European Union Agency for Network and Information Security

6 Key Success Factors to run Effective National Cybersecurity Competitions

2 hours 42 min ago

The success of cybersecurity competitions: why does it matter?

In light of today’s cybersecurity threats, the global cybersecurity workforce would need to grow by 89% for organisations to defend their critical information and communications technology (ICT) assets effectively.

In order to address this critical situation, national governments started to implement a number of programmes and policies to increase the number of professionals available on the labour market.

National cybersecurity competitions (NCSCs) such as capture-the-flag (CTF) events gathering teams of students have been some of the most widespread tools used to address the shortage.

Besides, several national cybersecurity competitions now take place worldwide including in Asian, English-speaking and European countries.

The European Union’s competition is the European Cybersecurity Challenge (ECSC). The pan-European event is organised once a year by the European Union Agency for Cybersecurity (ENISA). The objective of the competition is to improve and increase cybersecurity talent in Europe and connect high potential individuals with industry-leading organisations. This high level objective may be ‘transposed’ to a number of sub-objectives, such as:

  • identify young cybersecurity talent;
  • increase interest in cybersecurity as a topic;
  • increase cybersecurity knowledge and skills;
  • increase interest in a cybersecurity career and connect participants with employers;
  • create a network of young cybersecurity specialists.

ECSC stakeholders are therefore very keen to deepen their understanding of the key elements on which a national cybersecurity competition success is built on.

How to increase the impact of cybersecurity competitions: the 6 success factors

The new ENISA Report - Towards a Common ECSC roadmap identifies 6 main factors, namely:

  • policy relevance;
  • governance and public–private partnership;
  • funding;
  • public relations and marketing strategy;
  • organisation, training and cybersecurity challenges;
  • connection to employers and career outcomes.

What are the recommendations?

A number of recommendations are issued for each of the 6 success factors identified.

To meet the ECSC’s objectives, a strong foundation is needed. This foundation means developing a systemic learning environment designed to encourage and attract the young into cybersecurity. This could take the form of targeted events or challenges locally organised to spread cybersecurity knowledge geographically and help create small clusters of cybersecurity hubs regionally for instance.

As secondary, high school and university students will move up the scale of the education system, this community of cyber-minded young men and women will continue to gather around national or European events and challenges to finally expand the number of professionals in the field. The common roadmap should therefore include three phases at national level to target different age groups accordingly.

Besides, policies should be made relevant to a broader audience. Establishing a close cooperation among schools, universities and the public and private sectors to facilitate the dissemination of information could be envisaged as a solution.

A funding strategy should be devised. For instance, supporting a model where costs are shared among key actors such as governments together with the private sector could provide more financial stability over time.

The creation of a joint working group is also recommended to support the organisation of cybersecurity competitions. This working group would include participants from the Member States and would be in charge of defining standards, providing assistance, creating a central repository of challenges, and coordinating with the different stakeholders.

What can ENISA do?

The European Union Agency for Cybersecurity can help national competitions obtain the support of national public authorities by leveraging the Agency’s network of national contact points and policymakers.

In this respect, ENISA is already providing its support to Member States as described above. At the same time, ENISA can also help with the dissemination of national competitions. Public affairs activities could be further coordinated with the other activities of the Agency in the field.

Who is this report for?

  • the organisers of the national cybersecurity competitions who select the team that will attend the ECSC;
  • the EU institutions involved in the organisation and planning of the ECSC, most notably ENISA and the European Commission;
  • the stakeholders that benefit from the success of national cybersecurity competitions, including academia, national governments and the private sector.


The European Cybersecurity Challenge is an annual competition, coordinated by the European Union Agency for cybersecurity. The event offers a platform for young cyber talent across Europe to gather and engage in networking over a unique opportunity to experience cooperation in trying to solve a cybersecurity problem.

The ECSC is intended to encourage young people to pursue a career in cybersecurity, by challenging and developing the participants’ skills needed in such extreme situations and connecting them with industry.

Supported by the European Commission and EU Member States, the ECSC falls within the skills chapter of the EU Cyber Security Strategy for the Digital Decade.

Upcoming event

The next European Cybersecurity Challenge will take place from 28 September to 1 October 2021 in Prague, Czech Republic.

The first International Cybersecurity challenge to be organised by ENISA around the end of the year is expected to be officially announced by end of May 2021.

Further information

ECSC website - European Cybersecurity Challenge

ENISA topic – European Cybersecurity Challenge (ECSC)

ENISA Hackfest 2020

Cybersecurity Skills Development in the EU


For questions related to the press and interviews, please contact



Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


EU Cybersecurity Market: New Ad Hoc Working Group open for applications!

Thu, 04/08/2021 - 13:45

The ENISA Ad Hoc Working Group (AHWG) on the EU cybersecurity market will support ENISA in analysing market trends and segments, with a focus on cybersecurity solutions to meet the market needs of the stakeholders.

While the focus will be on the EU cybersecurity market, the global cybersecurity market may also be considered, for example when addressing the EU dependency (on) or requirements to market actors outside the Digital Single Market.

Overall the work developed through this AHWG aims to “improve conditions for the functioning of the internal market” and “foster a robust European cybersecurity industry and market¨, as foreseen in Activity 7 of the ENISA Single Programming Document 2021-2023, in line with article 8.7 of the Cybersecurity Act to proactively assess market trends within Europe.

What is expected?

The EU Market AHWG will assist in order to:

  • Identify significant topics related to cybersecurity market analysis
  • Provide guidance on how to analyse these topics in order to achieve the goals of the study
  • Discuss and possibly draft opinions
  • Draft reports on specific topics
  • Deliver input and review documentation related to ENISA projects and outputs in the area of cybersecurity market analysis
  • Contribute to the validation of deliverables
  • Generally advise ENISA in carrying out its tasks in relation to the cybersecurity market

Outcomes of this AHWG may include:

  • identification of cybersecurity market needs of the stakeholders and potential recommendations to meet such needs;
  • the identification of a specific market segment to focus particular market support actions;
  • a gap analysis to identify a need for solutions in relation to EU cybersecurity requirements;
  • and a quantitative market analysis in a section of the Digital Single Market.                                                           

Timeline and activities planned

The estimated duration of the ad hoc working group is for three years.

The work of ENISA in the area of cybersecurity market is multiannual and concerns the entire Agency. In particular, the ENISA Research and Innovation team and the Knowledge and Information team will play a key role in relation to the Competence Centre and the mode of interaction with ENISA, and the work in the area of emerging challenges and foresight.

A broad range of cybersecurity market analysis methods as for example targeted deployment projects, support of innovative actions, role of cybersecurity research, the role of cyber-insurance, etc. will be covered at later stages.

As output produced within this ADWG will evolve, more concrete collaboration steps will be proposed in the coming years.

Terms of reference

Download the Terms of Reference from the dedicated page - Ad-Hoc Working Group on EU Cybersecurity Market


Individuals interested are invited to submit their application to ENISA via the dedicated application form.

The duly completed applications must be submitted by 12h00 EET (Athens time) on 3rd May 2021.

Cybersecurity Certification Market Analysis Report

Along with the Ad Hoc Working Group on EU Cybersecurity Market, ENISA publishes today the cybersecurity market report. This study covers preliminary work that has been done already on the topic of market analysis focusing on certification.

This study proposes a methodology to carry out market analyses on cybersecurity certification of ICT products, services and processes. Market analysis on cybersecurity certification aims to contribute to the EU cybersecurity certification framework and the planning activities of the European Commission, the European Cybersecurity Certification Group (ECCG) and the Stakeholders Cybersecurity Certification Group (SCCG) by identifying future areas for cybersecurity certification.

ENISA Report: Cybersecurity Certification Market Study


For questions related to the press and interviews, please contact press (at)

When & How to Report Security Incidents

Mon, 03/22/2021 - 11:00

The guidelines published help national telecom security authorities in the reporting of significant incidents to ENISA and the European Commission under the European Electronic Communications Code (EECC).

These new guidelines replace the previous ones issued by ENISA on incident reporting under Article 13a of the EU Telecoms Framework Directive. This revised version takes into account the scope and the provisions of the EECC and provides non-binding technical guidance to national authorities supervising security in the electronic communications sector.

The following three types of incident reporting are provided for under article 40 of the EECC:

  1. National incident reporting from providers to national security authorities;
  2. Ad-hoc incident reporting between national security authorities and ENISA;
  3. Annual summary reporting from national security authorities to the European Commission and ENISA.
Download the Report

The new guidelines focus firstly on the ad-hoc incident reporting between the security authorities and ENISA and secondly on the annual summary reporting. More specifically, the document includes information on how and when security authorities can report security incidents to ENISA, to the European Commission and to other security authorities.

The information provided considers the services and incidents within the scope of the EECC - incidents affecting confidentiality, availability, integrity and authenticity of networks and services.  The thresholds needed for the annual reporting are also defined.  These thresholds are both of a quantitative and of a qualitative nature.

The quantitative elements considered include the number of users affected and the duration of the incident. Qualitative information was also used, such as the geographical coverage of the incident and the impact on the economy, on society and on users.

The new guidelines also include an incident report template and draw the distinction between national and annual reporting.

This report was drafted by ENISA in close cooperation with the ECASEC expert group of national telecom security authorities.


The European Electronic Communications Code (EECC) replaces the existing EU Telecoms Framework Directive and brings significant changes in the security supervision of electronic communication services.

Established in 2010, the ECASEC Expert Group (formerly the Article 13a Expert Group) consists of more than 50 experts from national telecom security authorities from 31 EU, EFTA and EU candidate countries, all of whom supervise the security of telecom networks and services.

The expert group produces technical guidelines for European authorities on the implementation of EU telecom security rules and publishes a summary report about major telecom security incidents on an annual basis.

Further Information

European Electronic Communications Code (EECC)

ECASEC Expert Group Portal

33rd Meeting of the European Competent Authorities for Secure Electronic Communications (ECASEC)

ENISA topic: Incident Reporting

ENISA Guideline on Security Measures under the EECC (December 2020)

ENISA report on Security Supervision under the EECC (January 2020)


For questions related to the press and interviews, please contact


Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


Statement on Microsoft Exchange vulnerabilities

Fri, 03/19/2021 - 11:30

Microsoft released security updates for Microsoft (MS) Exchange server suite. Active exploitation has been observed on-premises running MS Exchange installations.

MS Exchange vulnerabilities once exploited may lead to network compromise, data exfiltration and ransomware attacks. Across the EU, an increasing number of MS Exchange installations have also been found to be the target of malicious attacks.

ENISA published a situation report which provides an assessment as well as advice and mitigation measures. It reports that threat has been assessed as severe and considers these types of attacks probable and of high risk.

The Agency calls on organisations using affected Microsoft Exchange versions to patch the flaws immediately and thoroughly investigate for potential signs of compromise.

At EU level, the EU CSIRTs Network and EU Cyber Crises Liaison Organisation Network (CyCLONe) are monitoring the situation and collecting information at both the technical and operational levels.

Microsoft is updating advisories and guidance while additional technical information and advice are provided by CERT-EU technical advisory.

Download the Report


The EU Agency for Cybersecurity supports operational cooperation among Member States, Union institutions, bodies, offices and agencies, and between stakeholders. Under the EU Cybersecurity Act of 2019, the Agency gained an extended mandate to contribute to developing a cooperative response at Union and Member States level to large-scale cross-border incidents or crises related to cybersecurity.

ENISA provides the secretariat of the EU CSIRTs Network and CyCLONe, supporting their work by offering advice and assistance. The Agency provides strategic foresight and intelligence on cyber threats. The Agency contributes to situational awareness and shares knowledge and information with relevant stakeholders and investigates solutions to boost the efficiency of cyber responses in critical industries across Europe.

The CSIRTs Network is a network composed of EU Member States’ appointed CSIRTs and CERT-EU. The European Commission participates in the network as an observer and ENISA acts as the secretariat. The CSIRTs Network contributes to developing confidence and trust between the Member States and to promoting swift and effective operational cooperation.

The Cyber Crisis Liaison Organisation Network (CyCLONe) contributes to the implementation of the European Commission's Blueprint for rapid emergency response in case of a large-scale cross-border cyber incident or crisis and complements the existing cybersecurity structures at EU level by linking the cooperation at technical (e.g. Computer Security Incident Response Team - CSIRTs) and political levels (e.g. Integrated Political Crisis Response - IPCR). By doing so, the CyCLONe fulfils two objectives: enabling consultations on national response strategies and coordinated impact assessment on the anticipated or observed impacts of a crisis, to the benefit of policy decision-makers, both at national and EU level.

CERT-EU and ENISA have signed a memorandum of understanding in 2021 to improve the efficiency and the effectiveness of the EU cybersecurity framework.


For questions related to the press and interviews, please contact


Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


Cybersecurity in Railways Conference: Key Takeaways

Thu, 03/18/2021 - 11:00

2021 has been chosen as the European Year of Rail by the European Commission. The European initiative aims to highlight the benefits of rail as a sustainable, smart and safe means of transport to support the delivery of its European Green Deal objectives in the transport field. 

Cybersecurity is a key requirement to enable railways to deploy and take advantage of the full extent of a connected, digital environment.

However, European infrastructure managers and railway undertakings face a complex regulatory system that requires a deep understanding of operational cybersecurity actions. In addition, European rail is undergoing a major transformation of its operations, systems and infrastructure due to digitalisation, mass transit and, increasing interconnections. Therefore, the implementation of cybersecurity requirements is fundamental for the digital enhancement and security of the sector.

ENISA, the EU Agency for Cybersecurity, and ERA, the EU Agency for Railways, have joined forces to organise a virtual Conference on Rail Cybersecurity. The conference took place virtually over two days and brought together more than 600 experts from railway organisations, policy, industry, research, standardisation and certification.


The European Commission has proposed the revision of the Network Information Security Directive (NIS2) to strengthen the cybersecurity measures to be adopted by the Member States and applied, among others, by European railway undertakings (RU) and infrastructure managers (IM).

The European Commission’s Directorate-General for Mobility and Transport (DG MOVE) also encourages awareness-raising of railway stakeholders by promoting the use of its Land Transport Security platform. A cybersecurity toolkit was also developed and shared with the participants. Cybersecurity is now a major concern for National Safety Authorities. The French rail safety authority, l’établissement public de sécurité ferroviaire (the EPSF) compiled the related challenges in a white paper, jointly with the French IM and main RU, the French Cybersecurity Agency, ANSSI and ERA.

Standardisation & Certification

The Working Group 26 of the European Committee for Electrotechnical Standardisation (CENELEC) delivered the promising Technical Specification 50701 on cybersecurity for railways, now under review by the National Committees. A published version of the technical specification is expected before the summer. A voluntary reference to this standard will be made through the application guides developed by ERA. Railway stakeholders expect the technical specification to lay the foundations of a common risk analysis methodology. As demonstrated by the case study proposed by the Italian railway stakeholders, such methodology will link the security analysis to the safety case.

Research & Innovation

Shift2Rail the Joint Undertaking has gained maturity, and the Technical Demonstrator 2.11 on cybersecurity will soon demonstrate the applicability of their findings on specific projects such as Automatic Train Operation or Adaptable Communication Systems.

Technical interoperability standards for EU railway automation are being proposed for consideration in the railway regulatory framework, proposing "secure by design" shared railway services. In addition, The International Union of Railways (UIC), recently launched a Cyber Security Solution Platform, taking a pragmatic approach in building a solutions catalogue to risks and vulnerabilities identified by railway users.

Information Sharing & Cooperation

The European Railway-ISAC is attracting an increasing number of participants willing to share concerns or even vulnerabilities to trusted members and ensuring a collective response to the cybersecurity challenge. An open call by Shift2Rail, namely the 4SECURERAIL project, is developing a proposal for a European Computer Security Incident Response Team, allowing for identified threats to be instantly shared with targeted railway stakeholders.

With such developments, the railway industry, represented by the European Rail Industry Association (UNIFE), discussed how ready the sector is to increase the level of cybersecurity. UNIFE highlighted several priorities, such as: the approval and usage of the TS 50701, the need for adequate certification schemes on product level,the need for specific protection profiles on interface-specific devices and subsystems. This would allow for a more harmonized approach for manufacturers and system integrators.


The participants voted topics for future conferences and these include, among others:

  • new technologies;
  • cyber risk management for railways;
  • cyber threat landscape;
  • the update of Technical Specifications for Interoperability (TSI);
  • cyber skills and training and cyber incident response.

Both agencies are paying very close attention to all the developments in the field of railway cybersecurity.

The success of the online conference of the last two days shows how railway stakeholders can benefit from close cooperation to ensure that both the cybersecurity and the railway regulatory framework are cross-fertilised.


The EU Agency for Cybersecurity plays a major role in the implementation of the NIS Directive by supporting Member States and the private sector in achieving a higher level of cybersecurity through the ENISA annual work programme. The Agency has collaborated closely with railway undertakings and infrastructure managers over the years. It has engaged in the work on the implementation of the NIS Directive, and with ERA on cybersecurity for the European Rail Traffic Management System.

The Agency also supports the European Railway Information Sharing and Analysis Centre (ER-ISAC) and offers expertise in the CEN CENELEC technical committee on Technical Specifications for Rail.

The Agency teamed up with ERA last year on a webinar to present the Agencies’ joint activities and to stress the importance of cybersecurity to railway stakeholders.

ENISA also released a report on Cybersecurity in Railways assessing the implementation in Member States of the Networks and Information Security Directive (NIS Directive), the first EU-wide cybersecurity legislation working to enhance cybersecurity across the Union. The ENISA publication points to the numerous challenges experienced by operators of essential services when enforcing the NIS Directive, including:

  1. an overall lack of cybersecurity awareness in the sector and challenges of operational technology;
  2. a strong dependency on the supply chain;
  3. the presence of legacy systems;
  4. complexities due to the high number of systems to be secured and managed;
  5. conflicts between safety and security mind-sets.

The report also emphasises the need to find the right balance between cybersecurity, competitiveness and operational efficiency.

Further information

The slides presented during the conference will be made available on the webpage of the ENISA ERA conference.

If you missed the conference, it will become available on ENISA’s YouTube page.

Previous events: Free webinar: Cybersecurity in Railways and 1st Transport Cyber Security Conference.


For questions related to the press and interviews, please contact:

For further questions related to the conferece, contact: ENISA-ERA-Conference(at)


Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


Achieving Harmonisation and Cyber Resilience in the Finance Sector

Fri, 03/05/2021 - 11:00

The finance sector is subject to both EU and national legislations. This sector, which stands as a crucial backbone of the European economy, is extremely dependent on ICT infrastructures, providers, and their supply chain.

The cybersecurity provisions dedicated to this sector are included in a variety of EU legislation, standards, and guidelines. Stakeholders such as EU institutions, bodies, and agencies, as well as other public and private associations run several initiatives addressing the cybersecurity requirements for the secure operation of financial entities across the Union.

The report - EU Cybersecurity Initiatives in the Finance Sector - published today guides the reader towards European cybersecurity initiatives dedicated to the finance sector. Its purpose is to map today’s reality of a very complex cybersecurity landscape in the EU finance sector.

The need for a strengthened cooperation between the key actors of the finance sector at the European level has become urgent now, as the sector faces larger-scale cyber challenges of a more harmful nature.

The information presented in this document seeks to add more clarity and improve the cooperation between the different groups involved in these initiatives. In presenting to what extent the initiatives complement or overlap with one another, it provides the possibility of identifying potential gaps and existing synergies. It also helps to draw attention to existing initiatives and their results (guidelines, standards, legislation, etc.).

The European cyber initiatives in the finance sector are grouped according to topics defined in the Cybersecurity Act, namely:

  • Development and implementation of policy;
  • Information sharing and capacity building;
  • Cyber crisis management;
  • Awareness-raising and training;
  • Standardisation and certification;
  • Research and innovation.

The list is obviously not exhaustive and is meant to evolve following the developments in the sector.


With the Cybersecurity Act (CSA), signed in June 2019, the Agency has become the key instrument needed to address the EU’s ambition of significantly reinforcing cybersecurity across Europe. The Agency continues its support to the Union decision-making institutions in relation to the announced review of the NIS Directive, as well as the proposed legislation, the Digital Operational Resilience Act (DORA).


Should you wish to suggest other initiatives to be included, you can contact us using this email:

For questions related to the press and interviews, please contact press(at)


Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


EU Electronic Communications Security Authorities Discussion on Incident reports and Policy

Wed, 03/03/2021 - 11:00

This 33rd meeting is dedicated to discussions about the incident reports of 2020, the results of the ENISA telecom security legislation assessment of 2020, the draft security profile for the Number-Independent Interpersonal Communication Service (NI-ICS) providers under the European Electronic Communications Code (EECC), the new EU telecom framework. The group was informed about the ENISA work programme, the Body of European Regulators for Electronic Communications (BEREC) work programme and the European Commission’s NIS2 proposal.

The Swiss telecom regulator informed the group about its work on power grid dependencies. The group also selected a Vice-Chair, Ahmet Yesilyurt, a representative of the German authority for telecom security, who will be supporting the Chair, Warna Munzebrock, a representative of the Dutch Radiocommunications Agency.

Details about the meeting

This 33rd meeting was held over 2 days, the first on 18th February and the second, today, the 3rd March. It was attended by 60 experts from national authorities, from EU, EFTA, EEA, and EU candidate countries, who are supervising the European telecom sector.

This is the first of the three regular meetings of the group in 2021. The group will meet again in mid-June 2021.

First day

On the first day of the meeting, the group received an update from BEREC on their present engagements. In the context of forming an opinion for the NIS 2 Directive proposal, BEREC reached the National Regulatory Authorities (NRAs) through a survey. BEREC presented the results of the survey on the NIS competences of the NRAs.

Boryana Hristova-Ilieva, from the European Commission’s DG CONNECT, presented the NIS 2 proposal and answered questions.

Also, ENISA presented the results of the Assessment of the EU Telecom Security Legislation, based on an online survey and interviews of experts working in National Telecom Security authorities and national competent authorities for the NIS Directive. The outcome of the assessment was overall positive, especially as far as the added value of the ECASEC Group and the role of ENISA are concerned. The need of building trust between authorities and providers was also concluded.

The Group discussed with great interest the upcoming 2021 projects led by ENISA. Getting input from authorities and providers, ENISA is going to analyse sim card swapping attacks and also research consumer outreach strategies on security threats and mitigation measures, which is provisioned in the new EECC.

Second day

Today, the discussions focused on the initial findings steering from the annual incident reports of 2020and the analysis of the 188 incidents reported in 2020. Also the Swiss Regulatory Authority gave an update on their work regarding proposed countermeasures to harden the networks against power problems.

ENISA presented the work on the security profile of the Number-Independent Interpersonal Communication Services (NI-ICS) providers, also known as Over The Top (OTT) providers.  

Based on unanimous decision, Warna Munzebrock will continue to be Chair of the ECASEC Expert Group for the next 2 years starting from June 2021 and will be assisted by Ahmet Yesilyurt, a representative of the German authority for telecom security, who is appointed Group Vice-Chair.

Background on ECASEC Expert Group, formerly known as the ENISA Article 13a group

Established in 2010, the ENISA Article 13a Expert Group, now ECASEC EG, consists of more than 50 experts from national telecom security authorities from all EU countries, the EFTA countries, and EU candidate countries. The group is a forum for exchanging information and good practices on telecom security. It produces policy guidelines for European authorities on the implementation of EU telecom security rules, and publishes annual summary report about major telecom security incidents.

This group has been meeting 3 times per year since 2010, to discuss and agree on a common approach to telecom security supervision in the EU.

This work is done under ENISA's Annual work programme Output O.1.2.3 “Support incident reporting activities in the EU”.

Further Information

ENISA Incident Reporting webpage



For questions related to the press and interviews, please contact:

To know more about the ECASEC Expert Group's work, or to join the telecom security mailing lists, to be up to date about our telecom security work or to receive invitations for future telecom security meetings, please contact us via resilience (at)


Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


Cybersecurity for 5G: ENISA Releases Report on Security Controls in 3GPP

Wed, 02/24/2021 - 09:30

Today, the Agency released its Security in 5G Specifications Report about key security controls in the Third Generation Partnership Project (3GPP), the main body developing technical specifications for fifth generation of mobile telecommunications (5G) networks. As vendors, system integrators and operators build, deploy and manage 5G networks, the ENISA publication underlines the need for cybersecurity and for the national regulatory authorities in charge of cybersecurity policy development and implementation to have a good understanding of these controls.

This new ENISA report is directly driven by the objectives set in the EU toolbox for 5G security - mainly technical measure ‘TM02’. This technical measure calls on the relevant authorities in EU Member States to ensure and evaluate the implementation of security measures in existing 5G standards (3GPP specifically) by operators and their suppliers.

The aim of the report is to help national and regulatory authorities to better understand the standardisation environment pertaining to 5G security, 3GPP security specifications and key security controls that operators must implement to secure 5G networks.

More specifically, the report provides:

  • A high-level overview of the specification and standardisation landscape for the security of 5G networks, and of the main activities by various standardisation organisations and industrial groups in the area of 5G;
  • An explanation of the technical specifications developed by 3GPP for the security of 5G networks, with a focus on optional security features;
  • Summary of key findings and good security practices.

The ENISA report also covers security considerations beyond standards and specifications, such as testing and assurance, product development, network design, configuration and deployment, and operation and management.


The target audience of this report includes representatives of national ministries and national cybersecurity agencies who are members of the NIS Cooperation Group and who are engaged in the workstream on 5G cybersecurity, as well as the competent authorities in charge of overseeing security measures under the European Electronic Communications Code.


In December 2020, the European Union Agency for Cybersecurity published an updated version of its 5G threat assessment report (ENISA Threat Landscape for 5G Networks report) to address advancements in the areas of 5G and to contribute to the implementation of the EU toolbox for 5G security cybersecurity risk-mitigating measures.

Just last month, following a request by the European Commission, the Agency announced that it would proceed with the preparation of the new candidate cybersecurity certification scheme on 5G. This step is expected to enhance the cybersecurity of 5G networks as it contributes to addressing certain risks, as part of a broader risk mitigation strategy.  

More information on the Union’s actions to strengthen cybersecurity capacities for 5G networks is available in this brochure.

More informations

ENISA Report - Security in 5G Specifications

ENISA Report - Threat Landscape for 5G Networks

ENISA Guideline on Security Measures under the EECC

5G Supplement - to the ENISA Guideline on Security Measures under the EECC

ENISA Report - Security Supervision under the EECC


For questions related to the press and interviews, please contact:


Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


Solving the Cryptography Riddle: Post-quantum Computing & Crypto-assets Blockchain Puzzles

Tue, 02/09/2021 - 11:00

Cryptography is a vital part of cybersecurity. Security properties like confidentiality, integrity, authentication, non-repudiation rely on strong cryptographic mechanisms, especially in an always connected, always online world.

In addition, cryptography’s applications open up new opportunities and markets: digital signatures or online transactions would not be possible without it. Given its importance, cryptography (encryption) remains a heavily researched field, and even finds its way into the headlines, referred to in high level documents and even legislation.

One such document is the new EU Cybersecurity Strategy (December 2020), which mentions out quantum computing and encryption as key technologies for achieving resilience, technological sovereignty and leadership.

With the objective to support the implementation of the Cybersecurity Strategy and of relevant legislative efforts, ENISA publishes two reports on the topic of cryptography. The first one focuses on the forthcoming disruptions of post-quantum computing on our present cybersecurity infrastructure and how we need to mitigate it. The second one introduces the cryptographic building blocks used in a majority of digital currencies & crypto-assets, which will fall under the scope of a new EU regulatory proposal.

Post Quantum security and why it matters

Quantum technology will enable a huge leap forward in many branches of industry, as it can efficiently resolve problems technologies of today are not able to provide a solution for. However, this technology will be highly disruptive for our current security equipment and systems.

As a matter of fact, scientists commonly agree that quantum computers will be able to break widely used public-key cryptographic schemes. These are the same schemes working behind the green lock in our browser tabs telling us that our data are protected against malicious eavesdroppers. Similarly, these are also the same schemes allowing us to have digital signatures and designed to implement the Electronic identification (eID) and Trust Services of the eIDAs regulation. Consequently, data or processes protected by those schemes, such as bank transactions, software updates, digitally signed official documents, patient records and more, will instantly cease to be secure.

This initiative is motivated by the fact that the transition to new quantum resistant cryptographic algorithms will take years, since the related processes are both extremely intricate and financially costly.

The study - Post-Quantum Cryptography: Current state and quantum mitigation - provides a concise overview of the current progress of the standardisation process of post-quantum cryptography (PQC) schemes. It introduces a framework to analyse existing quantum-safe solutions, classifying them into families and discussing their advantages and shortcomings.

With contributions from top experts in the field, it helps readers navigate an overly complex but also fascinating topic for the future of cybersecurity. The study aims to help decision makers and system designers take up appropriate actions, as soon as possible. To that end, it includes useful quantum resistant techniques that can be implemented in today’s systems until PQC algorithms become standardised and generally available.

Under the hood of crypto assets & the Distributed Ledger Technology

With the creation of a pan-European blockchain regulatory sandbox, the European Union intends to put Distributed Ledger Technologies (DLTs) to the test. Such technologies, also referred to as blockchain technologies, are those on which digital assets such as cryptocurrencies are built upon. But the applications do not stop there, smart contracts, anti-counterfeit seals, even games, have been based on a few important cryptographic building blocks.

The ENISA report - Crypto Assets: Introduction to Digital Currencies and Distributed Ledger Technologies - aims to further increase understanding around these underlying cryptographic components that compose the blockchain and in extension crypto-assets, digital currencies and the host of applications possible.

As a continuation of an earlier report on the security and challenges of DLTs, this report provides an in-depth explanation of the technical components involved and illustrates their uses into popular deployed instances.

By focusing on crypto-assets, ENISA intends to support policymakers by explaining the underling cryptographic mechanics used and raise awareness on foreseen security, financial, legal and data protection issues.


This work falls under the provisions of Articles 5, 8, 9 and 11 of the Cybersecurity Act. ENISA's Work Programme foresees activities to support Knowledge Building in Cryptographic algorithms.

In cooperation with the European Commission, Member States and other EU bodies, the Agency engages with expert groups to address emerging challenges and promote good practices.

One of these emerging risks arise in relation to quantum computing cryptanalytics capabilities, where there is need to transition to quantum safe encryption as a counter measure and to support EU in advancing its strategic digital autonomy. In addition, the continuation of past ENISA work on blockchain security with a new study looking at the cryptographic components was very timely as it coincided with the EU efforts in regulating crypto-assets and the announcement of the ECB that it is exploring the plausibility of a centrally backed digital euro, to complement the euro banknote.

Further information

ENISA report - Post-Quantum Cryptography: Current state and quantum mitigation

ENISA report - Crypto Assets: Introduction to Digital Currencies and Distributed Ledger Technologies

On the security of personal data: Cryptographic Protocols and Tools

EU Cybersecurity Strategy for the Digital Decade

Distributed Ledger Technology & Cybersecurity - Improving information security in the financial sector


For questions related to the press and interviews, please contact press (at)


Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


Highlights of the Cybersecurity Standardisation Conference

Fri, 02/05/2021 - 09:30

The European Standards Organisations, CEN, CENELEC and ETSI, joined forces with ENISA, the European Union Agency for Cybersecurity, to organise its annual conference virtually this year. The event, which took place from 2nd to 4th February, attracted over 2000 participants from the EU and from around the world.

The conference addressed standardisation in relation to the Radio Equipment Directive (RED) and certification under the provisions of the Cybersecurity Act (CSA).

Objectives of the conference

The purpose of the conference was twofold. The event presented the current developments in the areas. It was also intended to foster a dialogue among policymakers, industry, research, standardisation and certification organisations, including all of those involved in the development of the ICT certification framework in Europe. The ultimate objective of the exercise is to implement the Cybersecurity Act in the most effective way.

The objectives of the presentations and key topics addressed by the conference panels were the following:

  1. Cybersecurity requirements and standardisation activities under the scope of the Radio Equipment Directive:

The presentation focussed on the cybersecurity requirements of the Directive. The European Commission is preparing delegated acts as well as a request for standardisation to CEN-CENELEC and ETSI. The panel highlighted the connection between the European regulatory requirements and explored how standardisation can align with the EU policy goals in a global context. The participants were invited to discuss the link between the requirements of the RED and those associated with the Cybersecurity Act.

This part of the conference introduced the current state of play in cybersecurity standardisation. The purpose of the discussion was also to draw attention to the gaps identified that need to the bridged. Each panellist was given the floor to present updates from their organisations.

  • Developments on standardisation in the area of Consumer IoT:

The panel addressed the situation of standardisation in this area in relation to the general security standard active since last year.

The attention was drawn on sectorial standards and whether standards for smart homes, the automotive or house appliance for instance would be relevant ones to address. Interesting questions came up to liven the debate on the subsequent steps of certification, on how certification will impact end user behaviour or how to promote certified products.

  • Standardisation of 5G, next steps foreseen:

The panel engaged in a discussion on the progress made so far on the standardisation of 5G. As preparations for a cybersecurity certification scheme for 5G networks are now beginning, important aspects needed to be addressed. It was important to stress the potential of certification given the number of initiatives already launched in the area and identify prospects for the future.

Cybersecurity Certification

Securing EU’s Vision on 5G: Cybersecurity Certification

The last panel closed the conference on a discussion focussed on the future of cybersecurity certification in general. It comes as the European Commission requested ENISA to prepare a candidate cybersecurity certification scheme on 5G networks on 3rd February 2021.

How should the standardisation activities be prepared? How should these activities match with and help achieve the goals of the Union rolling work programme? Such questions remain to be answered in a comprehensive way.

As evidenced by the high number of participants such questions obviously stimulate the interest of a very large audience showing how crucial it is to open the debate as widely as possible to respond to these challenges adequately. Therefore, the audience of the conference and the public at large are most likely to expect a follow-up edition to take place in early 2022.


Article 8 of the Cybersecurity Act gives mandate to the European Union Agency for Cybersecurity to monitor developments in the area of standardisation. The work of the Agency builds on the on-going standardisation work of the European Standardisation Organisations: CEN, CENELEC, ETSI, as well as the Cybersecurity Coordination Group (CSCG). ENISA engages its expertise to support these organisations, the European Commission and all other relevant stakeholders. In addition, ENISA is also cooperating with the Standard Developing Organisations (SDOs), namely ISO SC27 (Liaison), ETSI (Memorandum of Understanding) and CEN CENELEC (Collaboration agreement).

Further Information

The slides presented during the conference will be made available within the next few weeks on the website of the Cybersecurity Standardisation Conference

ENISA website – Standards Topic

European Committee for Standardization (CEN)

European Committee for Electronical Standardization (CENELEC)


Radio Equipment Directive (RED)

Cybersecurity Act (CSA)

EU Cybersecurity Strategy for the Digital Decade

Securing EU’s Vision on 5G: Cybersecurity Certification


For questions related to the press and interviews, please contact press (at)


Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


Training Together to Fight Cybercrime: Improving Cooperation

Tue, 01/26/2021 - 11:00

The publications are designed to help tackle the challenges of this complex multi-stakeholder cooperation. The report, the handbook and the toolset are a set of deliverables complementing each other as follows:

  • The report analyses roles, duties, competences, synergies and potential interferences across Computer Security Incident Response Teams (CSIRTs) - in particular, national and governmental ones, LE and judiciary (prosecutors and judges);
  • The handbook helps a trainer explain these concepts through different scenarios;
  • The toolset consists of exercises meant for trainees based on the handbook’s scenarios.

The report proposes a methodology to analyse the legal and organisational framework defining the roles and duties, the required competencies of CSIRTs and LE. It also identifies synergies and the potential interferences that may occur while engaging in the activities needed to respond to incidents of criminal nature and in fighting cybercrime.

In addition, it presents a detailed analysis focusing on Czechia, France, Germany, Luxembourg, Norway, Portugal, Romania, and Sweden. The methodology proposed can be used for a more comprehensive future analysis covering additional countries as it is based on:

  • desk research;
  • subject matter expert interviews;
  • the segregation of duties (SoD) matrix.

This SoD matrix is also available in the ENISA repositories in GitHub, as well as the documentation on the Reference Security Incident Taxonomy Working Group (RSIT).

The RSIT working group will meet today as part of the 62nd TF-CSIRT Meeting. These are two other examples of the efforts ENISA engages in to contribute to building a bridge between CSIRTs and LE communities.

Main conclusions of the 2020 report on CSIRTs and LE cooperation include:

  • The communities already engage in a number of actions meant to:
    • Avoid interferences wherever possible;
    • Create effective partnerships;
    • Use their synergies to support each other.
  • However, interferences may still happen in the process of incident handling and cybercrime investigations, mainly because of the difference in purpose and mandate of each of these communities, i.e. incident mitigation (CSIRTs) compared with evidence preservation and criminal prosecution (LE and the judiciary).
  • Joint training activities are organised mainly in community pairs, being either CSIRT and LE or LE and the judiciary. Such activities rarely involve the three communities. The joint training activities help the wider development of the competences required to respond to cybercrime.
  • Overall, the 2019 pandemic of the COVID-19 virus did not have any significant impact on cooperation and exchanges between the three communities and their ability to function. Interaction even increased in some instances. For example, daily dialogues became more frequent in order to ensure that each community was kept informed as the situation evolved.

Access the report and the training

ENISA Report on CSIRT-LE Cooperation - A study of the roles and synergies among selected countries

Training - Aspects of Cooperation between CSIRTs and Law Enforcement Agencies


The response to cybercrime requires the cooperation of all actors involved. In this response, CSIRTs, LE and the judiciary perform each a different role and seek different objectives. Helping CSIRTs, LE and the judiciary understand their roles, duties and competences reciprocally will allow a closer cooperation while building on synergies and hence avoid possible interferences.

ENISA has been collecting input from the communities and compiling reports to shed light on the different aspects of the cooperation. These efforts are meant to further enhance the cooperation between CSIRTs and LE and their interaction with the judiciary, In addition, the Agency has been developing training material and co-organising the annual ENISA-EC3 workshop on CSIRT-LE Cooperation. The last edition of this event took place on 16 September 2020.

This new report and training material build on the work already completed in the area over the past. It contributed to the implementation of the ENISA programming document 2020-2022. The work conducted by ENISA in this area is planned to continue in 2021.


For questions related to the press and interviews, please contact press (at)


Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


Synopsis of Webinar on Certification of Cloud Services

Thu, 01/21/2021 - 11:00

The purpose of this webinar was to give the opportunity to stakeholders at large to learn about the draft candidate EUCS. Released on 22 December, the draft candidate scheme is open to public consultation until 7 February 2021.

Eric Vétillard, Lead Certification expert of the EU Agency for Cybersecurity (ENISA) introduced the main principles applied to the development of the scheme and answered the questions of the audience.

The presentation included a review of the progress and addressed the main challenges of this ambitious mission. The idea was also to explain the logic behind the choices made to build the draft candidate scheme and to define associated concepts such as:

  • The three assurance levels;
  • The assessment method;
  • Sub-services;
  • The organisation of security controls;
  • The requirements for transparency (available documentation for customers).

The webinar closed with an overview of the next steps of the project as well as anticipated challenges, such as:

  • The enhancement of the present draft considering public feedback;
  • Experimentations based on the draft scheme to test specific requirements or the assessment method;
  • The fine-tuning of the scheme to ensure consistency throughout the development of guidance.

The recording of the webinar, (presentation and Q&A session) is available here below:


The slides presented during the webinar are also publicly available: ENISA Cybersecurity Certification of Cloud Services - Presentation

The current version of the draft candidate cybersecurity certification scheme is open to public consultation until 7 February 2021 while a review by the European Cybersecurity Certification Group (ECCG) and the Stakeholder Cybersecurity Certification Group (SCCG) will also be carried out.

To participate to draft candidate EUCS:

To review the draft scheme, visit: Draft EUCS Candidate Scheme.

To participate in the public consultation, visit: Draft EUCS Candidate Consultation Survey.


For questions related to the press and interviews, please contact press (at)


Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


ENISA and eu-LISA – Cooperation for a More Digitally Resilient Europe

Fri, 01/08/2021 - 11:00

Within the priorities of the Portuguese Presidency of the Council of the European Union and the current Recovery Plan for Europe put forward by the European Commission, the words “digital” and “resilience” are prominent and at times used together. When combined they bring to mind IT-related challenges that need to be addressed to ensure a stronger and safer Europe for its citizens. One of the primary concerns is cybersecurity; and, given that this is a topic of common interest to the European Union Agency for Cybersecurity (ENISA) and the European Union Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice (eu-LISA), it gives the two Agencies further impetus to work together to face this growing threat.

Earlier today Executive Directors Juhan Lepassaar (ENISA) and Krum Garkov (eu-LISA) signed a multiannual Cooperation Plan. The plan sets out activities that will provide benefits through joint actions to the Agencies themselves and to the EU Member States.

The three-year Cooperation Plan complements the existing regulations applicable to ENISA and eu-LISA, and lays out various actions within complimentary areas that the Agencies can draw benefits from by sharing knowledge, information and expertise. Information Security, Business Continuity, Research, Data Protection and Corporate Quality Management are among the priority areas identified for collaboration.

ENISA Executive Director Juhan Lepassaar said: “Securing our digital future is facilitated by sharing knowledge and expertise. This Cooperation Plan will allow our Agencies to find solutions together.”

"With cybersecurity and digital resilience high on the European agenda for the coming years, it seems fitting to take the opportunity to strengthen our cooperation with ENISA and to boost our common contributions to the goals set for Europe's digital future. There are many areas where our respective consolidated expertise can be put to good use. The EU Cybersecurity Strategy, adopted by the Commission in December, is one of these and the fast changing landscape of cyber threats including the ensuing need to secure common cyber spaces are examples of where we can mutually assist each other. This renewed agreement is the best way to kick-off 2021 and eu-LISA is looking forward to extending its relationship with ENISA." said Krum Garkov, Executive Director of eu-LISA.

It is in the common interest of both Agencies to promote and share activities with their stakeholders and the general public in order to provide increased visibility and further improve awareness of their respective responsibilities and joint successes. For this reason, the Cooperation Plan includes core activity related plans, as well as communication and information sharing as important areas for joint actions.

Further Information:

For questions related to the press and interviews, please contact press (at)


Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


Launch of New Ad-hoc Working Group on European Cybersecurity Skills Framework

Fri, 12/18/2020 - 11:00

The creation of the working group on Cybersecurity Skills Framework marks another milestone in the efforts of the European Union Agency for Cybersecurity to address the workforce shortage and skills gap problem.

The cybersecurity workforce shortage and skills gap is a major concern for both economic development and security, especially in the rapid digitisation of the global economy.

The European Cybersecurity Skills Framework project aims to:

  • promote harmonization in the ecosystem of cybersecurity education, training, and workforce development;
  • help in the development of a common European language in the cybersecurity skills context, to reduce the skills shortage;
  • support the digital transformation, by defining the skills needed to fulfil cybersecurity related positions;
  • support the design of cybersecurity related training programmes for skills and career development in order to address the cybersecurity skills shortage.

The Ad Hoc Working Group on the European Cybersecurity Skills Framework is meant to support the development of a Cybersecurity Education and Skills Framework in response to the European Skills Agenda. The working group follows the Pact for Skills engagement and governance model, having input from a number of relevant stakeholders and will assess the challenges in the development of the European Cybersecurity Skills Framework from different perspectives (e.g. academic and industrial perspective).

The purpose of the ad-hoc working group is to:

  • advise ENISA on defining the criteria for a European Cybersecurity Skills Framework;
  • support the analysis of other existing initiative cybersecurity related frameworks with respect to the defined criteria;
  • assist in identifying gaps in already developed European Cybersecurity Skills Framework;
  • assist in conducting a SWOT analysis for an European Cybersecurity Skills Framework;
  • review of related ENISA deliverables;
  • assist in the preparation of the European Skills Framework.

Further Information

ENISA website page - Ad Hoc Working Group on the European Cybersecurity Skills Framework.


For questions related to the press and interviews, please contact press (at)


Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


Cybersecurity in the Maritime Sector: ENISA Releases New Guidelines for Navigating Cyber Risk

Thu, 12/17/2020 - 13:00

Today, the European Union Agency for Cybersecurity (ENISA) released cybersecurity guidelines to help European port operators manage cyber risks amid digital transformation and increased regulations. ENISA’s new Guidelines - Cyber Risk Management for Ports was drafted in collaboration with several ports in EU Member States. The publication builds on ENISA’s 2019 Port Cybersecurity Report by providing actionable practices that speak to the current cybersecurity threats and changing digital landscape faced by Europe’s maritime sector.

EU Agency for Cybersecurity Executive Director Juhan Lepassaar stated: “The maritime sector plays a pivotal role in the global supply chain. Advancing digital technologies bring economic benefits to ports, but also introduce new cyber threats. The report provides guidelines and good practices to support them in effectively conducting this cyber risk assessment, which is where many of these operators face challenges.”

The interconnected nature of ports requires operators to achieve and maintain a baseline level of cybersecurity to ensure security across the port ecosystem. The report notes that the EU maritime sector has a fragmented approach to assessing cyber risks.

The report encourages port operators to develop a set of good practices in a means to develop this baseline level of cybersecurity. Practices include to:

  • Identify cyber-related assets and services in a systematic way that includes maintaining an asset inventory, identifying dependencies and deploying automation;
  • Adopt a comprehensive approach for identifying and evaluating cyber risks that includes CTI, risk indicators and business impact analysis, involves all relevant stakeholders and is integrated at an organisational level;
  • Prioritise the implementation of security measures following a risk-based approach that considers security measure effectiveness and pertinence to the identified risks, and is founded in a security-by-design approach;
  • Implement organisation-wide cybersecurity awareness and technical training programmes;
  • Develop a comprehensive cybersecurity programme that involves a commitment by senior management;
  • Conduct a cybersecurity maturity self-assessment to identify priorities for improvement, and budget and resource allocation.


The NIS Directive classifies several categories of port operators as Operators of Essential Services (OES), including port authorities and terminal operators. Cyber risk assessments are among the NIS Directive requirements for these OES. The International Maritime Organisation’s (IMO) International Ship and Port Facility Security (ISPS) code concerns port facilities / terminal operators and provides a framework for conducting security risk assessment, albeit not necessarily specific to cyber risks. The ISPS code is implemented in the EU by Regulation 725/2004; while EU Directive 2005/65 on enhancing port security introduces similar requirements and extends them to ports.

The EU Agency for Cybersecurity supports cybersecurity in Europe’s maritime sector by providing recommendations, supporting the development of regulations, facilitating information exchange and organising awareness-raising events. In 2019, the Agency published its Port Cybersecurity Report with a set of cybersecurity good practices for the maritime sector, and organised two maritime security workshops with the European Maritime Safety Agency (EMSA).

The Agency is currently developing an online tool for cyber risk management for port operators, and will continue its work with EU bodies, such as the EMSA, and Member States to strengthen cybersecurity for the sector.

Further Information

Guidelines - Cyber Risk Management for Ports

Port Cybersecurity Report

Maritime Cybersecurity by ENISA


For questions related to the press and interviews, please contact press (at)


Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


Driving the Global Ecosystem of Incident Response Capabilities: New Studies Now Available

Thu, 12/10/2020 - 09:00

The 12th meeting of the CSIRTs Network, held earlier this week, was the opportunity for the European Union Agency for Cybersecurity to introduce the following two new guides dedicated to improving the work of incident response teams:

The event, hosted by the German Presidency of the Council of the European Union, gathered together CSIRTs Network Members (EU Member States’ appointed CSIRTs and CERT-EU ) to discuss operational cooperation capabilities in the EU as defined by the Network and Information Security Directive.

The role of the CSIRTs Network is to provide a forum where the national and sectoral CSIRTs of all Member States and CERT-EU can cooperate, exchange information, and work on how to build trust. They are dedicated to the improvement of the way cross-border incidents are handled and how to respond in a coordinated manner to specific incidents. ENISA provides the secretariat of the CSIRTs Network and actively supports the cooperation between the members of the network and the organisation of their meetings.

What are the studies intended for?

Both studies are intended for incident response teams. The first one was conducted to investigate ways on how to establish and improve teams. The second one focusses on trends in Energy and Air Transport Incident Response (IR) and offers insights on current challenges and gaps.

How to set up CSIRT and SOC - Good Practice Guide

Cybersecurity threats are increasing and becoming more complex. One of the most effective ways to counter these threats is by creating a global ecosystem of computer security incident response teams (CSIRTs) and security operations centres (SOCs).

The purpose of this ecosystem is to facilitate communication, the sharing of information in order to respond to cyber-threats effectively. This can be achieved by providing relevant frameworks while increasing the number of CSIRTs and SOCs around the world and developing the maturity of existing CSIRTs and SOCs.

ENISA is assisting EU Member States with their incident response capabilities by providing them with various resources, such as documents, tools, materials and guidance. More than 40 teams from all over the world contributed to the content of the study.


The study developed on a results-driven approach. It is presented with a structure meant to provide guidance on the different stages of the establishment of a CSIRT or SOC organization. The reader will be guided on what to focus on at each stage of the process such as establishment and improvement.

This publication will be of specific interest to those who intend to establish a CSIRT or SOC. It will also help those looking for guidance on possible improvements according to the different types of CSIRTs and SOCs already created and functioning today. The guide builds on the existing work of ENISA, especially in the areas of maturity and training.

Sectoral CSIRT capabilities - Status and Development in the Energy and the Air Transport sector

Digital infrastructure, Information and Communication Technologies are critical to our societies and economies. Both Energy and Air Transport sectors face considerable threats with potentially disastrous financial and societal consequences. This is why they require solid Incident Response Capabilities (IRC).

Both sectors come with large supply chains and a multiplicity of stakeholders (Public authorities, Regulators, Professional associations, large industries, SMEs, etc.). They have, in recent years, taken steps to structure and strengthen their ability to face cyber threats and to respond to cyber incidents. The creation of ISACs to encourage information-sharing at the sectoral level is an excellent illustration of this evolution.

Context and scope of the study

This publication provides a continuation of the work on Sectoral IRC at European level following the publication of the 2019 “EU Member States incident response development status report”.

By providing an extensive analysis of the recent changes and evolutions of IR capabilities (IRC) within Air Transport and Energy sectors in the Member States, the study aims to increase the understanding and knowledge of IRC development under today’s circumstances. To that effect, the study was conducted in the light of the recent changes related to the Covid-19 pandemic and in the context of the upcoming revision of the NIS Directive.


The study is presented as a snapshot of the current situation in the area. General recommendations are provided around capabilities, regulations and collaboration. In particular, The study highlights a total of eight key findings on topics like establishment and organization of sectorial CSIRTs, specific services and competencies offered by such CSIRTs, tools and information sharing mechanisms used as well as challenges faced.

Further Information

CSIRTs Network website

Topic - CSIRTs Servicies

Topic - CSIRTs and communities


For question related to CSIRT

For questions related to the press and interviews, please contact press (at)


Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


Focus on National Cybersecurity Capabilities: New Self-Assessment Framework to Empower EU Member States

Mon, 12/07/2020 - 11:00

Why a capability assessment framework?

Cybersecurity capabilities are the main tools used by EU Member States to achieve the objectives of their National Cybersecurity Strategies. The purpose of the framework is to help Member States build and enhance cybersecurity capabilities by assessing their level of maturity.

The framework will allow EU Member States to:

  • Perform the evaluation of their national cybersecurity capabilities.
  • Increase the maturity level of awareness;
  • Identify areas for improvement;
  • Build new cybersecurity capabilities.

Download the ENISA Report - National Capabilities Assessment Framework

The origins of the concept

Developed with the support of 19 EU Member States, this framework was designed following an extensive exchange of ideas and good practices. The strategic objectives of the national cybersecurity strategies served as a basis of the study.

The framework was developed as part of the mandate of ENISA, as defined in the Cybersecurity Act. It falls under the provision to support EU Member States in building capacities in the area of national cybersecurity strategies through the exchange of good practices.

The key features

The self-assessment framework is composed of 17 objectives structured around 4 clusters. Each of these clusters is associated to a key thematic area for building cybersecurity capacity. Different objectives are also associated to each cluster. Based on 5 levels of maturity, specific questions were devised for each objective.

The clusters are as follows:

  • (I) Cybersecurity governance and standards - This dimension considers aspects of planning to prepare the Member State against cyber-attacks as well standards to protect Member States and digital identity
  • (II) Capacity-building and awareness - This cluster assesses the capacity of the Member States to raise awareness on cybersecurity risks and threats and on how to tackle them. Additionally, this dimension gauges the ability of the country to continuously build cybersecurity capabilities, increase knowledge and skills in the cybersecurity domain.
  • (III) Legal and regulatory - This cluster measures the capacity of the Member States to put in place the necessary legal and regulatory instruments to address cybercrime and also address legal requirements such as incident reporting, privacy matters, CIIP.
  • (IV) Cooperation - This cluster evaluates the cooperation and information sharing between different stakeholder groups at the national and international level.

Target Audience

The report issued is intended for policymakers as well as experts and officials responsible for, or involved in the design, implementation and evaluation of a national cybersecurity strategy and/or of national cybersecurity capabilities.

Further Information

ENISA Topic - National Cybersecurity Strategies

ENISA Report - Good Practice Guide on NCSS

ENISA Report - Good practices in Innovation

NCSS Evaluation Tool

NCSS Interactive Map

Press Contact

For questions related to the press and interviews, please contact press (at)

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


16th Meeting of Article 19 Expert Group: Strengthening Security for e-Trust Services

Fri, 12/04/2020 - 11:00

On the 1st and 2nd  of December, the European Union Agency for Cybersecurity (ENISA) held the 16th meeting of the ENISA Article 19 Expert Group to focus on the security of Europe’s electronic trust services, which include digital signatures, digital certificates, electronic seals, timestamps and more. The expert group’s work focuses mainly on the security of trust services, and the technical details of security incident reporting and cross-border incident reporting between EU Member States.

At the two-day online meeting, 53 experts from eIDAS supervisory bodies, the European Commission and the EU Agency for Cybersecurity exchanged information and good practices on how to supervise security in the trust services sector. Experts discussed trust services security incidents occurring in the past six months, a recent digital signature vulnerability and steps to minimise the impact on trust services. Discussions also covered the security aspects of PDF Advanced Electronic Signatures (PadES), and the registration process and identification of signatories.

The Commission provided an update on the ongoing review of the eIDAS Regulation, which provides an EU framework for trust services and national eID schemes. The EU Agency for Cybersecurity presented its updated CIRAS tool for incident reporting, which facilitates cross-border collaboration on supervision topics. The Agency also presented its upcoming papers on the “Capability Maturity Model for eID Schemes” and on methods to carry out remote identity proofing.

About the ENISA Article 19 Expert Group

In 2015, the EU Agency for Cybersecurity set up the Article 19 Expert Group to support voluntary collaboration between Member States on the technical details of how to implement eIDAS Regulation Article 19, which sets the security requirements for trust service providers. The group meets two times per year, usually back-to-back with bi-annual meetings of the Forum of European Supervisory Authorities for trust service providers (FESA).

Currently chaired by Ulrich Latzenhofer, a representative of the Austrian Regulatory Authority for Broadcasting and Telecommunications (RTR), the expert group consists of more than 80 experts from national authorities of 31 EU, EFTA and EU candidate countries. The group produces technical guidelines on the implementation of the incident reporting under Article 19.

The EU Agency for Cybersecurity supports the expert group with reports, studies and analysis. In 2019, the Agency produced two reports assessing the relevance of specific standards for the implementation of eIDAS, and two reports exploring the harmonisation of security requirements for QTSPs and the technological landscape for eID schemes (see: ENISA News - Earning Trust: ENISA on eID and Trust Services). Every year, the Agency also publishes an annual summary report about major security incidents.


Since 2013, the EU Agency for Cybersecurity has been at the forefront of the developments in eIDAS. The Agency has been supporting the Commission and the Member States in the area of trust services by providing security recommendations for the implementation of trust services; mapping technical and regulatory requirements; promoting the deployment of qualified trust services across Europe, and more. The EU Cybersecurity Act of 2019 has strengthened the Agency’s role is supporting the implementation of eIDAS. 

Further Information

ENISA Incident Reporting webpage

ENISA Article 19 Expert group portal


To learn more about the work of the ENISA Article 19 Expert Group, please contact us via resilience (at)

For press questions and interviews, please contact press (at)



Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


ENISA Report Highlights Resilience of Telecom Sector in Facing the Pandemic

Thu, 11/26/2020 - 11:00

Today, at the 32nd meeting of EU telecom security authorities, the European Union Agency for Cybersecurity (ENISA) is releasing its Telecom Security During a Pandemic report, which gives an overview of initiatives and good practices in the telecom sector to mitigate the impact of the pandemic. The report highlights the resiliency of telecom networks and services during the pandemic, which sustained major fluctuations in usage and traffic. The report also points to the need for increased cooperation between the public and private sectors as the role of telecoms expands. 

The COVID-19 pandemic triggered major changes in the use of telecom networks and services: employees are teleworking; students are learning online; people are communicating via video. Almost overnight, the telecoms sector became a lifeline for Europe’s citizens and businesses. The pandemic put the telecom sector to the test with traffic peaks and spikes, combined with a national crisis and difficult working circumstances. Peaks followed major announcements about the pandemic; spikes occurred after news of lockdowns and closures. The diagram below shows the correlation between COVID-19 cases and fluctuations in network traffic on a single timeline. This is an example of one provider in one EU country, but it is representative of what other operators in Europe observed. 

Figure: A schema of the volume of traffic on the telecommunications networks as the pandemic evolved (SourceFastly)

The report is divided in three parts:

  • Early response phase: The report assesses the steps taken by telecom providers in the early response phase when providers activated their business continuity plans and supported emergency communications and communications via public warning systems. 
  • From initial strain to the new normal: Telecom providers had to deal with major surges and shifts in usage and in traffic patterns from the start of the pandemic. Gradually, this stabilised and became “the new normal”. The report examines the changes in usage, traffic patterns and network performance during the pandemic, and provides various examples of how providers managed the increased network loads. 
  • Response by the national authorities and collaboration with the telecom sector: The report provides a brief country-by-country summary of the pandemic response by the national telecom security authorities in the Union. It also highlights examples of industry initiatives, collaboration initiatives and information sharing between providers and authorities.

About the ECASEC Meeting (32nd Meeting of the Article 13a Expert Group)

On the 25th of November, the EU telecom security authorities expert group kicked off a two-day meeting with the European Commission and the EU Agency for Cybersecurity to exchange information and good practices on telecom security. This 32nd meeting focuses on the implementation of the Electronic European Communications Code (EECC), which EU Member States will need to adopt into their telecom regulations before the end of 2020.  

The group is chaired by Warna Munzebrock, the representative of the Agentschap Telecom, the Dutch Radio-communications Agency. Ms Munzebrock opened yesterday’s meeting by welcoming experts from across Europe. The authorities also voted to change the name of the group from the ENISA Article 13a Expert Group to ECASEC (European Competent Authorities for Secure Electronic Communication), due to the upcoming regulatory changes. 

Participants discussed the incident reporting thresholds under the new Electronic European Communications Code (EECC). Experts from the EU Agency for Cybersecurity presented the newly updated CIRAS tool for incident reporting, which includes more support for cross-border collaboration on supervision topics. The group received updates from the Commission on the progress of the NIS Directive review and from BEREC representatives on the work of the ad-hoc 5G cybersecurity workgroup. 

Today, participants will take part in a roundtable discussion about their national legislative developments, telecom security incidents over the past six months, as well as key trends and observations. ENISA will provide an update on the update of the technical guideline on security measures, the supplementary 5G security profile and the results of the ENISA study on Resilience and Security of so-called over-the-top (OTT) communication services. 

About the ECASEC Expert Group (formerly Article 13a Expert Group)

Established in 2010, the group consists of more than 50 experts from national telecom security authorities from 31 EU, EFTA and EU candidate countries, who supervise the security of telecom networks and services. The group produces technical guidelines for European authorities on the implementation of EU telecom security rules and publishes a summary report about major telecom security incidents yearly. The group aims to adopt two technical guidelines on incident reporting and security measures under the EECC before the end of 2020. The next expert group meeting is set to take place in the first quarter of 2021.


To know more about the work of ECASEC, formerly the ENISA Article 13a group, or to join the ENISA telecom security mailing lists, to be up to date about our telecom security work and receive invitations for future telecom security meetings, please contact us via resilience (at)

For questions related to the press and interviews, please contact press (at)

European SMEs facing increased cyber threats in changing digital landscape

Mon, 11/23/2020 - 11:00

On the 17th of November, the European Union Agency for Cybersecurity (ENISA) organised an online workshop for European small and medium-sized enterprises (SMEs) to share their first-hand experience of working towards strengthened resiliency in the face of COVID-19-related cybersecurity challenges. Participants also offered their views on the initial findings from the ENISA Cybersecurity for SMEs report, due out in the coming months.  

Accounting for more than half of Europe’s GDP, SMEs are a key driver of innovation and growth across the Union. Their well-being is vital to both the economy and society. The pandemic has put an incredible stress on these businesses this year. SMEs are not only navigating a new digital realm where employees work from home and business is increasingly conducted online, but they are also facing more advanced and targeted cyber threats.

Dr. Evangelos Ouzounis, Head of the Secure Infrastructure and Services Unit of the EU Agency for Cybersecurity, opened the one-day workshop with a keynote speech about the Agency’s work with SMEs - from publishing guidance on best practices to gathering stakeholders across communities to increase cybersecurity awareness. Dr. Ouzounis introduced Oana-Georgiana Popescu of the Executive Agency for Small and Medium-sized Enterprises (EASME), who discussed the European Innovation Council Accelerator’s community platform, and connection to the research and innovation programme, Horizon Europe (2021-2027).

Moderated by Ms. Popescu, panellists from SMEs with expertise in cybersecurity and information technology discussed current obstacles and their efforts towards increasing cyber resiliency. Brian Honan, founder of Ireland-based BH Consulting, highlighted the dangers of social engineering attacks. Antonio Ramos, CEO of Leet Security in Spain, presented cybersecurity capability building models and security governance. Peter Stelzhammer, co-founder of Austria’s AV Comparatives, offered examples of anti-malware solutions. Piotr Żabrowski of Poland’s discussed cybersecurity in the e-commerce sector.

The event highlighted SME’s increasing need for the right tools to stay ahead of the game and be prepared for cyber threats before they happen. Participants welcomed the work and involvement of the EU Agency for Cybersecurity and expressed a great interest in participating in further SME-targeted initiatives by the Agency.


For nearly 15 years, the EU Agency for Cybersecurity has been pushing forward cybersecurity initiatives to assist SMEs to integrate cybersecurity into their digital environments. Starting in 2006 and 2007, the Agency published two Information Package for SMEs reports, providing risk assessment and management methodologies for SMEs. In 2010, the Agency published the Business Continuity for SMEs report to help facilitate IT knowledge transfer to SMEs. In 2015, the Cloud Security Guide for SMEs report was released to assist SMEs understand the security risks and opportunities regarding cloud services; and two years later, the Agency’s Guidelines for SMEs on the security of personal data processing were published.

This year, the EU Agency for Cybersecurity has released a series of tips to help businesses face the rapidly changing digital sphere during the pandemic: Tips for selecting and using online communication tools; Tips for cybersecurity when buying and selling online; Tips for cybersecurity when working from home; Top ten cyber hygiene tips for SMEs during covid-19 pandemic. Most recently, in November 2020, the EU Agency for Cybersecurity and the National Cyber Security Alliance released a joint checklist for SME, offering businesses on both sides of the Atlantic a basic guide to maintaining digital security.

The upcoming ‘Cybersecurity for SMEs: Challenges and Recommendations’ report is part of the Agency’s wider work to increase the cybersecurity resiliency of SMEs across Europe. The publication is based on a two-month-long public survey in which more than 250 European SMEs identified their main cybersecurity challenges and their level of preparedness to cope with the most common cyber threats.

Press Contact

For questions related to the press and interviews, please contact press (at)


Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items: