ENISA with stakeholders from the energy sector, exchange views and create possible synergies.

Interesting discussions took place where ENISA and the Energy Community presented their activities in the energy sector cybersecurity. The Cybersecurity Act as well as the security certification issues were also discussed. Furthermore, the participants of the meeting agreed on the way forward and concrete steps to establish the collaboration between these two organisations.

 Background

The Energy Community is an international organisation, which brings together the European Union and its neighbours to create an integrated pan-European energy market. The key objective of the Energy Community is to extend the EU internal energy market rules and principles to countries in South East Europe, the Black Sea region and beyond on the basis of a legally binding framework.


Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

ENISA Permanent Stakeholders Group meets in Athens

Fri, 05/24/2019 - 15:05

The Executive Director of the Agency, Udo Helmbrecht chaired the meeting. He started by presenting the participants with the status and priorities of the Cybersecurity Act.

One of the most important items on the agenda tackled the role of the PSG in light of the new mandate of the Agency.

Mr. Purser gave input on ENISA’s latest work in the area of opinion papers and the Single Programming Document 2019 and requested the PSG’s input on Work Programme priorities and latest technology evolution.

Main topics on the agenda also included:

  • Final draft discussion on the ‘IoT and consumers’ working group;
  • Status update on working groups within the PSG;
  • Latest technology evolution;
  • Procedure for informing and communicating with the MB.

The PSG group advises the Executive Director on the development of the Agency’s work programme, and on ensuring the communication with the relevant stakeholders on all related issues.

The PSG is composed of “nominated members” and members appointed “ad personam”, in total 33 members from all over Europe. The PSG was established by the ENISA regulation (EU) No 526/2013.

The Management Board of ENISA, acting on a proposal by the Executive Director, sets up a PSG for a term of office of two and a half years. The term of office for the current PSG, which started in 2017, will end in 2020.

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

ENISA Permanent Stakeholders Group meet in Athens

Fri, 05/24/2019 - 15:01

The Executive Director of the Agency, Udo Helmbrecht chaired the meeting. He started by presenting the participants with the status and priorities of the Cybersecurity Act.

One of the most important items on the agenda tackled the role of the PSG in light of the new mandate of the Agency.

Mr. Purser gave input on ENISA’s latest work in the area of opinion papers and the Single Programming Document 2019 and requested the PSG’s input on Work Programme priorities and latest technology evolution.

Main topics on the agenda also included:

  • Final draft discussion on the ‘IoT and consumers’ working group;
  • Status update on working groups within the PSG;
  • Latest technology evolution;
  • Procedure for informing and communicating with the MB.

The PSG group advises the Executive Director on the development of the Agency’s work programme, and on ensuring the communication with the relevant stakeholders on all related issues.

The PSG is composed of “nominated members” and members appointed “ad personam”, in total 33 members from all over Europe. The PSG was established by the ENISA regulation (EU) No 526/2013.

The Management Board of ENISA, acting on a proposal by the Executive Director, sets up a PSG for a term of office of two and a half years. The term of office for the current PSG, which started in 2017, will end in 2020.

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

ENISA's workshop in Warsaw to discuss innovation in the context of National Cyber Security Strategies

Thu, 05/23/2019 - 11:15

© Copyright: Shutterstock

The discussions will focus on national objectives and priorities supporting research and innovation of cybersecurity technologies and services. National experts will have the opportunity to share good practices and discuss gaps and challenges related to funding, incentives, collaboration mechanisms and policy initiatives that shape the national or the European market.

In addition, the workshop will also cover aspects related to Information Sharing and Analysis Centres (ISACs), as well as public private co-operation.

Target audience

People who are involved in the development, implementation, and evaluation of national cyber security strategies (NCSS) and people involved in ISACs, more specifically:

  • National policy and decision makers;
  • Legislators, regulators, and national authorities;
  • Private sector;
  • Academia.

Experts from different Member States will be invited to present and discuss their views on the topics. 

Registration

Please register here: https://ec.europa.eu/eusurvey/runner/NCSSWorkshop.

For more information visit the event page.

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

ENISA is setting the ground for Industry 4.0 Cybersecurity

Mon, 05/20/2019 - 12:50

This work is following up on the recently published seminal study on ‘Good Practices for Security of IoT in the context of Smart Manufacturing

ENISA follows a holistic and comprehensive approach to the issues related to cybersecurity in Industry 4.0. It identifies the main challenges of facing the adoption of security in Industry 4.0 and Industrial IoT associated with one of the following categories: people, processes, and technologies. For each challenge, concrete and actionable recommendations are provided.

Who can benefit from ENISA’s work?

The adoption of the high-level recommendations proposed by ENISA aims at contributing to the enhancement of Industry 4.0 cybersecurity across the European Union and at laying the foundations for future developments.

ENISA lists high-level recommendations in order to facilitate the promotion and wider take-up of Industry 4.0 and relevant innovations in a secure manner. The recommendations are addressed to different key stakeholders groups, namely:

  •  Regulators;
  • Industry 4.0 security experts;
  • Industry 4.0 operators;
  • Standardisation community;
  • Academia and research & development bodies.

Practical advice on Industry 4.0 cybersecurity

Key recommendations for the stakeholders:

  •  Promote cross-functional knowledge on IT & OT security;
  • Clarify liability amongst industry 4.0 actors;
  • Foster economic and administrative incentives for industry 4.0 security;
  • Harmonise efforts on industry 4.0 security standards;
  • Secure supply chain management processes;
  • Establish industry 4.0 baseline for security interoperability;
  •  Apply technical measures to ensure industry 4.0 security.

For the full report: Industry 4.0 - Cybersecurity Challenges and Recommendations

ENISA has been building expertise in this area over the last years. ENISA’s work has become a focal point for IoT and smart infrastructures cybersecurity, with the ENISA IoT Baseline Security study and the IoT and Smart Infrastructures tool standing out. In the future, ENISA will continue its efforts to support all relevant actors of the IoT and Industry 4.0 ecosystem.

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

External audit on ENISA's 2018 financial accounts

Fri, 05/17/2019 - 10:30

© Copyright: Shutterstock

The auditors’ report concluded that both 2018 financial and budgetary performances of the Agency are fairly presented and in accordance with the financial regulations of the European Commission and the International Public Sector Accounting Standards. The annual accounts include the financial statements and the reports on the implementation of the ENISA budget.  

The audit illustrates the effectiveness of implemented financial controls that are in place with the Agency. 

The European Parliament and the EU Council have recently approved the EU Cybersecurity Act reinforcing ENISA’s mandate and significantly increasing its financial resources. Henceforth, ENISA will be known as the EU Agency for Cybersecurity.

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

ENISA delivers course on incident management

Fri, 05/17/2019 - 10:28

The course gave the participants an insight into the basics of defending an infrastructure and a thorough review of an incident lifecycle, detailing all steps and talking audience through a case study with questions that initiated fruitful discussions.

The main takeaway of the discussions was that there is no ‘one-size-fits-all’ approach to incident response.

This is the third visit of ENISA in the last months. The Digital Security Authority of Cyprus invited ENISA specialists to contribute to a better incident response across Europe.

The ENISA CSIRT training material covers four main areas: technical, operational, ‘setting up a CSIRT’, and ‘Legal and Cooperation’.

Besides providing training material, ENISA organises courses and trains around 200 cybersecurity specialists per year.

Trainings for Cyber Security Specialists: https://www.enisa.europa.eu/trainings/

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Testing cooperation of EU CSIRTs Network during large-scale cyber-attacks

Thu, 05/16/2019 - 14:47

The role of ENISA was twofold. On the one hand, the CSIRT Relations team actively participated as the secretariat of CNW, as defined by the NIS Directive. In this regard, ENISA provides overall support to CNW and manages tools for cooperation among all members. On the other hand, ENISA’s exercise team, which also organises the pan-European ‘Cyber Europe’ exercise, organised the exercise, including the definition of the scenario and injects, and controlled the execution.

CSIRT teams from 27 countries, CERT-EU and ENISA played a scenario where cyber-attacks were performed over critical infrastructures before and during European elections. Several operators of essential services across different Member States were the ‘target’ of the attacks, and some incidents tried to diminish trust in the electoral process. Over 50 incident-handling experts from the EU Member States participated in this exercise.

CyberSOPex2019 proved once more how fundamental in developing confidence and trust among Member States the CNW is, promoting swift and effective operational cooperation.

The CyberSOPEx type of exercise is an important part of ENISA’s continuous efforts to improve the large-scale incident response collaboration of the CSIRTs Network members, by focusing on training participants on situational awareness, information sharing, understanding roles and procedures, and utilising CSIRTs Network-related tools just like in a real life situation.

For more info on the CSIRTs Network, visit www.csirtsnetwork.eu

For more information on the ENISA’s exercises contact: exercises@enisa.europa.eu

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Recommendation on the usage of community and public cloud computing services in Hungary, defined by Magyar Nemzeti Bank

Wed, 05/15/2019 - 17:15

© Copyright: Shutterstock

The objective of this recommendation is to provide practical guidance to entities in the financial intermediary system for managing the risks arising from the use of community and public cloud computing services and for the uniform interpretation of relevant national and European Union legislation.

The recommendation of Magyar Nemzeti Bank is  based on the good practices and requirements set out in the recommendations of the European Banking Authority on outsourcing to cloud service providers (EBA/REC/2017/03).

The full recommendation is available in english here: https://www.mnb.hu/letoltes/4-2019-cloud-bg.pdf

 

 

outsourcing to cloud service providers

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Pages