European Union Agency for Network and Information Security

29th Article 13a telecom security meeting in Belgrade

Mon, 11/18/2019 - 09:00

The meeting was opened by Mr. Vladica Tintor, Director of RATEL, who gave an overview of the structure and activities of RATEL. Jovan Milosavljevic gave a great talk on the work of the National Centre for the Prevention of Security Risks in ICT systems, i.e. the national CSIRT, how they work, how breach reporting is set up and what the current priorities are, etc. The national CSIRT is a part of RATEL.

The meeting proceeded with liaison statements from related groups like the NIS Cooperation Group, and the NIS CG work streams on digital services and digital infrastructure. ENISA presented its paper on Security Supervision under the European Electronic Communications Code (EECC), which is due to be published in December. The EECC expands the telecom security provisions in Article 13a of the Framework directive and will cover also so-called Over-the-top providers of communications services.

At the end of the day ENISA opened discussions about a number of challenges, which will have to be addressed by the group going forward under the new legislative framework, such as the new definition of security in the EECC, the new reporting parameters in the EECC and the new ENISA tool for EECC breach reporting CIRAS (Cyber Incident Reporting and Analysis System). As a social event offered by RATEL the group paid a visit to the Nikola Tesla museum in Belgrade. Tesla was the first to envisage and develop wireless/radio communication technology and he foresaw that indeed such communication technology would drastically change the world.

On the second day, each country give an update on their state of play and relevant recent incidents. ENISA presented a plan and timeline for updating the Article 13a security framework, which needs adaptation for the EECC. BEREC presented the results of its survey on 5G auctions. BAKOM, the telecom regulator of Switzerland, gave an overview of its work on power outages and their impact on telecom networks.

The Article 13a group will change name and, where needed, membership, to adapt to the new legislation, the EECC. In 2020, much of the work of the group will be dedicated to updating the guidelines for security measures and to adapt the incident reporting process to the new provisions.

If you like to know more about this work, or if you want to join our telecom security mailing lists to be kept up to date about our telecom security work or to receive invitations for future telecom security meetings, please contact us via resilience@enisa.europa.eu 

 

Background

  • This work is done under ENISA's Annual work program output O.1.2.3 “Supporting incident reporting activities in the EU”
  • The ENISA Article 13a expert group was set up in 2010. There have been 29 meetings so far. The next meeting will be held on 12, 13 February 2020 in Brussels and the first day, 12 February, will be open for experts from the sector (operators, telecom vendors/suppliers, telecom security consultancies, etc).
  • The guidelines of the Article 13a group can be found on the ENISA Article 13a expert group portal

 

For further queries:

Please contact press@enisa.europa.eu

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

GDPR & deploying pseudonymisation techniques

Fri, 11/15/2019 - 13:30

Pseudonymisation is a well-known de-identification process that has gained additional attention following the adoption of GDPR, where it is referenced as both a security and data protection by design mechanism. In addition, in the GDPR context, pseudonymisation can motivate the relaxation, to a certain degree, of data controllers’ legal obligations if properly applied.

Given the growing importance of pseudonymisation for several data processing sectors, the main objective of the ULD-ENISA workshop, held in Berlin, was to advance existing debates on the deployment of pseudonymisation solutions as a means to meet GDPR requirements and data controller/processor obligations. To this end, the workshop aimed to discuss and touch upon core pseudonymisation techniques, practical approaches and existing application instantiations along to legal and economic issues.

One of the main outcomes of the workshop was that there is not one single pseudonymisation solution that could be applied in all cases. Indeed, while several different technical approaches are available today, a risk assessment process should provide for the best possible one for each particular case, based on the context and the desired utility level. Further work is, thus, needed as regards practical examples and real-life implementation scenarios, both on the technical, as well as on the legal side.

For further information and material about the workshop, please visit the dedicated page: ULD - ENISA Workshop: Pseudonymisation and relevant security technologies.

ENISA will be publishing a report entitled ‘Pseudonymisation techniques and best practices’ in the coming week. The report aims to contribute to and advance the relevant discussions in the field, regarding practical implementation of data pseudonymisation.

 

For queries:

Please contact press@enisa.europa.eu

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Advisory Group discusses Work Programme 2021

Wed, 11/13/2019 - 08:35

Members of the Advisory Group with ENISA Executive Director, Juhan Lepassaar and Head of Core Operations, Steve Purser

On 12 and 13 November 2019, the Advisory Group (AG) of the European Union Agency for Cybersecurity met in Athens, Greece to provide advice on the content of the ENISA Work Programme 2021.

Different sessions looked at the areas defined in the Cybersecurity Act and explored key ideas from a variety of perspectives including the viewpoints of industry, academia, relevant EU agencies and bodies and consumer protection specialists.

The Advisory Group is a statutory body of ENISA, formerly named the Permanent Stakeholder Group. Meetings of the Advisory Group are an important part of the Agency’s commitment to a stakeholder-driven approach to EU cybersecurity and help ensure that a wide range of opinions are taken into account when creating future work plans.

The current AG is approaching the end of its mandate and a new call for expression of interest for the selection of the new AG members will be published soon on our website.

 

Further information:

On the AG's role and composition are available on the Advisory Group's page.

For other queries, please contact press@enisa.europe.eu

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Advisory Group discusses Work Programme 2021

Wed, 11/13/2019 - 08:35

Members of the Advisory Group with ENISA Executive Director, Juhan Lepassaar and Head of Core Operations, Steve Purser

 

On 12 and 13 November 2019, the Advisory Group (AG) of the European Union Agency for Cybersecurity met in Athens, Greece to provide advice on the content of the ENISA Work Programme 2021.

 

Different sessions looked at the areas defined in the Cybersecurity Act and explored key ideas from a variety of perspectives including the viewpoints of industry, academia, relevant EU agencies and bodies and consumer protection specialists.

 

The Advisory Group is a statutory body of ENISA, formerly named the Permanent Stakeholder Group. Meetings of the Advisory Group are an important part of the Agency’s commitment to a stakeholder-driven approach to EU cybersecurity and help ensure that a wide range of opinions are taken into account when creating future work plans.

 

The current AG is approaching the end of its mandate and a new call for expression of interest for the selection of the new AG members will be published soon on our website.

 

Further information:

On the Advisory Group’s role and composition: https://www.enisa.europa.eu/about-enisa/structure-organization/advisory-group

 

For other queries, please contact press@enisa.europe.eu

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

CyLEEx19: Inside a simulated cross-border cyber-attack on critical infrastructure

Thu, 10/31/2019 - 13:00

“Hola bankers. Your time is running out! You have only 5 hours left to pay up the ransom before Armageddon, otherwise we will bring down your e-banking services and exfiltrate your precious data.”

This was one of the tasks set for CyLEEx19, the first cyber law enforcement exercise of its kind, which saw 20 cybercrime investigators and cybersecurity experts from the public and private sector come together at Europol’s headquarters on 31 October to test the EU Law Enforcement Emergency Response Protocol in a simulated environment.

Exercise CyLEEx19, organised by Europol’s European Cybercrime Centre (EC3) and the European Union Agency for Cybersecurity (ENISA), painted a dark scenario, inspired by malicious cyber activities affecting the public and private sector across Europe and beyond. Participants were called upon to react collectively to the simulated large-scale cyber-attacks related to incidents such as misuse of IT resources, unauthorised access to systems, vulnerability exploitations, Distributed Denial of Service (DDoS), and malware infections.

Participants were asked to respond to these cyber incidents and decide on the optimal response measures, including if such threats warrant the triggering of the emergency response procedure. By performing the majority of the processes documented in the Protocol, the participants increased their preparedness in case of a real-life international cyber-attack and identified possibilities for improvement of the process.

Cybercrime investigators from the Joint Cybercrime Action Taskforce (J-CAT), namely France (Police Nationale), the Netherlands (Politie), Spain (Policia Nacional) and Norway (Politiet) took part in this exercise, alongside representatives from EC3’s Advisory Groups on financial services (Banco Santander and Citi) and the internet security industry (Palo Alto Networks), together with experts from Europol, ENISA and Eurojust.

 

The EU Law Enforcement Emergency Response Protocol

In the wake of the 2017 WannaCry and NotPetya attacks, the Council of the European Union adopted the new EU Law Enforcement Emergency Response Protocol to address the growing problem of planning and coordinating between governments, agencies, and companies when cyber-attacks occur across international boundaries. The Protocol is part of the EU Blueprint for Coordinated Response to Large-Scale Cross-Border Cybersecurity Incidents and Crises (Commission Recommendation (EU) 2017/1584 of 13 September 2017 on coordinated response to large-scale cybersecurity incidents and crises C/2017/6100).

The EU Law Enforcement Emergency Response Protocol determines the procedures, roles and responsibilities of key players both within the EU and beyond; secure communication channels and 24/7 contact points for the exchange of critical information; as well as the overall coordination and de-confliction mechanism.

This cyber simulation exercise was developed within the EMPACT 2019 Operational Action Plan Cyber Attacks against Information Systems (CAIS) under the leadership of France as action leader. The exercise is also part of the cooperation framework set up under the Memorandum of Understanding signed by European Union Agency for Cybersecurity (ENISA), the European Defence Agency (EDA), the European Cybercrime Centre (EC3) and the Computer Emergency Response Team for the EU Institutions, Agencies and Bodies (CERT-EU).

The outcomes of the exercise and the feedback provided by the participants in the evaluation stage will be analysed by Europol’s European Cybercrime Centre and ENISA. Detailed lessons learned will be set forth in order to establish a list of actions to improve cyber resilience and the emergency response to large-scale cyber-attacks in Europe and beyond.

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

NIS Cooperation group and knowledge building meetings concluded in Athens

Thu, 10/24/2019 - 11:30

The first group NIS Cooperation meeting, NIS CG Work Stream 5 is a working group of competent authorities for digital services under the NIS Directive, i.e. online marketplaces, online search engines, and cloud services. The second, NIS CG Work Stream 10 is a group of competent authorities for digital infrastructure under the NIS Directive, i.e. the internet exchanges, the domain name system, and the top-level domains.

During this joint session, ENISA organised a small exercise to discuss cooperation and collaboration, cross-sector and cross-border, because both groups of experts are dealing with operators and enterprises with digital infrastructure across the EU, often operating across borders. Different breakout groups reported a number of challenges, mainly on the alignment and communication between the national authorities supervising operators and providers across the EU. ENISA will follow up on the results of this exercise in the coming months, together with the groups.

ENISA also organised two knowledge-building days for experts working at competent authorities under the NIS Directive. At the start of the week, a network expert from RIPE NCC gave a seminar on internet infrastructure. At the end of the week, ENISA offered a full day seminar on cloud security.

 

Background

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

ENISA welcomes Minister Pierrakakis

Fri, 10/18/2019 - 11:00

 ENISA’s Executive Director, Juhan Lepassaar welcomed the delegation from the Ministry, which included Mr. Kyriakos Pierrakakis - Minister of Digital Governance, Mr. Antonis Tzortzakakis, Secretary General of Telecommunications and Post, Mr. Konstantinos Champidis - Chief of Staff to the Minister of Digital Governance, Ms. Tonia Pediaditaki - Legal Counsel to the Secretary General of Telecommunications and Post, Ms. Maria Karava - Special Advisor to the Secretary General of Telecommunications and Post / Project Manager and Ms. Maria Mavridaki - Special Advisor for International Affairs.

The topics for the meeting covered the needs of new building for the Agency and possible areas of future collaboration in cybersecurity with the Greek government.

ENISA experts also took the opportunity to give further details on the initiatives the Agency works on such as:

  • Critical Infrastructure protection and national strategies
  • Ongoing work on electronic ID and eIDAS
  • Cybersecurity Certification
  • The European Cybersecurity Month and other outreach programmes

 

FOR queries:

Please contact press@enisa.europa.eu

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

ENISA says goodbye to Prof. Dr. Udo Helmbrecht after 10 years in Office

Tue, 10/15/2019 - 15:00

He was appointed to the role of Executive Director by the Management Board of ENISA in 2009, which was renewed in 2014 for an additional 5 years.

Our Executive Director will be remembered in the history of ENISA for the exceptional milestones he leaves behind. At a time when the future of the Agency was still doubtful, he managed to secure the last two essential extensions of the mandate, this last one making the Agency permanent. Last but certainly not least, he achieved the conclusion of the Cybersecurity Act with the opportunity to introduce the first European Cybersecurity Certification Scheme and strengthening the role of the Agency.

Udo handed over his duties to his successor, Mr. Juhan Lepassaar who will start his 5-year term tomorrow, 16th October 2019.

Today, Udo attended his last Management Board of ENISA Meeting, which includes the election of the Chairperson and the Deputy Chairperson. We would like to congratulate Mr Jean-Baptiste Demaison from ANSSI (France) on his re-election as Chairperson and Mr Krzysztof Silicki of NASK (Poland) on his re-election as Deputy Chairperson.

Thus turning a new page of ENISA’s history today, we, the staff of ENISA, would like to express our gratefulness to Udo, the man who committed to the Agency and thank him for transforming ENISA into the mature organisation it has now become.

We would like to wish him the best in his new endeavours and we hope he will remember us as fondly as we will remember him.

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

1st Inter-EU ISACs meeting at ENISA

Thu, 10/10/2019 - 11:00

The chairpersons of the three EU ISACs (Energy, Finance and Rail), the European Commission, the EA-ISAC, the FS-ISAC, GSMA, as well as experts with deep knowledge on the issue came together to exchange views and experiences.

The groups engaged in fruitful dialogues around governance models, communication practices and the tools available to them. ENISA presented its activities in the existing ISACs and explained its role in facilitating information sharing in the context of the new Cybersecurity Act. The European Commission gave information on funding solutions and the way forward with Connecting Europe Facility (CEF).

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

ENISA welcomed a delegation from Finland

Wed, 10/09/2019 - 10:00

The delegation consisted of the Permanent State Secretary of the Ministry of Foreign Affairs of Finland, Mr. Matti Anttonen, H.E. Mr. Juha Pyykkö, Ambassador of Finland in Athens, Mr. Esko Männistö, Counsellor at the Ministry of Foreign Affairs, Finland and Mr. Sampo Saarinen, Deputy Head of Mission, Embassy of Finland in Athens.

The delegation met with the Head of Core Operations, Steve Purser, and cybersecurity experts from the Core Operations Department, who introduced the European Cybersecurity Act, the new Cybersecurity Certification Framework and other contributions the Agency makes to the EU policy agenda. The ensuing discussion touched upon a number of challenges that the global cybersecurity community is facing and how ENISA could assist Member States in facing these challenges.

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

The European Union Military Staff visits ENISA

Tue, 10/08/2019 - 09:00

The discussion was an open exchange of information and ideas with the intention of avoiding unnecessary redundancy and exploiting synergies of approach. Discussions touched upon many of the topics covered by the MoU between ENISA, CERT EU, EDA and EC3 and also allowed the two organisations to share lessons learned in the areas of cybersecurity exercises and training. Approaches to threat/risk analysis and evaluation of future technology challenges were also discussed.

The EUMS are the source of the military expertise within the European External Action Service (EEAS). The EUMS role is to provide early warning, situation assessment, strategic planning, Communications and Information Systems, concept development, training & education, and support of partnerships.

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

European Cyber Security Challenge 2019 kicks off next week in Bucharest

Thu, 10/03/2019 - 14:00

This years’ edition brings together 20 countries to compete on a number of cybersecurity challenges. Challenges include web application exploitation, traffic interception, reverse engineering, crypto puzzles, physical security challenges, social engineering, and many more. In addition, participants will be assessed on their presentation skills.  Good luck to all participant!.

The European Cyber Security Challenge is a project facilitated by the EU Agency for Cybersecurity - ENISA and the EU Member States. Watch the trailer video.

For media inquiries about this event please contact press@enisa.europa.eu.

Please check www.ecsc.eu for more information, or contact us at ecsc@enisa.europe.eu.

For media inquiries please use press@enisa.europa.eu.

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

ENISA publishes new NCSS map at 7th NCSS workshop

Thu, 09/26/2019 - 16:35

During the workshop, ENISA also presented the preliminary results of a study about innovation in cybersecurity as a strategic priority of NCSS, which will be published later this year.

All Member States of the European Union produce a National Cybersecurity Strategy as a feature of their cybersecurity policy. These National Cybersecurity Strategies provide plans of actions and priorities to improve the security and resilience of national infrastructures and services.

Steve Purser, Head of Core Operations, ENISA said: “The cyber threat landscape is changing constantly and at a rapid pace. Member States cybersecurity strategies therefore need priorities and actions that reflect these challenges and the National Cybersecurity Strategies mapping provides guidance and best practices to follow.”

ENISA’s ROLE on the National Cybersecurity Strategies

ENISA analyses these strategies and their implementation and provides guidance and tools to assist Member States in in their efforts to enhance cybersecurity at a national level. A key support for Member States created by ENISA is the NCSS interactive map. This interactive map lists all the NCSS within the European Union together with best practices to follow.

Today, ENISA launched the new version of the NCSS map implementing features that greatly improve its usability. Not only has the map been expanded and the Agency has also transformed it into an information hub including Member States’ national efforts to enhance their cybersecurity.

The New Interactive Map – Information Hub

The new mapping includes:

    • The national document both in English and the native language
    •  The strategy's objectives and detailed examples of implementation
    •  Version history if there are more than one NCSS
    •  National cybersecurity organisations,
    •  National Information Sharing and Analysis Centres (ISACs) and Public Private Partnerships (PPPs)
    • R&D and Innovation programmes
Check out the new interactive map here.

All the information about the EU Member States can be added in a repository and can be extracted from the website. Finally, the map will now expand on the whole screen.

7th National Cybersecurity Strategies Workshop

The 7th National Cybersecurity workshop, organised by ENISA, was hosted by NASK Poland on 26th September in Warsaw.

The first session ‘Innovation in Cybersecurity’ focused on Member States' approaches and initiatives to foster innovation in cybersecurity at a national level. It included ENISA’s Vice Chair of the Management Board, Krzysztof Silicki, the Deputy Director for Cybersecurity and Innovation at NASK, who gave a welcoming speech. Karol Okoński, Secretary of State of the Polish Ministry of Digital Affairs, Government Plenipotentiary for Cybersecurity presented on NCSS and cybersecurity innovation in Poland

ENISA presented the draft conclusions of a study that focuses on innovation as a strategic objective of National Cyber Security Strategies, which will be published later this year. The presentation highlighted the importance of supporting and developing innovation strategic objectives within NCSS. Objectives that will focus on sector specific priorities, provision of adequate level of funding and the establishment of collaboration mechanisms that will involve key stakeholders.

The European Commission gave a presentation on the cybersecurity competence centres approaches and a second one on the Connecting Europe Facility call on ISACs.

 During the second session, EU Information Sharing and Analysis Centres (ISACs) from the Energy, Financial and Rail sectors shared their experience with the tools they use, good practices and the challenges they face when dealing with information sharing and collaboration. 

The link to the event page and agenda can be found here.


For queries:

Please contact press@enisa.europa.eu

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

MEP Breakfast - How to secure Europe's cyber future

Tue, 09/24/2019 - 08:00

The event was attended by 24 participants of which approximately 8 were newly (re)elected MEPs, mostly from the ITRE Committee. Chatham House Rules applied.

Barbara Schretter, the Head of the Bavarian Representation to the EU opened the breakfast highlighting the importance of exchanging views on future cybersecurity policy and its societal impact with key policy makers from the EU Institutions. She referred to the importance of European leadership with key pieces of legislation such as the GDPR and the Cybersecurity Act in an increasingly interconnected digital society.

Steve Purser, Head of Core Operations at ENISA welcomed the participants and invited the European Commission to take the floor and give a presentation on the state of play and future of cybersecurity in Europe.Key cybersecurity priorities that are being considered for the new political agenda were presented to the audience.

Following the Commission’s intervention, an open discussion moderated by Steve Purser took place with the active involvement of the audience. The discussion revolved around some key topics in EU cyber policy including ENISA’s role in the EU cyber landscape, digital sovereignty, IoT Security, artificial intelligence, the proposed cybersecurity competence centres, the Commission’s 5G action plan, blockchain, and the new regulatory agenda.

The incoming ENISA Executive Director, Juhan Lepassaar closed the event thanking the participants and highlighting the importance of working closely with the European Parliament to deliver on the political expectations with regard to cybersecurity. He concluded that ENISA looks forward to this future collaboration and is ready to contribute and serve the Union with its knowledge and expertise on cybersecurity

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

MEP BREAKFAST – HOW TO SECURE EUROPE’S CYBER FUTURE?

Tue, 09/24/2019 - 08:00

The event was attended by 24 participants of which approximately 8 were newly (re)elected MEPs, mostly from the ITRE Committee. Chatham House Rules applied.

Barbara Schretter, the Head of the Bavarian Representation to the EU opened the breakfast highlighting the importance of exchanging views on future cybersecurity policy and its societal impact with key policy makers from the EU Institutions. She referred to the importance of European leadership with key pieces of legislation such as the GDPR and the Cybersecurity Act in an increasingly interconnected digital society.

Steve Purser, Head of Core Operations at ENISA welcomed the participants and invited the European Commission to take the floor and give a presentation on the state of play and future of cybersecurity in Europe.Key cybersecurity priorities that are being considered for the new political agenda were presented to the audience.

Following the Commission’s intervention, an open discussion moderated by Steve Purser took place with the active involvement of the audience. The discussion revolved around some key topics in EU cyber policy including ENISA’s role in the EU cyber landscape, digital sovereignty, IoT Security, artificial intelligence, the proposed cybersecurity competence centres, the Commission’s 5G action plan, blockchain, and the new regulatory agenda.

The incoming ENISA Executive Director, Juhan Lepassaar closed the event thanking the participants and highlighting the importance of working closely with the European Parliament to deliver on the political expectations with regard to cybersecurity. He concluded that ENISA looks forward to this future collaboration and is ready to contribute and serve the Union with its knowledge and expertise on cybersecurity

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Submit your paper! Annual Privacy Forum 2020: Call for papers

Mon, 09/23/2019 - 10:55

The APF 2020 will be held on 4-5 June 2020 in Lisbon, Portugal, in co-operation with the Católica University of Portugal, Lisbon School of Law.

Already in its eighth edition, the APF seeks to contribute to the implementation of information security in the area of privacy and personal data protection. The APF is set against the EU legislative background that mainly, but not exclusively, comprises of the General Data Protection Regulation (GDPR) and the draft ePrivacy Regulation (ePR). The APF sets the stage for discussions of research proposals, solutions, models, applications and policies. In the last few years, the APF has also developed a deeper industry footprint, to complement its original research and policy orientation.

Papers presenting original and previously unpublished work on the themes of data protection and privacy and their repercussions on information security technology, business, government, law, research, society and policy are hereby invited. A multi-disciplinary approach is expected and encouraged to contribute to bridging the gap across disciplines and propose new models and interpretations. The APF seeks contributions from policy makers and implementers, Data Protection Authorities, industry, research, consultants, NGOs and the civil society, as it aims at broad stakeholders’ participation that stimulate interaction and exchange of opinion.

To promote participation of young researchers, the submission of papers by students is particularly welcome. These papers will be treated as thoroughly as full papers, but they can be shorter and reflect novel thinking that might not have been fully elaborated just yet.

In addition to student papers, short papers are equally invited, as this call is open to preliminary ideas, opinions and calls for collaboration.

Papers that pass reviewers’ scrutiny are likely to be included in the published proceedings, kindly supported by Springer (Lecture Notes in Computer Science series).

The deadline for submission is set to 17 January 2020.

For more information, please visit: https://privacyforum.eu/call-for-papers

Previous APF editions:

ENISA Annual Privacy Forum 2019: Security and Privacy, Two Sides of the Same Coin

ENISA Annual Privacy Forum 2018: shaping technology around data protection and privacy requirements

ENISA Annual Privacy Forum 2017: security measures to bolster data protection and privacy

Privacy tools, security measures and evaluation of current technologies under the spotlight at this year's Annual Privacy Forum

2015 Annual Privacy Forum focusing on Privacy Enhancing Technologies

Annual Privacy Forum 2nd edition starts today in Athens

Successful conclusion for the First Annual Privacy Forum

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Information Security Risk Management training organised by ENISA and ESDC

Mon, 09/16/2019 - 13:30

On 12 and 13 September 2019, ENISA in collaboration with the European Security and Defence College (ESDC) had the honour of organising and hosting a course dedicated to Information Security Risk Management.

 

27 experts from 9 members states and 4 EU institutions attended the two-day course at the branch office of ENISA in Heraklion, Crete. Through reinforcing cybersecurity knowledge, exchanging experiences and good practices, they honed their cybersecurity and risk management skills and capabilities. Competencies that the experts will be able to transfer back to their respective organisations, providing a significant multiplier effect.

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

The Educational Summer of ENISA - our CR Team give trainings across Europe

Wed, 09/11/2019 - 14:29

It was a warm and educational summer, where our CSIRT Relations Team experts Christian Van Heurck and Theodoros Nikolakopoulos were busy delivering hands-on technical training across Europe.

Many thanks to the CSIRT teams of Cyprus (CSIRT-CY), Lithuania (CERT-LT) and Czech Republic (CZ.NIC) for inviting ENISA, and improving the skills of the more than 60 participants, to three different information security domains (Network, Mobile, and Memory Forensics).

The audience was highly engaged, and provided insightful feedback that will be used on further improving our courses.

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

The EU Counter-Terrorism Coordinator visited ENISA

Wed, 09/11/2019 - 14:10

Yesterday, ENISA was delighted to welcome the EU Counter-Terrorism Coordinator, Gilles de Kerchove to discuss the current and upcoming priorities of ENISA, the European Union Agency for Cybersecurity. Our Head of Core Operations, Steve Purser gave an overview of the EU Cybersecurity Act and the new mandate for the Agency.

Furthermore, the meeting also discussed cyber threats and response as well as the use of disruptive technologies.

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Improving Communication and Information Sharing Across Incident Response Communities

Wed, 09/04/2019 - 10:40

These are required to facilitate information exchange among teams and improve reaction time to security incidents.

The methodology presented could also be valid for other operational teams grouped in an information sharing and analysis centre (ISAC). The goal is to provide a methodology and to illustrate what criteria they could consider when selecting communication solutions that can fit their size and needs.

As of June 2019 there are more than 414 incident response teams in Europe. These teams work together to respond to cyber-attacks and need to use secure and reliable communication channels to share threat and incident information while protecting European citizens and businesses. These incident response teams are often organized in communities such as CSIRTs Network, TF-CSIRT, FIRST and other regional, sub regional or sectorial communities and they continuously communicate and exchange information. Typical information exchanged among teams include threat intelligence, indicators of compromise (IoCs), malware samples and details about relevant incidents.

Previous ENISA work on the topic

Since 2005, ENISA has been supporting Member States and CSIRT communities in EU to build and advance their incident response capabilities with handbooks, online & onsite trainings and dedicated projects. ENISA’s portfolio of work is related to setting up, running or developing capabilities of Computer Security Incident Response Teams (CSIRTs).  The goal is to define minimum common baseline practices across the EU to improve operational cooperation, preparedness and information exchange for the next generation of cyber-attacks.  More info can be found at https://www.enisa.europa.eu/csirt-maturity

For the full report

Secure Group Communications for incident response and operational communities

For further information

ENISA CSIRTs by Country - Interactive Map

CSIRTs Network

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Pages