European Union Agency for Network and Information Security

External audit on ENISA's 2018 financial accounts

Fri, 05/17/2019 - 10:30

© Copyright: Shutterstock

The auditors’ report concluded that both 2018 financial and budgetary performances of the Agency are fairly presented and in accordance with the financial regulations of the European Commission and the International Public Sector Accounting Standards. The annual accounts include the financial statements and the reports on the implementation of the ENISA budget.  

The audit illustrates the effectiveness of implemented financial controls that are in place with the Agency. 

The European Parliament and the EU Council have recently approved the EU Cybersecurity Act reinforcing ENISA’s mandate and significantly increasing its financial resources. Henceforth, ENISA will be known as the EU Agency for Cybersecurity.

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

ENISA delivers course on incident management

Fri, 05/17/2019 - 10:28

The course gave the participants an insight into the basics of defending an infrastructure and a thorough review of an incident lifecycle, detailing all steps and talking audience through a case study with questions that initiated fruitful discussions.

The main takeaway of the discussions was that there is no ‘one-size-fits-all’ approach to incident response.

This is the third visit of ENISA in the last months. The Digital Security Authority of Cyprus invited ENISA specialists to contribute to a better incident response across Europe.

The ENISA CSIRT training material covers four main areas: technical, operational, ‘setting up a CSIRT’, and ‘Legal and Cooperation’.

Besides providing training material, ENISA organises courses and trains around 200 cybersecurity specialists per year.

Trainings for Cyber Security Specialists: https://www.enisa.europa.eu/trainings/

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Testing cooperation of EU CSIRTs Network during large-scale cyber-attacks

Thu, 05/16/2019 - 14:47

The role of ENISA was twofold. On the one hand, the CSIRT Relations team actively participated as the secretariat of CNW, as defined by the NIS Directive. In this regard, ENISA provides overall support to CNW and manages tools for cooperation among all members. On the other hand, ENISA’s exercise team, which also organises the pan-European ‘Cyber Europe’ exercise, organised the exercise, including the definition of the scenario and injects, and controlled the execution.

CSIRT teams from 27 countries, CERT-EU and ENISA played a scenario where cyber-attacks were performed over critical infrastructures before and during European elections. Several operators of essential services across different Member States were the ‘target’ of the attacks, and some incidents tried to diminish trust in the electoral process. Over 50 incident-handling experts from the EU Member States participated in this exercise.

CyberSOPex2019 proved once more how fundamental in developing confidence and trust among Member States the CNW is, promoting swift and effective operational cooperation.

The CyberSOPEx type of exercise is an important part of ENISA’s continuous efforts to improve the large-scale incident response collaboration of the CSIRTs Network members, by focusing on training participants on situational awareness, information sharing, understanding roles and procedures, and utilising CSIRTs Network-related tools just like in a real life situation.

For more info on the CSIRTs Network, visit www.csirtsnetwork.eu

For more information on the ENISA’s exercises contact: exercises@enisa.europa.eu

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Recommendation on the usage of community and public cloud computing services in Hungary, defined by Magyar Nemzeti Bank

Wed, 05/15/2019 - 17:15

© Copyright: Shutterstock

The objective of this recommendation is to provide practical guidance to entities in the financial intermediary system for managing the risks arising from the use of community and public cloud computing services and for the uniform interpretation of relevant national and European Union legislation.

The recommendation of Magyar Nemzeti Bank is  based on the good practices and requirements set out in the recommendations of the European Banking Authority on outsourcing to cloud service providers (EBA/REC/2017/03).

The full recommendation is available in english here: https://www.mnb.hu/letoltes/4-2019-cloud-bg.pdf

 

 

outsourcing to cloud service providers

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

From start-up to enterprise: ENISA's recommendations on building EU cyber-champions

Wed, 05/15/2019 - 16:56

© Copyright: Shutterstock

Based on feedback from key experts, such as founders of start-ups, venture capitals, incubators, accelerators and public institutions, ENISA identifies a number of specific challenges and opportunities faced by NIS start-ups in their development within the EU. 

ENISA's report concludes with a set of recommendations to start-ups, SMEs, and entrepreneurs active or interested in entering the cybersecurity market. In short, ENISA recommends to:

  • Carefully and clearly define product- and service-development strategy;
  • Invest in building team with the proper mix of skills;
  • Invest in compliance with standards or certification schemes;
  • Leverage existing European clusters specialised in cybersecurity;
  • Invest in networking and build mentorship-like relationships with larger enterprises;
  • Understand the EU funding opportunities available and assess their usefulness;
  • Pursue partnerships and events that will allow to position solutions to prospective customers.

This non-exhaustive list of recommendations aims to serve as actionable good practices to help cybersecurity start-ups better reach their objectives and potential as regards business growth. In particular, the report is helping in:

  • understanding the start-up landscape from a technological and market perspective and determining what is currently established in the EU with regards to NIS products and services;
  • gaining insight into the investment and funding channels available for NIS start-ups from both the public and private sector;
  • identifying the main challenges that start-ups may face in their endeavours and ways in which they can address them;  
  • building knowledge of growth opportunities for the EU NIS start-up market, within the context of current EU policy frameworks, at all stages of evolution for start-ups. 

The study is available here: Challenges and opportunities for EU cybersecurity start-ups

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Cybersecurity of smart cars high on ENISA’s agenda

Tue, 05/14/2019 - 11:49

With the aim to strengthen relations with stakeholders from the automotive industry, automotive suppliers and manufacturers discussed with ENISA experts about pertinent matters, including ENISA’s ongoing work on automotive cybersecurity, the NIS Directive, the EU Cybersecurity Certification Group, and methods and practices related to securing the automotive supply chain.

Interesting presentations and fruitful discussions took place during the two days. ENISA aims to further foster collaboration in the area of automotive cybersecurity and will continue to engage with relevant stakeholders in order to promote cybersecurity of smart cars in Europe.

For more information see also:

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Informal Expert Group on EU Member States Incident Response Development

Thu, 05/02/2019 - 22:00

ENISA is concentrating its efforts on assisting MS with their incident response capabilities by providing a state-of-the-art view of the CSIRT  landscape and development in Europe.  One of the main objective of this work is to further develop and apply ENISA recommendations for the CSIRT capability development.

As part of its effort to support EU MS in their incident response development, ENISA is conducting a study on incident response development status within EU MS.  Since implementation of the “Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union” (NIS directive)  brings new challenges to the way CSIRTs handle and respond to incidents . Therefore the particular target of this study are  sectoral CSIRTs or incident handling and response (IR) within sectors and subsectors essential for the maintenance of critical societal and economic activities (NISD sectors).

The results of this work should help ENISA to identify and draw conclusions about the development of IR capabilities particularly in NISD sectors. Informal Expert group should assist ENISA and Contractor with these efforts.

Experts of the group shall have technical background expertise and direct exposure on one or several of the following:

  • IR capabilities, tools and processes;
  • Procedures and operations of CSIRT.
  • IR in one or more of NISD sectors.
  • Regulation bodies, academia, standardisation bodies directly involved in the above topics.

Before applying please read the Terms of Reference and the Privacy Statement. Click here to apply.

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Behavioural aspects of cybersecurity

Tue, 04/16/2019 - 11:02

© Copyright: Shutterstock

In summary, ENISA found a relatively small number of models, none of which were a particularly good fit for understanding, predicting or changing cybersecurity behaviour. Many ignored the context in which much cybersecurity behaviour occurs (i.e. the workplace), and the constraints and other demands on people’s time and resources that it causes. At the same time, there was evidence that models that stressed ways to enable appropriate cybersecurity behaviour were more effective and useful than those that sought to use threat awareness or punishment to urge users towards more secure behaviour.

The report offers recommendations for specific groups such as policy makers, management and organizational leaders, CISO and security specialists, CSIRT / CERT community, software developers and awareness raising managers.

ENISA proposes that practitioners can take significant steps towards helping employees to act in a more secure way. This may involve skills-based training and support but may also require the restructuring of security practices and policies, to better align with people’s workplace goals and/or capabilities. ENISA proposes a model of awareness, analysis and intervention for organisations to systematically plan and implement changes to address human aspects of cybersecurity.

For policy makers, ENISA identified a clear lesson from the reviews - increasing cybersecurity literacy and skills is an evidenced method to support citizens to protect their cybersecurity.

Management and organisational leadership need to shift their perspective on what their role and responsibilities are in managing cybersecurity in their organisations. They should decide which security risks they want to manage, and commit the resources required.

CISOs and security specialists need to know the impact that security policies can have on staff in daily business operations. They need to be visible and approachable and even acquire the ‘soft skills’ to do this effectively, ideally through special programmes.

Incident response teams and security operations centre staff should be enabled to perform in the fight against cyber threats. Their employers need to ensure sufficient staffing levels, invest in training and personal growth, and support innovative approaches such as team and multi-team.

Last but not least, all people involved in cybersecurity should mainly aim to provide users with the skills in order to cope with cyber threats rather than running repetitive awareness campaigns on the scale and vulnerability of cybersecurity threats.

For the full report: Behavioural aspects of cybersecurity

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

ENISA supports Portuguese National Exercise on Elections

Thu, 04/04/2019 - 14:08

© Copyright: Shutterstock

In its second edition, the exercise focuses on the resilience of the electoral process, engaging a large number of stakeholders from public as well private organisations. The exercise tests the coordinated response at different levels, the information exchange processes and the national contingency plans.

ENISA offers direct support by providing the Cyber Exercise Platform that delivers exercise control functionality, hosts the exercise scenarios and allows for realistic simulation of media websites mimicking real-life infrastructures. The electoral process is put to the test by several simulations of cybersecurity incidents and disinformation campaigns and fake news.

ENISA's exercise team supports the exercise in two sites. On part of the team at ENISA’s making sure the infrastructure performance is at the highest level, while a mobile team provides onsite support to the exercise in the Portuguese capital.

The event organised in cooperation with the CNE – the National Elections Commission of Portugal was attended by the highest level including:

  • President of the Portuguese Republic - Mr. Professor Marcelo Rebelo de Sousa,
  • Minister of the Presidency and Administrative Modernization - Dr. Mariana Vieira da Silva,
  • Minister of Internal Affairs - Dr. Eduardo Cabrita,
  • General Secretary of the Internal Security System, Deputy Attorney General  - Ms. Maria Helena Fazenda,
  • General Secretary of the Information System of the Portuguese Republic, Ambassador Maria da Graça Mira Gomes,
  • and many others high-level people in Portugal.

ENISA is committed to continue to actively support the EU Member States authorities by providing its unique cyber exercise expertise and capabilities, in order to reinforce the resilience of the national and European critical IT systems and infrastructures.

Previous news item: https://www.enisa.europa.eu/news/enisa-news/jenisa-supports-portuguese-national-cybersecurity-exercise-on-electoral-process

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

New ENISA office inaugurated in Heraklion – Crete, Greece

Mon, 04/01/2019 - 10:55

Pictured from left to right: ENISA's Head of RD - Paulo Empadinhas, Deputy Mayor of Tourism, Heraklion - Andrea Garancini, FORTH Chairman - Nektarios Tavernarakis, ENISA Executive Director- Udo Helmbrecht and Regional Councillor of Crete- Giorgos Alexakis

This new establishment, as well as the Athens headquarters of the Agency, is provided by the Hellenic authorities in virtue of the seat agreement between ENISA and Greece, which sets down the details of arrangements for the operations of ENISA in Greece. 

Executive Director Helmbrecht said: “I want to thank the Hellenic authorities for their continuous commitment to the good functioning of ENISA in Greece. This new tailor-made office meets the highest standards for a European Agency and offers our staff in Crete the best conditions to safely run the activities of the Agency.”

Secretary General Maglaras said: “Cybersecurity is a major challenge in the Digital Society and ENISA, being the EU centre of expertise for cybersecurity, is continuously promoting cybersecurity awareness, advancing our cybersecurity capacities and building a, so called, “cybersecurity culture” within Europe. The role of the Agency is further enhanced by its permanent mandate that has been recently issued. Secretary General of Digital Policy, Telecommunications and Media support the functioning of ENISA and in this framework we have the pleasure to inaugurate the new office of ENISA, in this new building; we firmly believe that it will facilitate the operation of the Agency and it will further enable the Agency to carry out its competencies. We will continue to support the Agency, by any means, and we anticipate that the cooperation of the Agency with FORTH and other research institutes in Greece will be mutually beneficial.”

Professor Tavernarakis said: “The Foundation for Research and Technology places special emphasis on the field of Network and Information Security, as it directly  as it impacts directly on multiple facets of its research activities. FORTH keenly fosters and encourages close collaboration among ENISA and Research Teams at FORTH, as the multidisciplinary nature of the field of Network and Information Security is relevant to the priorities of several of FORTH Institutes.”

Mr. Alexakis said on behalf the Governor of Crete Region Arnaoutakis: “ The inauguration of ENISA’s new building in Heraklion, is an event of significant importance for the Region of Crete. This, today, is an important step for the European and World community of electronic communications. The European Union Agency for Network and Information Security officially gets a new building, marking a new era. A new era, when everything evolves at a dizzying speed, demanding constant alertness, adaptation and new rules for safety and protection. The fact that ENISA – even a part of it- remains in Heraklion is an honour but also a responsibility. In a symbolic but also in a substantial way, it sets the bar higher for us.”

The inauguration of ENISA’s new building was followed by an art exhibition by the acclaimed artist Stella Koukoulaki entitled “Cybersec Art”, which included works that are artistically related to the field of Network and Information Security.

The new office – a state-of-the-art building offering conference facilities and suitable IT infrastructure – accommodates ENISA employees from various areas of expertise like policy, finance, facilities management, network and information security, and public affairs.

The construction of the building was co-funded by Greece and the European Union, under the Operational Programme “Competitiveness and Entrepreneurship”.

Change of address: From 1 April 2019 onwards, the office will be located at Nikolaou Plastira 95, Vasilika Vouton, Heraklion – Crete.

Note to editors

The former premises were provided by the Foundation for Research and Technology Hellas – FORTH since 2004. Longstanding partners, ENISA and FORTH have constantly worked together to establish Heraklion as a European centre of cybersecurity excellence, culminating with the organisation of five editions of ‘Network and Information Security Summer School’ events and the signing of a memorandum of understanding (read more about this topic here).

Since 2012, ENISA has also opened an office in Athens.

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Privacy standards for information security

Fri, 03/15/2019 - 17:45

© Copyright: Shutterstock

Such integration is fundamental to protect personal identifiable information, particularly in digital environments and it may support the implementation of relevant privacy and data protection legislation.

This ENISA study, explores how the standards-developing world has been responding to the fast-changing and demanding realm of privacy. This study provides insights into the state-of-the-art of privacy standards in the information security context by mapping existing standards available and standardisation initiatives alike.

The main findings of this study include the following:

  • There is an increasing need to analyse the mapping of international standards and European regulatory requirements, as references to standards in the EU legislation are becoming recurrent and there are considerable differences from jurisdictions outside of the EU;
  • Proving compliance with privacy standards in information security is not as straightforward as expected. Some approaches for conformity assessment are available in specific sectors, others are still lacking appropriate mechanisms;
  • A coherent analysis of sector-specific needs for privacy standardisation is essential, especially in the context of information security, before moving ahead with the adoption or development of new standards;
  • Standardisation focuses mainly on covering technological approaches and solutions. Many such solutions address the introduction of privacy-preserving technologies throughout the whole lifecycle of a product or a system. The concept of privacy-by-design and its implementation are still not presented clearly, despite a general common agreement on perceived benefits. 

ENISA complements this information with a range of additional recommendations, which aimed to support the prioritisation of potential areas of action for the near future:

  • EU policy makers and European Standards Organisations should promote the development of European content and input to privacy and cybersecurity standards;
  • EU policy makers and European Cybersecurity Certification Group members should promote the endorsement and adoption of privacy and information security standards, including conformity assessment standards specific to privacy;
  • EU bodies and competent authorities in the Member States should promote the adoption of a structured approach on the analysis of sector-specific needs with regard to privacy standardisation, especially in information security context and then proceed with the adoption or development of new standards;
  • EU policy makers and relevant EU bodies need to be further involved in the standardisation process, so as to define, endorse or affirm potential standardisation goals in the areas of privacy and information security;
  • Competent bodies at EU and Member State level should further promote their research and standardisation activities to support the meaningful implementation of the ‘Privacy by Design’ principle.

For full report: Guidance and gaps analysis for European standardisation

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Security and privacy considerations in autonomous agents

Thu, 03/14/2019 - 17:33

© Copyright: Shutterstock

Autonomous agents range from smartphones applications to autonomous robots supporting the supply chain in product development, for example; a key aspect in this regard is the data collected, mainly to support functionalities in a qualitative and timely manner.

Depending on the level of autonomy and context of operations, security and privacy considerations may vary. This ENISA study outlines AI technology used in autonomous agents in various application domains. It discusses the main security and privacy considerations and delivers a set of recommendations for relevant stakeholders and policy makers.

This study highlights relevant considerations, such as unauthorized autonomous systems, hijacking and misuse transparency and accountability, pervasiveness, retention and opacity of processing. 

This study concludes with a set of recommendations, aimed at further influencing future EU policy initiatives, such as to:

  • Further promote and support the adoption of security and ‘privacy by design’ principles as a pre-requisite during the inception, design and implementation of autonomous agents and systems;
  • Develop a collaborative approach on the identification and the exchange of best practices. Gradually such initiatives should put forward sets of baseline security requirements;
  • Endorse and support existing initiatives on the promotion and protection of human rights, through the establishment of appropriate ethical conditions related to autonomous agents; 
  • Establish a relevant framework for policy development, emerging technologies and new application areas.

For full report: Towards a framework for policy development in cybersecurity - Security and privacy considerations in autonomous agents

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Cybersecurity for the EU telecom sector: The ENISA Article 13a Expert Group concludes a successful meeting in Stockholm, Sweden

Wed, 03/13/2019 - 09:55

The Article 13a Expert Group was set up almost 10 years ago by ENISA, under the auspices of the European Commission, to agree on a harmonised implementation of Article 13a of the Telecom Framework Directive, which requires EU countries to supervise the security of telecom networks and services in the EU. Information about workshops, guidelines, etc can be found at: http://resilience.enisa.europa.eu/article-13/  

Programme and speakers

The programme featured included talks from the private sector, as well as from public bodies,  on a wide range of topics relevant for security the EU telecom sector. 

  • Patrik Bystedt, Head of the Secure communications department, at PTS, the Swedish telecom regulator, and Evangelos Ouzounis, Head of the Secure Services and Infrastructures unit at ENISA, opened the event. Both underlined that in this period telecom security has only grown in importance and is now front and centre, not only at the political level, in the press, but also at technical level, for instance in the context of IoT.
  • Anders Lindell, from DG CNECT, the European Commission’s general directorate responsible for the telecom rules but also the NIS Directive, among other things, explained the new European Electronic Communications Code (EECC). The EECC was adopted end of last year and it updates many important telecom rules in the EU. Article 13a, which sets security requirements for telecom providers, will be replaced by Article 40, and will be broader in terms of services in scope as well as incidents in scope.  
  • Dirk Ytsma from the Dutch telecom regulator gave an update on their work to understand and analyse the impact of power outages in the telecom sector in the Netherlands.
  • Åsa Sjöström, from the Swedish Metoffice, gave an overview of the impact of climate change impact on Sweden and about the ongoing climate adaptation efforts in Sweden.
  • Carla Baker, from Symantec, gave an overview of the global cybersecurity threat landscape.  
  • Shahid Raza, Director Security, at RISE SICS, the Swedish government’s R&D institute, discussed RISE’s cybersecurity work and its relation with ongoing EU projects and funds.
  • Anders Broberg, from STOKAB, a Swedish dark fibre operator, discussed how STOKAB built an expansive fibre network, connecting even bus stops, and preparing for the smart city.
  • James Christie, from PTS, gave an overview of some of the issues and challenges we can expect in the future development and deployment of 5G.
  • Amy Lemberger, Director of Security at GSMA, the global industry association for mobile network operators, discussed e-SIMs and security, another step in the evolution of the telecom sector, set to replace the mobile phone SIM cards.
  • Jaya Baloo, CISO of KPN, the Dutch incumbent operator, covered a range of hot security topics, such as BGP and DDoS, and different important industry initiatives such as MANRS and the Dutch Continuity Board (which is not limited to Dutch operators). 
  • Sam Hitz, from Anapaya, explained SCION, a new and clean slate solution for the BGP routing problems based on paths. SCION is being tested in some first deployments for example between the offices of the Swiss ministry of foreign affairs in different countries.
  • Marnix Dekker, from ENISA, explained the upcoming ENISA paper on BGP, which shortlists 7 security steps to mitigate BGP security risk

Day two

The second day of the Article 13a EG meeting was attended by 40 experts from telecom regulators and supervisory authorities from 20 EU and EFTA countries, the European Commission and ENISA, in a more closed setting. In this closed part of the meeting, NRAs discuss specific supervision topics and joint activities such as the annual summary reporting of significant telecom security incidents. For the interested reader, the statistical data about these 2018 incidents is already available in the online visual analysis tool and can be used for custom data aggregations and analysis.    

If you like to know more, or if you want to join our mailing lists to be kept up to date about our telecom security work or to receive invitations for future telecom security meetings, please contact us via resilience@enisa.europa.eu 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

ENISA supports CSIRT-CY in maturity assessment

Mon, 03/11/2019 - 13:50

CSIRT-CY is responsible for the increase of the security posture of Cyprus by enhancing the cyber protection of its National Critical Information Infrastructures, banks and Internet Service Providers.

Peer review is an important part of ENISA CSIRT maturity evaluation process. It is addressed to CSIRT teams, to help them improve and enhance their maturity, together with the self-assessment approach. The whole process is based on the SIM3 (Security Incident Management Maturity Model) model and further described in the ENISA Study on CSIRT Maturity – Evaluation Process.

Peer reviews are conducted between trusted teams and are intended as a form of intra-community mutual support, aimed at further enhancing all teams’ maturity.

The maturity evaluation process is adopted by the CSIRTs. It is planned that all CSIRT Network members will undergo such an evaluation by the end of 2019. This will help national CSIRTs reach the high-level requirements of the EU Network and Information Security Directive NISD.

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Happy International Women's Day from all of us at ENISA!

Fri, 03/08/2019 - 13:50

Despina Spanou, Director Cybersecurity at DG CONNECT, Dominique Leroy, CEO of Proximus, Anett Madi-Nator, ECSO Advocate for Women4Cyber, Pia Ahrenkilde Hansen, Deputy SG of the EC and Gertrud Ingestad, Director DIGIT

ENISA has been developing and implementing a gender balance project. Thanks to this initiative, about 47% of ENISA staff is now female.

On this joyous occasion, ENISA is pleased to join and have an information stand at the “Cyber Aware: Spotlight on Women in Cyber” event organised by the European Commission and is launching a call to all women working in cybersecurity to apply for specialist positions at ENISA. Please consult our leaflet with detailed information and view our short clip video testimonials on woman in cybersecurity roles here.

ENISA also actively supports the ‘WOMEN in DIGITAL Programme’ of the European Commission and ECSO ‘Women in Cyber’ initiative to raise awareness of the gender balance and advocate for women in cybersecurity roles including IT security, IoT security, medical cybersecurity, transport cybersecurity, military and defence cybersecurity, technology and others.

Find out more about Women in Cybersecurity and vacancies at ENISA in our leaflet.

Background information

A new research from Cybersecurity Ventures predicts that women will represent 20 percent of the global cybersecurity workflow in 2019, a positive trend compared to the previous report, which stated that women make up 11 percent of the global cybersecurity workforce. The newest research includes a recalculation of women in cyber based on a broader definition of positions covered.

ENISA is committed to supporting the development of a European skills-base and attracting the best cyber talents in Europe. We invite you to navigate our career site, identify the positions where you think your profile matches the requirements of the job and apply to what could be the job you have always dreamt of. ENISA offers a multinational, multicultural and young dynamic working environment with an interesting range of career opportunities.

 

ENISA Industry Event for Small and Medium Enterprises

Fri, 03/01/2019 - 15:15

Steve Purser, ENISA Head of Core Operations Department said: “We discussed about ENISA’s continuous efforts to cooperate with and strengthen the EU SME community, touching upon important topics such as the cyber threat intelligence capability framework and maturity model, the technological foresight methodology and also funding of regional cooperation and incubators. We also exchanged views about business opportunities that might arise from the recently launched proposal to set up a cybersecurity competence network and centre. Our Agency is fully committed to supporting the SME community in all these regards.”

The main point of the industry event was the discussion panel on regional cybersecurity collaboration, where representatives from the public and private sector including the European Commission presented their views and shared best practices and successful initiatives.

At the end, Mr. Purser thanked all the participants and invited the community to reach out to ENISA for further support. 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

ENISA supports Portuguese National Cybersecurity Exercise on electoral process

Tue, 02/26/2019 - 11:05

The exercise, called ExNCS 2019, will be organised in cooperation with CNE – the National Elections Commission of Portugal. 

ENISA will actively support the Portuguese authorities by providing its unique cyber exercise expertise and capabilities. As part of the exercise scenario, the electoral process will be put to test by several simulations of cybersecurity incidents and disinformation campaigns.

This is the second edition of ExNCS. It is envisaged that it will contribute to the consolidation of the national cybersecurity capacity in Portugal, in order to reinforce the resilience of the national and European democratic system.

ENISA has a vast experience in organising cyber exercises. Since 2010, ENISA has organised five large-scale exercises called ‘Cyber Europe’ – simulations of large-scale cybersecurity incidents that escalate to EU-wide cyber crises. These exercises offer opportunities to analyse advanced cybersecurity incidents, and to deal with complex business continuity and crisis management and communication situations.

 For more information, read the report by CNSC: https://www.cncs.gov.pt/recursos/noticias/o-processo-eleitoral-sera-o-cenario-que-vai-a-jogo-na-segunda-edicao-do-exercicio-nacional-de-ciberseguranca/ [PT]

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

ENISA supports Portuguese National Cybersecurity Exercise on electoral process

Tue, 02/26/2019 - 11:01

The exercise, called ExNCS 2019, will be organised in cooperation with CNE – the National Elections Commission of Portugal. 

ENISA will actively support the Portuguese authorities by providing its unique cyber exercise expertise and capabilities. As part of the exercise scenario, the electoral process will be put to test by several simulations of cybersecurity incidents and disinformation campaigns.

This is the second edition of ExNCS. It is envisaged that it will contribute to the consolidation of the national cybersecurity capacity in Portugal, in order to reinforce the resilience of the national and European democratic system.

ENISA has a vast experience in organising cyber exercises. Since 2010, ENISA has organised five large-scale exercises called ‘Cyber Europe’ – simulations of large-scale cybersecurity incidents that escalate to EU-wide cyber crises. These exercises offer opportunities to analyse advanced cybersecurity incidents, and to deal with complex business continuity and crisis management and communication situations.

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

European Cyber Security Month 2018 at a glance

Fri, 02/15/2019 - 10:34

ENISA publishes the ‘2018 European Cyber Security Month deployment report’, a summary of the activities organised by the Agency and participating Member States in October 2018. The report is a synthesis of findings based on evaluation and performance information gathered by collecting feedback and open source information.

The report targets both organisations that supported ECSM and those seeking to get involved in the future. At the same time, it also targets ICT and non-ICT security professionals who wish to launch similar awareness raising campaigns. Furthermore, the report is directed at EU and national policy makers who aim to improve the security awareness of citizens, professionals and IT end-users in general.

According to the report, more Member States got involved or increased their participation in the campaign. The number of activities organised under the ECSM umbrella increased by 6.5%, from 532 in 2017 to 567 in 2018. Additionally, over 160 teachers from 22 countries took part in online events destined for students.

Udo Helmbrecht, Executive Director of ENISA: "The latest edition of the ECSM brought many opportunities for people to discover how to stay safe online and play an active role in cybersecurity, in particular the young generations. I am happy to see that the number of participants increased considerably. Europeans understand more and more that a safe online environment can only be built by a common effort. I encourage everyone to join the ECSM in 2019."

The 2018 ECSM campaign was the sixth consecutive edition and was supported by the European Commission, Europol’s Cyber Crime Centre (EC3), European Schoolnet, SaferInternet4EU campaign and cybersecurity organisations from the Member States.

The campaign sought to raise awareness of cybersecurity practices through a plethora of activities such as  specialised reports, conferences, workshops, seminars, online courses, trainings, strategy summits, general presentations to users, online quizzes, etc.

The four themes chosen in 2018 were:

Week 1 – Theme 1: Practice basic cyber hygiene. ENISA and the Anti-Phishing Working Group APWG designed a phishing poster for the first week of the campaign. The phishing poster provided information about the scale of the phishing problem by numbers, tips on how to avoid phishing and what to do if one becomes a victim of phishing. 

Week 2 – Theme 2: Expand your Digital Skills and Education. ECSM learning modules were created for the campaign in collaboration with European Schoolnet, as part of the #SaferInternet4EU campaign launched on Safer Internet Day 2018 by Commissioner Mariya Gabriel to promote online safety, media literacy and cyber hygiene.

Week 3 – Theme 3: Recognise Cyberscams. Europol and the European Banking Federation launched an awareness campaign on the 7 most common online financial scams. Law enforcement agencies from all 28 EU Member States, 5 non- EU Member States, 24 national banking associations and banks and many other cybercrime fighters raised awareness about this criminal phenomenon. 

Week 4 – Theme 4: Emerging Technologies and Privacy. This included a live webinar by ENISA experts and external experts from Industry with the purpose of discussing the importance of having an “Emerging Technologies Horizon Scanning and Research Process”.

Would you and your organisation like to get involved with the European Cyber Security Month in October 2019? Find out what activities you can organise or be part of by contacting us here https://cybersecuritymonth.eu/contact-info

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

New national strategy for cybersecurity published by Norway

Fri, 02/15/2019 - 09:40

© Copyright: Shutterstock

The Prime Minister, the Minister of Public Security, the Minister of Justice and Immigration, the Minister of Defence and the Minister of Research and Higher Education - all took part in the launch of the strategy.

The new strategy is Norway’s fourth cybe security strategy, and is intended to address the challenges that arise in conjunction with the rapid and far-reaching digitalisation of Norwegian society. The developments in relation to previous strategies are based on the need to reinforce public-private, civilian-military and international cooperation.

The List of Measures, a part of the strategy, contains measures with a budget of around 1,6 billion NOK. The strategy also contains ten basic advice for all companies in Norway to follow to raise the cybersecurity level across the nation.

In preparing the strategy, particular emphasis has been put on applying an open and inclusive process so as to involve stakeholders from the public and private sector alike.

For more information and the full strategy visit: https://www.regjeringen.no/en/aktuelt/new-national-strategy-for-cyber-security/id2627193/

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Pages