European Union Agency for Network and Information Security

ENISA Leads Cybersecurity Seminar for the Hellenic Ministry of Digital Governance

Wed, 07/01/2020 - 13:30

The European Union Agency for Cybersecurity, ENISA, led an Infodays seminar on June 24, 25, 30 and July 1 for the National Cybersecurity Authority (NCA) of the Hellenic Ministry of Digital Governance to support the ministry in developing its own train-the-trainer programme. The event was held virtually.

Over the span of two weeks, ENISA experts spotlighted the key developments in the EU cybersecurity ecosystem, including emerging technologies such as Artificial Intelligence and 5G, for new employees of the ministry. The team also trained NCA personnel on various cybersecurity topics, with a special focus on EU cybersecurity policy. Most importantly, ENISA identified and shared with attendees the main tools and materials needed to establish a basic cybersecurity train-the-trainer programme for Greece’s pubic administration sector.

ENISA Executive Director Juhan Lepassaar opened the seminar on day one, which focused on operational crisis management and the role of Computer Security Incident Response Teams (CSIRTs) across Europe. Day two focused on EU cybersecurity certification framework, and cyber-threat intelligence and risk management. On day three, experts took a look at the NIS Directive, the first piece of EU-wide cybersecurity legislation, and discussed security supervision under the European Electronics Communications Code (EECC). The final day, today, concluded with a deep dive into emerging technologies, such as AI, 5G, IoT and cloud computing.

ENISA has played a significant role in supporting the Hellenic Ministry of Digital Governance since opening its doors in Athens in 2004. The Agency and ministry are currently working together to expand this collaboration to National Cyber Security Strategies and trainings for incident handling and response.

Further Information

For information on ENISA’s work regarding National Cyber Security Strategies, please visit: ENISA Topic - National Cyber Security Strategies.

For information on ENISA’s work regarding trainings for incident handling and response, please visit: ENISA Topic - Trainings for Cybersecurity Specialists.

For questions related to the press and interviews, please contact press (at)


Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


3rd General Assembly of the ER-ISAC Meeting

Fri, 06/26/2020 - 13:00

The European Union Agency for Cybersecurity, ENISA, co-hosted the 3rd General Assembly of the European Rail ISAC (ER-ISAC) on the 26th of June 2020. The event was virtual.

The ISAC (Information Sharing and Analysis Centre) meeting allowed IT professionals from 40 organisations in the rail sector to discuss cybersecurity issues, including challenges and incidents faced over the past year. Experts built on their shared experiences and lessons learned in regard to prominent cybersecurity threats in the rail sector.

The closed-door meeting also included a series of presentations from partners on projects that enhance the sector’s cybersecurity procedures across Europe. Best practices were shared by railway operators, as well as current and future technological and policy developments in the sector. The International Union of Railways (UIC) also gave a welcome speech and reflected on the importance of cybersecurity in the sector. Finally, as an invited guest, EUROCONTROL provided insights on threat tntelligence in the aviation sector.

ENISA has played a significant role in supporting the ER-ISAC from the start, and is currently drafting a study on cybersecurity in the rail sector.

Further Information:

For more information on ENISA’s work in the area of ISACs please visit:


Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


Article 13a Expert Group convened by ENISA for its 31st meeting

Fri, 06/26/2020 - 13:00

The European Union Agency for Cybersecurity hosted the 31st meeting of the Article 13a Expert Group on 24th and 25th this week. The working group of European National Authorities supervises the security of electronic communications networks and services. The group is chaired by by Warna Munzebrock, the representative of the Agentschap Telecom, the Dutch Radiocommunications Agency.

Normally the group meets physically, three times a year. This time, the group met online, using an electronic communications platform. 40 experts attended from national authorities supervising the telecom sector across Europe, from 24 countries. Warna Munzebrock, the Dutch Chair of the Article 13a group opened the meeting, together with Evangelos Ouzounis, Head of the ENISA unit for Secure Services and Infrastructures.

On the first day, the group received updates from:

  • Anders Lindell, from DG CONNECT, the Directorate‑General for Communications Networks, Content and Technology;
  • Machteld Vrieze, Chair of the Working Group of authorities for the digital services under the NIS Directive;
  • Marcin Domagala, co-Chair of the NIS Cooperation Group on Digital Infrastructure;
  • Vassiliki Gogou, co-Chair of BEREC’s Ad-hoc Working Group on 5G.

ENISA gave an update on both the Agency’s incident reporting platform - CIRAS and the pandemic toolkit project, whose aim is to provide an overview of good practices for telecom operators and authorities in dealing with pandemics.

An important part of the meeting was dedicated to an in-depth round table, where experts shared experiences and lessons learned during the first months of the COVID-19 pandemic. Overall, the countries reported that, despite some issues, the communication networks and services sustained the change in usage and traffic well, and that operators successfully implemented their business continuity plans.

The supervision changes needed for the transposition and implementation of the EECC, the European Electronic Communications Code were addressed on the second day. The EECC will be in force from 2021. The group discussed a new model for the EU-wide reporting thresholds. ENISA also presented a first draft of the new security measures framework for the EECC. This framework takes into account the changes introduced by the EECC, but also the security requirements in the European Commission’s 5G toolbox.

The group will meet again in the third quarter of the year. Most of the work of the group this year will focus on updating the guidelines for security measures and incident reporting process in light of the EECC.

Background on Article 13a group

The ENISA Article 13a Expert Group was established in 2011 and consists of more than 50 experts from national telecom security authorities from all EU countries, the EFTA countries, and EU candidate countries. The group is a forum for exchanging information and good practices on telecom security. It produces policy guidelines for European authorities on the implementation of EU telecom security rules, and publishes annual summary report about major telecom security incidents.

  • This work is done under ENISA's Annual work program output O.1.2.3 “Supporting incident reporting activities in the EU”.
  • The ENISA Article 13a Expert Group was set up in 2010. There have been 31 meetings so far.
  • The security guidelines of the Article 13a Expert Group can be found on the ENISA Article 13a expert group portal.

Further Information:

ENISA Incident Reporting webpage

ENISA Article 13a Expert Group portal

To know more about the Article 13a Expert Group's work, or to join the telecom security mailing lists, to be up to date about our telecom security work or to receive invitations for future telecom security meetings, please contact us via resilience (at)

For press questions and interviews, please contact


Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


The EU Cybersecurity Act’s first anniversary: one step closer to a cyber secure Europe

Fri, 06/26/2020 - 10:00

On 27 June 2020, the European Union Agency for Cybersecurity (ENISA) celebrates the first anniversary of the EU Cybersecurity Act (CSA) and its strengthened role towards securing Europe’s information society. The CSA gave the Agency a permanent mandate, a new list of tasks and increased resources, and also established the EU cybersecurity certification framework. 

The Agency now plays a key role in setting up the framework and builds on its past work towards achieving a high common level of cybersecurity across the European Union by actively supporting Member States, EU institutions, industry, academia and citizens. Regarding the framework, the Agency is close to completing the first cybersecurity certification scheme and is making rapid progress towards a second one, on cloud services.

The mandate has also expanded the Agency’s role in supporting capacity-building and preparedness capabilities, as well as operational cooperation - areas that continue to be put to the test during the COVID-19 pandemic. ENISA acted quickly at the onset of the pandemic by preparing awareness campaigns, sets of tools and publications offering in-depth guidance on cyber safety for organisations, businesses and citizens, all publically available on the webpage COVID19.

Under its expanded role in policy development and implementation, ENISA has thrived, especially in the area of emerging technologies. For 5G security, ENISA has been involved in each phase and continues to support the European Commission and Member States as a common toolbox is being implemented. Last year, the Agency also supported the EU Member States with developing an EU-wide joint risk assessment regarding the 5G roll out, and delivered a 5G threat landscape report, which analyses threats at a more technical level. On Artificial Intelligence, the Agency has set up a 15-member ad-hoc working group on Cybersecurity for AI that will further advance European expertise on AI threats and solutions.

In addition, ENISA has welcomed the newly mandated tasks around research and innovation by creating the EU cybersecurity skills framework and fostering collaboration amongst the four cybersecurity pilot projects of the European Cybersecurity Competence Network.


Further Information:

EU Cybersecurity Act and ENISA

EU cybersecurity certification framework

ENISA’s decicated page for COVID-19

ENISA’s work on 5G

ENISA’s work on AI

For press questions and interviews, please contact


Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


2ND Inter-EU ISACs Meeting

Thu, 06/11/2020 - 08:00

The European Union Agency for Cybersecurity, ENISA, hosted the 2nd Inter-EU ISACs meeting on the 10th of June, 2020. The event was virtual.

The meeting allowed experts of the EU Information Sharing and Analysis Centres (ISACs) to build on trust, get to know new members coming from newly formed ISACs, review developments from last year’s in-person meeting and identify synergies to enhance collaboration between the centres. They also discussed their current challenges and possible solutions.

Participants included chairpersons of the EU ISACs, the European Commission, the FS-ISAC, GSMA, as well as experts with deep knowledge on the issue.


Further Information

For more information on ENISA’s work in the area of ISACs please visite our  dedicated website's topic Information Sharing and Analysis Centers

For more information on this event, please contact: resilience (at)

For press questions and interviews, please contact


Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


ENISA working group on Artificial Intelligence cybersecurity kick-off

Wed, 06/10/2020 - 13:00

Artificial Intelligence (AI) is no longer in the realm of science fiction and futuristic scenarios. It is already changing everyday life, improving the provision of services by automating procedures and systems, and rapidly processing large amounts of data. AI has the potential to lead the digital transformation paradigm shift, and, in many ways, is already doing so.

The benefits of Artificial Intelligence may only be attained if AI itself can be trustworthy and cybersecure. We are already witnessing attacks against AI systems that aim to negatively manipulate their behaviour and lead to unintentional operations by adversaries. The European Commission has highlighted the importance of AI in society and the economy; and, most recently, in its White Paper on Artificial Intelligence, the Commission has underlined the need for AI to be secure. This white paper is the frontrunner to forthcoming policy initiatives in the area that will shape the future of AI deployment and its wide adoption by the public.

Recognizing the significance of cybersecurity for Artificial Intelligence, ENISA has set up an Ad-Hoc Working Group in line with the European Commission’s directions and policies.

The main objectives of the group include:

  • Advise ENISA in matters related to AI cybersecurity.
  • Assist ENISA in the development of an AI Threat Landscape.
  • Support ENISA in providing risk-proportionate cybersecurity guidelines for AI.

The working group is composed of 15 members, representing stakeholders from small and large companies, the public sector, academia, associations, and more, as well as seven observers from European bodies, including the DG for Communications Networks, Content and Technology, the DG Joint Research Centre, Europol, the European Defence Agency (EDA) and the European Telecommunications Standards Institute (ETSI).

The list of members and observers is available on the webpage of the Ad-Hoc Working Group on Artificial Intelligence cybersecurity.


Further Information

For more information on ENISA’s work in AI Cybersecurity, please visit our dedicated website's topic Artificial Intelligence.

For press questions and interviews, please contact .


Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


Spotlight on incident reporting of telecom security and trust services

Tue, 06/09/2020 - 12:00

Today ENISA, the EU Agency for Cybersecurity, releases a new version of CIRAS, a tool for statistical analysis of cybersecurity incidents. Two new sets of EU data on cybersecurity incident were made available:

  • Telecom security incidents reported for the year 2019
  • Trust services security incidents for 2016-2019.

The online visual tool, accessible to the public, now gives access to 8 years of telecom security incidents, and 4 years of trust services incident reports: a total of 1100 cybersecurity incidents. The new visual tool allows for analysis of multiannual trends. 

Mandatory cybersecurity incident reporting is a corner stone of cybersecurity legislation in the EU. Cybersecurity incident reporting gives the national authorities in Europe vital information about the root causes and overall impact of major incidents. Every year national authorities send summaries of these major cybersecurity incidents to ENISA for aggregation and analysis at EU level. ENISA publishes statistics in yearly reports and gives access to aggregated and anonymised data in the online visual tool, to increase transparency about cybersecurity incidents. This online visual tool allows for custom analysis of trends and patterns. For example, the user is able to select a specific time-period or specific root cause categories and get custom statistics about detailed causes and assets affected. ENISA also maintains a private repository for the national authorities.

You can access the tool via the following link:

Cybersecurity Incident Report and Analysis System

Background and legal base:

ENISA has been supporting the EU telecom security authorities with the implementation of EU wide telecom breach reporting, under Article 13a of the Framework directive since 2010.

Under this framework, ENISA develops procedures, templates, tooling and analysis and publishes an annual report with aggregated statistics about the telecom security incidents with significant impact since 2012.

ENISA has been supporting supervisory bodies in the EU with cybersecurity breach reporting for trust services under Article 19 of the eIDAS regulation since 2016. Besides, ENISA also started to support the NIS cooperation group with the cybersecurity incident reporting along the provisions of the NIS Directive.

ENISA will be publishing the detailed annual reports in the coming weeks. The following two trends are highlighted:

Root causes of telecom security incidents

Over the last 4 years, the most common root cause of telecom security incidents is system failures (412 out of 637 incidents). The second most common root cause is human errors with nearly a fifth of total incidents (19%, 119 incidents in total). Natural phenomena are the third root cause with 11% while only 4% of the incidents are categorized as malicious actions.

Root cause categories of trust services security incidents

Over the 4 years of trust services security incident reporting, the most common root cause is System failures (60%). Around a fifth of the reported incidents were due to human errors and a fifth of the incidents were flagged as malicious actions. Natural phenomena are not a common root cause in this sector. This sector operates differently than the telecom one. With large-scale aboveground infrastructure for the mobile networks, the telecom sector is more vulnerable to natural phenomena.

Further Information

For more information on ENISA’s work on incident reporting and security regulation (Article 13a and Article 19), please visit our dedicated website's topic Incident Reporting.

For press questions and interviews, please contact


Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


Tips for secure user authentication

Thu, 06/04/2020 - 10:30

We are living in an era of large-scale data breaches. More and more high-profile companies are hacked; as a result, the personal data of millions of customers is leaked online.

Cybercriminals with different motivations and interests take advantage of this data in order to mount attacks at both individuals and other organizations. As passwords are still the main method to authenticate users to platforms and systems, this article aims to provide tailored recommendations for improved cyber hygiene.

Risks to passwords

 Today, passwords can be stolen in multiple ways, including:

  1. Social Engineering attacks such as phishing credentials using fake pages, voice phishing (so-called Vishing), shoulder surfing (e.g. peeping behind a person who is typing their password on a laptop) and even retrieving handwritten passwords from post-it notes.
  2. Stealing using specialized software or physical keyloggers. Some of these attacks require a physical presence or proximity to a laptop or a device.
  3. By intercepting communications, using fake access points or by leveraging man-in-the-middle attacks (MiTM) at a network level, more prevalent in public WiFis found in hotels, cafés, airports, etc.
  4. Brute-force attacks on passwords by trying all the combinations, dictionary attacks or by simply guessing the password.
  5. Retrieving passwords directly from data breaches and leveraging them using password spraying techniques to other legitimate services.
Recommendations to improve password security
  1. Activate multifactor authentication functionality whenever possible for all of your accounts.
  2. Do not re-use your passwords. Cybercriminals work under the assumption that many users re-use passwords, hence their high success rates for compromising accounts.
  3. Use single sign-on functionality combined with multifactor authentication in order to reduce the risk of account compromise.
  4. Use a password manager.
  5. Generate strong and unique passwords or passphrases according to the latest guidelines available, for each individual website and service. This is where password managers come in handy.
  6. Check if any your accounts appear in existing data breaches and act immediately by changing your passwords for the services identified.
  7. Many websites offer password reminder functionalities. Make sure you do not rely on easily retrievable personal information to reset your password, e.g. name of your pet, your date of birth, your high school, etc.
  8. Make use of VPNs or at least mobile access points when accessing e-Banking or other private services from public WiFi.
  9. Be aware of your surroundings in lounges, airports, trains and cafés, and make sure there is nobody behind you trying to snoop your password. This is where screen privacy filters come in handy.
  10. Do not leave your devices unattended/unlocked in public spaces such as hotels, public transport, lounges, etc.

Further Information:

For more security awareness related materials, please visit the website of the European Cyber Security Month (ECSM) awareness raising activity coordinated by ENISA.

Cyber Hygiene best practices can be found in the ENISA Report - Cyber Hygiene.

For further information related to the cybersecurity aspects of the COVID19 pandemic, consult the ENISA pages dedicated to this issue under the Topic - COVID19.

For press questions and interviews, please contact

European Cyber Security Challenge 2020 - Event Date Change

Wed, 06/03/2020 - 11:00

Due to the worldwide pandemic and the lack of visibility regarding its evolution, the ECSC Steering Committee together with the Austrian national planners and the support of the European Agency for Cybersecurity decided to change the dates of the European Cyber Security Challenge 2020 Finals, scheduled to take place in Vienna this November. 

The ECSC Steering Committee, considering that the organization of this European event brings together more than 350 young people coming from all over Europe, wants above all to safeguard the health of all participants. Furthermore, to give a fair chance to all teams and permit each country to continue with the selection process in serenity, it was decided to amend the age conditions for participation by adding a year in each category.

In light of the above, the 6th edition of the European Cyber Security Challenge (ECSC) will take place in Prague, Czech Republic in 2021. Austria will host the event in 2022.

The annual event brings together top cyber talent from across Europe to network and collaborate, meet with industry-leading organizations and compete against each other to win the ECSC prize. Contestants work on solving security-related challenges on topics including web and network security, mobile security, crypto puzzles, reverse engineering and digital forensics.

About the European Cyber Security Challenge

The growing need for IT security professionals is widely acknowledged worldwide. To help mitigate this shortage of skills, many countries launched national cybersecurity competitions targeting towards students, university graduates or even non-ICT professionals with a clear aim to find new and young cyber talents and encourage young people to pursue a career in cybersecurity. The European Cyber Security Challenge (ECSC) leverages on these competitions by adding a pan-European layer.

The European Cyber Security Challenge is an initiative by the European Union Agency for Cybersecurity (ENISA) and EU Member States and aims at enhancing cybersecurity talent across Europe and connecting high potentials with industry leading organizations.

Further Information:

Further information on how to participate in the upcoming National Challenges and the European Finals, as well as the contact details of the organisers, can be found on the ECSC website.

For general organisational and press questions, please contact press (at) 


Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


Top ten cyber hygiene tips for SMEs during covid-19 pandemic

Tue, 06/02/2020 - 15:00

Crises like the current COVID-19 pandemic have a serious impact on the European as well as the International society and economy.  Small and medium-sized enterprises (SMEs) are often coping with difficult times.  Unfortunately, cybercriminals often see such crises as opportunities.  Phishing and ransomware attacks are on the rise.

SMEs are also faced with a new reality where employees are working more from home.  This way they become even more dependent on Information Technology (IT) than before.  It goes without saying that protecting these virtual assets is of utmost importance to almost every SME.  According to ENISA, the top ten cyber hygiene topics that SMEs should address, possibly through outsourcing where needed, are presented below:

  1. Management buy-in. It is important that management sees the importance of cybersecurity for the organisation and that it is informed on a regular basis.
  2. Risk assessment. This answers the question: what do I have to protect and from what?  Identify and prioritise the main assets and threats your organisation is facing.
  3. Cybersecurity policy. Have the necessary policies in place to deal with cybersecurity and appoint someone, for example an Information Security Officer (ISO), who is responsible for overseeing the implementation of these policies.
  4. Awareness. Employees should understand the risks and should be informed about how to behave online.  People tend to forget such things rather rapidly, so repeating this every now and then can be valuable.
  5. Updates. Keeping everything, meaning servers, workstations, smartphones, etc. up-to-date is key in your cyber hygiene. Applying security updates is part of this process.  Ideally, this whole process is to a certain level automated and the updates can be tested in a testing environment.
  6. Backups. Prior to doing these updates it is vital to have good backups in place.  This will also protect the environment from attacks such as ransomware.  Backup the most important data often and think about the cost of losing data during a certain timespan.  Keep the backups offline, test the backups and try to have duplication of the backups.
  7. Access management. Have rules/policies in place for access management and enforce them.  Make sure default passwords are changed for example, that passwords are not shared, etc.
  8. Endpoint protection. Think about securing the endpoints through for example installing antivirus software.
  9. Secure remote access. Limit remote access as much as possible and where absolutely needed, enable it but in a secure way.  Make sure that communication is encrypted properly.
  10. Incident management plan. There should be a plan on how to handle an incident when it occurs.  Different realistic scenarios could be part of this plan.  Get to know whom you could contact when things are problematic, for instance the national CSIRT.


Further Information

For further information related to the cybersecurity aspects of the COVID19 pandemic, consult the ENISA pages dedicated to this issue under the Topic - COVID19

For press questions and interviews, please contact


Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


Getting ready for the next security incidents

Fri, 05/29/2020 - 13:00

As of April 2020, more than 500 European incidents response teams are listed in the ENISA CSIRTs by Country - Interactive Map. These teams work on a daily basis to improve the prevention, detection and analysis of cyber threats and incidents.

As envisioned by the NIS Directive and in the Cybersecurity Act ENISA is given the responsibility to assist the CSIRTs Network and the Member States in improving the prevention, detection and capability to respond to cyber threats and incidents by providing them with knowledge and expertise. It is within this context that ENISA launched this project in order to improve the proactive detection of network security incidents in the EU, by:

  • Providing an inventory of available measures and information sources;
  • Identifying good practices;
  • Recommending possible areas for development.

In this respect, proactive detection of incidents is defined as the process of discovery of malicious activity in a team's constituency through internal monitoring tools or external services that publish information about detected incidents, before the affected constituents become aware of the problem.

ENISA published the first version of a study entitled “Proactive detection of network security incidents” in 2011. The current work builds and expands on this. It aims to provide a complete inventory of all available methods, tools, activities and information sources for proactive detection of network security incidents. Such tools are used already or could possibly be used by incident response teams in Europe nowadays.

This study identifies the evolution of proactive detection in EU over time, between 2011 and 2019. It also explores new areas that could help improving operational cooperation and information exchange. The goal is to help both new teams that are starting to use new tools and sources, and more advanced teams to assess their level and identify what they could still improve.

Moreover, this work can be used together with the recently released ENISA training on Orchestration of CSIRT Tools or to conduct more focused peer reviews using ENISA maturity methodology.

The results of the project are divided in three reports and in a living repository hosted on GitHub. The objective is to offer a point of reference for new or well-established teams who need to identify or reassess appropriate measures for proactive detection of incidents.

1- Report - Survey results

  • Survey among incident response teams in Europe;
  • Comparison with the 2011 survey.

2- Report - Measures and information sources

  • Inventory of available methods, tools, activities and information sources;
  • Evaluation of identified measures and information sources.

3- Report - Good practices gap analysis recommendations

  • Analysis of the data gathered;
  • Recommendations.

4- Online repository - GitHub

  • Information sources;
  • Measures and tools.


Proactive detection of incidents:

Further information:

ENISA - CSIRT Services section

ENISA - CSIRTs and communities section

ENISA - CSIRTs in Europe section

Brochure - Bolstering Incident Response in Europe

For more questions you can contact

For press questions and interviews


Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


Securing smart infrastructure during the COVID-19 pandemic

Mon, 05/18/2020 - 08:00

The  Internet  of  Things  (IoT)  has changed the  way  people  live,  do  business,  and  interact.  Buildings and homes are becoming smarter, more complex and more connected. This massive interconnection leads to new  efficiencies  and capabilities and  unlocks  enormous  value  for  consumers,  organizations  and  cities. Nevertheless, these advantages come with great challenges and cyber security risks.

Securing smart homes and smart buildings from cyber security risks becomes more relevant than ever in the light of the COVID-19 pandemic crisis. People are spending considerable time at home using smart cameras, wearables and telecommunications to remain in touch with their business, doctors, government, school, friends and family. Utilizing modern technology people stay productive for their work and their housekeeping, but they also become more susceptible to attacks from threat actors that are still looking to cash in by exploiting human nature.

ENISA’s Work on IoT and Smart Infrastructure

The Agency has been working on IoT security for a number of years, producing, among other things, work on Security and Resilience of Smart Home Environments, Baseline IoT security recommendations, as well as work in securing Industry 4.0, and IoT software development lifecycle. For more information:

Securing the home

Social distancing has shifted daily habits with activities pertinent to work, education, healthcare, wellbeing and socialisation happening mainly from home. Most of these activities are taking place in digital format and therefore they rely heavily on connectivity and smart home devices. Many consumers are aware that their smart devices could potentially introduce vulnerabilities in their home network and they should configure them properly. However, they struggle to understand what is required of them to keep their smart thermostat or voice assistants secure. Below, ENISA presents some fundamental measures for securing smart devices:

  • Use long passwords, two-factor or multi-factor authentication and, if available, enable biometric features or additional PINs.
  • Use different passwords for each device in your home network.
  • Observe user guides and enable the relevant security features during the initial setup.
  • Enable update notifications and perform updates on a regular basis
  • Avoid introducing sensitive information and be aware of the way your information is used.
  • Turn off and unplug the device when no longer used
  • Configure multiple networks on your router and keep your smart devices on a separate Wi-Fi network.
  • Securely wipe your smart device and use “factory reset” function before disposing or returning it back.
Securing the business premises

Almost overnight, in an effort of implementing immediately social distancing, many employees around the globe started working remotely from home and staying away from offices. Outside of the normal and business-as-usual situation, with applying social distancing rules and personnel working in rotation, employees might simply be less diligent about security practices. It has never been more important to proactively secure smart buildings/offices, which they often control systems or operations like data centers dependent on the availability of air conditioning systems.

Securing networks, monitoring network anomalies, identifying malicious behaviour including social engineering and spear phishing attempts and reviewing IoT security configurations is the way forward and in that respect, ENISA provides the following recommendations in addition to the ones mentioned above:  

  • Enable firewall protection, and ensure corporate network is only accessible from whitelisted services.  
  • Disable unused ports. 
  • Apply network micro-segmentation by creating virtual networks to isolate IoT systems from other critical IT systems. 
  • Enable monitoring and diagnostics and review them regularly.
  • Prepare and update the incident response plans according to the current risks.   

Smart homes and smart buildings have become the digital shelters for all people in social distancing. Securing them is a shared responsibility and everyone should take part in achieving a more secure and resilient digital environment both at home and at work.

Further Information

For further information related to the cybersecurity aspects of the COVID19 pandemic, consult the ENISA pages dedicated to this issue under the Topic COVID19


Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


Dependency of Energy Operators on time sensitive services

Tue, 05/12/2020 - 08:00

Energy grids depend on precision timing and communication networks to monitor grid operation and integration. Power data acquisition and synchronization need to share time sources to enable decentralized analysis and effective coordination of power production. However, systems that provide time services are vulnerable to various cyber threats and a possible attack can destabilise the operation of modern power grids. With recent technological advances, there is a proliferation of tools for deploying attacks against the time sources of a utility.

The ENISA Report - Power Sector Dependency on Time Service: attacks against time sensitive services focuses on such an attack scenario by identifying relevant risks and by providing guidelines to ensure consistent time synchronization. In doing so, a typical functional architecture for time-phase data processing on the power grid is presented.

 The study also includes a list of attack vectors of potential threats against communication mediums, protocols as well as sensors and devices of this architecture.

Technical and generic good practices are suggested based on the scenario technologies investigated. The report concludes with key recommendations such as:

  • Designing of modern devices for substation automation (including GPS receivers) with security in mind (vendors);
  • Establishing electronic perimeters and implementing measures against spoofing attacks (operators);
  • Systematic implementation of basic measures for substations (operators);
  • Designing of modern devices to be used for automation in a way that meets universally accepted requirements and implementing of selected security measures through proper standardisation procedures (vendors);
  • Adoption of tools and procedures to enhance the resilience of power grids with respect tomalformed and/ or injected data affecting decision making in modern smart grids (operators).

Further Information

ENISA Report - Power Sector Dependency on Time Service: attacks against time sensitive services

Critical Infrastructures and Services

Threat and Risk Management

For interviews and press questions, please contact press (at)


Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


Cybersecurity in the healthcare sector during COVID-19 pandemic

Mon, 05/11/2020 - 13:30

The COVID19 pandemic has created a new reality for the healthcare sector globally testing its limits. Adding to the overwhelming situation it is currently facing, the sector has become a direct target or collateral victim of cybersecurity attacks. Malicious actors taking advantage of the COVID19 pandemic have already launched a series of phishing campaigns and ransomware attacks. Hospitals have shifted their focus and resources to their primary role, managing this extraordinary emergency, which has placed them in a vulnerable situation. Hospitals, and the whole healthcare sector, now have to be prepared.

Cybercrime adapts to the world around it. It is hardly surprising that in the beginning of an escalating global pandemic like COVID-19, malware actors have jumped on the bandwagon. The current situation in the EU and worldwide provides a fertile breeding ground for various campaigns. In no particular order, the following conditions are being exploited making the sector even more vulnerable:

  • High demand for certain goods like protective masks, disinfectants and household products
  • Decreased mobility and border closures
  • Increasing reliance on teleworking, often with little previous experience and planning
  • Increased fear, uncertainty and doubt in the general populatio

ENISA can provide some advice to support the sector, taking into account the situational evolution and most common incidents since the beginning of the pandemic.

  • Share the information with healthcare staff in the organisation, build awareness of the ongoing situation and, in the case of infection, ask staff to disconnect from the network to contain the spread. Raise awareness internally in healthcare organisations and hospitals by launching campaigns even during the time of crisis (i.e. to inform hospital staff not to open suspicious emails).
  • In case of systems compromise, freeze any activity in the system. Disconnect the infected machines from others and from any external drive or medical device. Go offline from the network. Immediately contact the national CSIRT.
  • Ensure business continuity through effective backup and restore procedures. Business continuity plans should be established whenever the failure of a system may disrupt the hospital's core services and the role of the supplier is such cases must be well-defined.
  • In case of impact to medical devices, incident response should be coordinated with the device manufacturer. Collaborate with vendors for incident response in case of medical devices or clinical information systems.
  • One preparedness measure is network segmentation. With network segmentation network traffic can be isolated and / or filtered to limit and / or prevent access between network zones.

The whole cybersecurity community is working together to support the healthcare sector as the pandemic develops; national cybersecurity authorities are issuing alerts and guidelines (e.g. the situation in CZ) on potential cyber attacks; in the CSIRT Network MS continuously exchange information and issue situational reports together with the EU Institutions; the private sector is offering pro-bono cybersecurity related services supporting the healthcare sector.

Further Information

For further information related to the cybersecurity aspects of the COVID19 pandemic, consult the ENISA pages dedicated to this issue under the Topic COVID19


Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


ENISA contributes to a Council of Europe webinar on cooperating with CSIRTs to counter cybercrime

Fri, 05/08/2020 - 16:00

The purpose of this webinar is to identify ways in which cooperation between criminal justice authorities and cybersecurity actors could improve, including through identification of mutual roles and responsibilities in cybercrime investigations. Information will be provided on the legal, organisational and technical aspects, pointing out current shortcomings and making recommendations to further enhance cooperation.

Date and time

Monday, 11 May 2020 | 09:00 AM GMT

 Duration and format

1h30' | 45' presentations & 45' discussions

The webinar will showcase good practices adopted in the EU, as analyzed by the European Union Agency for Cybersecurity, ENISA.

Expected outcomes

  • Promote the adoption of good practices for an effective cooperation between CSIRTs and criminal justice authorities, including law enforcement officers, prosecutors and judges
  • Discuss on roles and responsibilities, and segregation of duties
  • Present case studies of successful cooperation
  • Engage in discussions and share experience on current challenges and solutions, also in the light of the outbreak of cyber threats related to the global COVID-19 crisis.

Target Audience

The webinar is particularly useful for national/governmental CSIRT staff, law enforcement, prosecutors and judges in charge of cooperation on cybercrime

Agenda and registration

Check out the Agenda and register here:


CSIRTs (Computer Security Incident Response Teams) have an important role in preventing cyber-attacks and in coordinating the technical response at national level. They may help in monitoring and reporting cybercrimes, in sharing technical information on ongoing or past attacks and in securing electronic evidence.

It is therefore essential that CSIRTs and criminal justice authorities put in place an efficient and effective collaboration, where roles, responsibilities and segregation of duties are defined and agreed upon.


Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


Sharing is caring: technical cooperation across CSIRTs, LE and the judiciary

Thu, 05/07/2020 - 08:00

In particular, the ENISA Report - An overview on enhancing technical cooperation between CSIRTs and LE provides an overview of the tools currently used by the reference communities, analyses their key functionalities, and proposes technical specifications to design a shared platform that could help CSIRTs, LE and the judiciary cooperate closer and share information to respond to cyber security incidents and counter cybercrime. The report gives also some examples of cooperation between CSIRTs, LEAs and the judiciary that showcase the interactions between the different actors and the methodology and the tools used for their cooperation.

Data for this report was collected via desk research and an online survey.  

The main target audience of this report is national and governmental CSIRTs, LEAs, prosecutors, and judges as well as policy makers and professionals in this field. As expected, this ENISA report takes a standpoint that favors cross border cooperation across the EU Member States.

To enhance the cooperation across CSIRTs, LEAs and the judiciary the following recommendations have been put forward:

  • to drive efforts towards and support the development of a common platform, considering all requirements and constraints expressed by the communities;
  • to promote the use of Segregation (or separation) of Duties (SoD) matrices to  avoid overlapping duties across CSIRTs, LE and the judiciary in relation to the sharing information.
  • to consider and promote the adoption of a common digital forensics framework.
  • to assess the suitability of the EU cybersecurity certification framework for cybercrime investigation tools.

This report contributes to the implementation of the ENISA programming document 2019-2021 (Output O.4.2.2 -“Support the fight against cybercrime and collaboration between CSIRTs and law enforcement”). It leverages upon and builds further on ENISA work already carried out in the area of CSIRTs and law enforcement cooperation. Further work in this area, carried out  in 2020, is described in the ENISA programming document 2020-2022.


Further Information:

ENISA Report - An overview on enhancing technical cooperation between CSIRTs and LE

For more information on these reports, please contact: CSIRT-LE-cooperation (at)

More on ENISA’s activities in the area of CSIRTs and communities

For interviews and press questions, please contact press (at)



Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


Understanding and dealing with phishing during the covid-19 pandemic

Wed, 05/06/2020 - 13:00
Phishing in the years of COVID-19

Many organisations and companies experience changes in their working conditions lately due to the COVID-19 pandemic. This shift has increased remote activities, such as teleworking. Teleworking furthers the reliance on email for communication, thus creating perfect conditions for email fraud schemes.

Cyber criminals are taking advantage of the pandemic by using widespread awareness of the subject to trick users into revealing their personal information or clicking on malicious links or attachments, unwittingly downloading malware to their computers. They may even impersonate government organisations, ministries of health, centres for public health or important figures in a relevant country in order to disguise themselves as reliable sources.

The emails look authentic and may include logos or branding of the specific organisations.

Coronavirus-related email phishing attacks have spiked over 600% since the end of February 2020 (infosecurity-magazine)

How scammers operate

Malicious email messages that might ask you to open an attachment supposedly containing pertinent information regarding the Coronavirus are likely to download malicious software onto your device as soon as you click on the attachment or embedded link. This software could allow cybercriminals to take control of your computer, log your keystrokes or access your personal information and financial data, which could lead to identity theft.

How to recognize phishing

The emails sent usually:

  • look identical to messages from a reputable organisation (such as a medical or governmental institution),
  • sound urgent or try to spread fear,
  • claim to enclose important information or breaking news,
  • ask you to download and/or click on attachments and links.
How to Protect against Phishing Attacks

There are simple steps you can take to avoid the bait:

1)  Take time to reflect on a request for your personal information and whether the request is appropriate. Do not open unsolicited email from people unfamiliar to you or click on suspicious attachments, which you did not expect.

2)  Never supply any personal or financial information and passwords to anyone via email.

3)  Avoid emails that insist you act now. Phishing emails often try to create a sense of urgency or demand immediate action.  

4)  Look for wording and terminology. Apart from phishing, cyber criminals could also trap a specific person via spear phishing using the receiver’s full name. Check for terms and language that is normally expected in the type of email you receive.

5)  Check the email address. Check the sender’s name, email address and whether the email domain matches the organisation that the sender claims to be from. If not, it is probably a phishing attempt.

6)  Check the link before you click. See your emails in plain text to check for the hyperlinked address to see the real hyperlink. If it is not the same as what appears in the email, it is probably a phishing attempt.

7)  Keep an eye out for spelling and grammatical mistakes. If an email includes spelling, punctuation and/or grammar errors, it could be a phishing email.

8)  Be wary of third-party sources spreading information about COVID-19. Refer to the official websites for updates on COVID-19. Fraudulent e-mails can look like they come from a real organisation but legitimate government agencies will never call you or email you directly for this information.

9) Protect your devices. Install anti-spam, anti-spyware and anti-virus software and make sure they are always up to date.

10) Visit websites by typing the domain name yourself. Most businesses use encryption and Secure Socket Layer (SSL) / Transport Layer Security (TLS). If you receive a certificate error while browsing, consider it as a warning sign that something is not right with the website.

What happens if I became a victim of phishing? 
  • If you have clicked on a link or opened an attachment that downloaded harmful software, update your computer’s security software and run a scan.
  • If you entered login credentials to access information, change them immediately.
  • If you have provided your bank details, contact your bank or credit card company.
Take actions

COVID-19 has affected millions of people around the world, while its long-term impact remains to be seen. However, protecting ourselves against coronavirus-related scams is both a feasible and essential step. If you receive a phishing email, you should:

  1. Report it to your IT department by forwarding it as an attachment.
  2. Delete it.
  3. Notify the organization being spoofed in order to prevent other people from being victimized.
Further Infomation Discover more tips and resources in the ENISA COVID-19 dedicated page 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


What is a CSIRT and how can it help me?

Mon, 05/04/2020 - 08:00

With the COVID-19 outbreak, many SMEs and businesses had to make a giant and fast leap into remote working, completely relying on the Internet for their business models. This means facing everyday a new kind of cyber threat by enabling employees to work online from home, buy and sell goods online and rely on virtual meetings for everyday decisions. Citizens are also heavily depending on the Internet to maintain contact with other workers and their loved ones, stream content and news, use e-health services, online shopping, schooling and every other activity that has been moved online. Even if far away, we have never been so close.

There are currently more than 500 Computer Incident Response Teams (CSIRT) in Europe covering the needs of large companies, SMEs, private citizens, governments, research and education institutions. These teams are at the front line to respond to cyber security incidents and attacks. ENISA offers an interactive map of currently known Computer Security Incident Response Teams (CSIRTs): the CSIRTs Map. This tool can help  identify the right team for businesses and consumers facing cyber incidents and attacks and dealing with this giant leap into working from home.

Moreover, since 2017, European Union Member States have established a new and unique level of EU cooperation in case of large scale and cross border cyber security incidents: the CSIRTs Network. The first piece of cybersecurity legislation in the EU, known as the NIS Directive, established the CSIRTs Network, which is composed of incident response teams appointed by the Member States and the EU institutions. These teams are responding to cybersecurity incidents in each Member State and work together to protect EU citizens and businesses. During these difficult times for the Union, the CSIRTs Network members continuously exchange cybersecurity related information, which may affect European business and citizens. The Network is ready to respond to COVID-19 related cyber threats. A weekly report to the EU and MS higher levels/and their constituencies is produced by the Network, providing summaries and recommendations on how to face the cyber threats related to the outbreak.

The goal of the CSIRTs Network is to enable its member to cooperate, exchange info on cyber threats, improve the handling of cross border cyber incidents and respond in a coordinated manner to a situation like the one we are facing today. The CSIRTs Network objective is to provide the highest level of incident response in Europe. In case you do not know already the CSIRTs Network member for your country, please visit the dedicated website CSIRTs Network and check out your appointed CSIRTs Network member website, where you can find information and advisories on how to deal with COVID19 related cyber threats in your national languages.

In case your company wants to set up an incident response team, since 2004, ENISA has been supporting the Incident Response community to build and advance capabilities by providing capacity-building opportunities and by publishing over 70 dedicated studies and practices. You can find all them on the ENISA website under the Publication session together with more than 40 dedicated trainings free for download and use covering four main areas: Technical, Operational, Setting up a CSIRT and Legal & Cooperation. The goal is to support EU Member States and businesses to protect the Digital Single Market, raise the next generation of cybersecurity professionals, improve national incident response capabilities and help operators of essential services, digital services providers and businesses to prevent incidents and protect assets in their networks.

In case your company already has an incident response team, you can assess where it is and how it can further advance by using the ENISA CSIRT maturity assessment model and evaluation methodology with the online tool: CSIRT Maturity - Self-assessment Tool. The team can also join the Reference Security Incident Taxonomy Working Group, a community effort to create a common language to exchange data regarding cyber security incidents. So please make use of ENISA resources to foster better cooperation and information sharing and work with us for stronger cybersecurity incident response in Europe.

Further information:

ENISA - CSIRT Services section

ENISA - CSIRTs and communities section

ENISA - CSIRTs in Europe section

Brochure - Bolstering Incident Response in Europe

For more question you can contact


Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


Training material to enhance cooperation across CSIRTs and Law Enforcement

Tue, 04/28/2020 - 15:00

This training material focuses on the following four thematic areas of the CSIRTs and LE cooperation:

  1. Behavioural aspects, in particular the different approaches to problems, modi operandi,  mentalities and ‘languages’ of the different communities;
  2. Legal and organisational aspects, among other the challenges related to the diversity of legal systems and legal provisions of the Member States;
  3. Technical aspects, including ongoing efforts towards a broader adoption and use of a common taxonomy and common tools;
  4. Cooperation across CSIRTs, LE and the judiciary, covering areas such as data retention, sharing of personal data (including IP addresses) and confidentiality of criminal investigations as well as admissibility of digital evidence.

For each of the above-mentioned areas, a handbook (documents for the trainer) and a toolset (document for the trainees) have been prepared and published.

Access the ENISA's Training Material on Cooperation across CSIRTs and Law Enforcement 

The intended target audience are CSIRTs (mainly national and governmental CSIRTs but not limited to them), LE, possibly the judiciary (prosecutors and judges) as well as individuals and organisations with an interest in Cybersecurity.  

Furhter Information:

For more information on these reports, please contact:

More on ENISA’s activities in the area of CSIRTs and communities

For Interviews please contact


Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


Tips for selecting and using online communication tools

Mon, 04/27/2020 - 10:00

The coronavirus outbreak has affected and changed the way small and medium sized enterprises (SMEs) across the EU are doing business, both internally and externally with suppliers and customers. Indeed, SMEs face the new challenge of working remotely in a way that it is still productive, efficient but also secure. Online communication tools (including video/audio conferencing, instant messaging, remote document sharing/file exchange, internet streaming) are key to help SMEs follow-up with these novel working regimes. Among other aspects, the security and privacy settings of such tools are fundamental for efficient operation.

Taking into consideration the variety of online communications tools available today, ENISA offers some practical advice to SMEs with regard to the security and privacy aspects that should be considered upon the selection and use of online communication tools.

Tips for the selection of an online communication tool
  1. Make sure that the tool supports encrypted communication. It is especially recommended to rely on tools that support end-to-end encryption and provide sufficient information on applied key-sizes and algorithms.
  2. Opt for a choice that supports centralized management, such as call restriction policy, password policy, virtual meeting rooms and eavesdropping prevention.
  3. Assess the security settings, in particular make sure that the tool supports strong authentication, such as Multi-Factor Authentication (MFA).
  4. Review carefully the configuration options, considering in particular whether the service can be run in-house or relies only on external storage of data; if possible, prefer in-house implementations and ensure that integration with existing business tools and/or Single Sign On (SSO) can be provided.
  5. Read the privacy policy of the tool carefully, in particular as regards the following key aspects: types of personal data stored by the tool; location of the data; possible transfers of data to third countries; retention periods of data; default privacy settings/behaviour of the tool. Make sure that the app does not send data to social media for advertisement or other unwanted purposes. Consult your Data Protection Officer (or your privacy contact person if you do not have a DPO) if available for further assessment in case of doubt.
  6. Utilize available work resources such as work email and laptop to access the service; restrict if possible use from personal devices. In case it is necessary to use the tool from mobile phones, verify the permissions that the tool (app) asks and advise the users accordingly (e.g. for participation to a telephone call, granting permission for access to camera or location data would not be required).
  7. Ensure that only official distributions of the client are used and if it is not possible prefer the use of the web client. Verify that the latest version of the software is used and that security patches are applied in a timely manner.
  8. Make sure all meetings are password protected. Avoid sharing conference links and meeting passwords outside the intended participants. Invite users from within the tool if possible and ask them to refrain from sharing the link. In case that Single Sign On is not supported, advise all users to protect their account by selecting strong passwords and enabling multi factor authentication.
  9. Verify the default settings of the tool and make sure that all users are aware of them. Apply, where possible, default settings that protect users’ privacy (e.g. video deactivated by default, no audio/video recording, no central storage of instant messages, etc.). Refrain from recording the meetings unless there is a specific need for this. In case of recording, ensure that all meeting participants are informed and agree with the recording.
  10. Advice the users to use the chat, audio, camera and screen sharing functions wisely. For example, it advisable to not use video on a call when it is not needed. Moreover, users should ensure that only the window they want to share is on their screen and they should prevent their email or chats from becoming visible during meetings. When using video, users should make sure that their background is neutral and does not reveal any personal data of theirs or other confidential information.
Further Infomation Discover more tips and resources in the ENISA COVID-19 dedicated page 

This article was inspired upon a research performed by CERT.LV: the Information Technology Security Incident Response Institution of the Republic of Latvia. CERT.LV operates under the Ministry of Defence of the Republic of Latvia and is part of the EU CSIRTs Network.


Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items: