European Union Agency for Network and Information Security

ENISA Validation Workshop - Market Study of NIS Products and Services

Mon, 09/05/2016 - 15:15

The meeting will take place in Brussels, on the 12th of October from 9:30 to 16:00 and will be hosted by the European Commission.

In addition to the study validation session, the agenda will include presentations on pertinent policy and industry topics by selected speakers:

  • Luigi Rebuffi Secretary General of ECSO (European Cyber Security Organisation)
  • Fabian Bahr, Head of Berlin Office at Giesecke & Devrient GmbH
  • Pascal Beglin, CEO at Streamwide
  • Helmut Fallmann, CEO at Fabasoft AG
  • Antonio Ramos, Founding Partner at Leet Security

 Information and Registration

 More information on the agenda, logistics and registration can be found in the following link:

ENISA Validation Workshop - Market Study of NIS Products and Services


Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


Young European white hat hackers meet for the 2nd Cyber Security Challenge competition

Mon, 08/22/2016 - 15:25

During the 2nd European Cyber Security Challenge, participants will have to discover vulnerabilities in web applications, binaries and document files, solve crypto puzzles and hack hardware systems. However, technical skills are just one part of the whole story. As the time and resources will be limited, teamwork skills are also extremely important. The competition will end with a presentation by each team. The complete skillset which is important for working in an IT security team, is thus tested.

The goal of the competition is to bring new people into professional IT security field, therefore the participants are limited to young people who do not yet have higher education in the field and who do not work in it professionally. The event will also include a conference and teambuilding exercises where connections between contestants and the industry are made and paths for a future career are forged.

If you wish to be among the competing teams in 2017, countries and organizers are invited to get in touch with ENISA who is organizing next year’s European Cyber Security Challenge.  Improve your skills and staying safe online! Who knows, it may lead to a career in cyber security!

For more information on the European Cyber Security Challenge 2016:



Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


COINS Research School visit to ENISA

Fri, 07/29/2016 - 14:56

Visitors had the opportunity to meet with ENISA experts and get updated on the latest policy themes and discuss developments in areas such as electronic ID, identity management, cross-border authentication, privacy-by-design, breach notifications and the EU NIS policy framework.

COINS brings together about 50 Ph.D. level students in information security, from six universities across Norway.



Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


Contribute to ENISA’s study on a Digital Single Market for NIS products and services

Thu, 07/21/2016 - 10:05

The aim of the study is to map NIS products and services produced by EU companies in specific sectors and look into how to leverage the opportunities and tools offered through the DSM to improve market growth.  

To participate in the online survey

To better understand the NIS product and services landscape, ENISA has launched an online survey targeted at decision makers, C-level executives (CISO, CIO, CSO, CFO, CTO), marketing directors, buyers and sales representatives from the following sectors:

  • Online banking
  • Online market places
  • Cloud storage
  • Wireless telecommunications equipment: manufacturers and main customers (service providers)
  • Online media services, in particular video streaming platforms
  • Suppliers of NIS products and services

Interested parties may participate through the following link.



Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


Join ENISA study on cloud security and eHealth

Thu, 07/14/2016 - 09:21

The objective of the study, is to identify both security opportunities and barriers to cloud adoption in the healthcare sector. One of the key elements to be focused on, is the current level of cloud adoption in the healthcare sector and to find examples of eHealth and healthcare services, already deployed in the cloud.

Participate in ENISA’s online survey

To understand the above mentioned challenges and opportunities involved, ENISA has launched an online survey which is targeted mainly at CIOs, CISOs, doctors, patients, healthcare providers and manufacturers, cloud providers, and public authorities that are involved within the healthcare sector. To participate follow the link.

For more information on the subject, please contact:



Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


Securing Smart Cars – Join ENISA study and workshop

Wed, 07/13/2016 - 10:45

The objective of this project is to establish a comprehensive list of cyber security policies, tools, standards, measures and provide recommendations to enhance the level of security of smart cars[1]. The study focuses on the assets inside the cars as well as on data exchanges related to safety.

Participate in ENISA’s study

To understand the cybersecurity challenges involved, ENISA is currently interviewing relevant stakeholders as car manufacturers, Tier 1 and Tier 2 suppliers. If you are interested to participate, please contact


To validate the findings of the study and discuss future challenges, ENISA is organising a workshop scheduled for the 10th October 2016 from 10:00 to 17:00 in Munich Germany.


To register visit the link  to save your seats for the workshop in October. Due to limited availability of seats, the registrations will be served on first come first serve basis until the exhaustion of the allocated resources.

To participate as an expert to CaRSEC

If you are interested to provide your expertise in the area, please read the ToR and apply for the CaRSEC Expert Group.

For more info on the subject, please contact:

[1] Smart cars can be defined by the integration of connected components in the car in order to bring added-value services to drivers and passengers.



Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:



Thu, 07/07/2016 - 14:00

The meeting provided valuable insights into possible ways of mutual collaboration. A series of topics were presented by both sides and an open discussion was held on:

  • the NIS Directive
  • current studies by ENISA in the energy sector,  infrastructure security and resilience
  • trainings offered by ENISA and possible cooperation with ENCS
  • the main activities and services portfolio of ENCS    




Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


Getting ready for the European Cyber Security Month (ECSM)

Tue, 07/05/2016 - 09:41

During each week, ENISA and its partners will be publishing reports, organising events and activities centred on each of these themes. Events include training, strategy summits, and general presentations to users, online quizzes, and many more.

Kick-Off Event

Preparation for this year’s Cyber Security Month kick-off event is in collaboration with the European Banking Federation (EBF), Europol and ENISA. EBF will be hosting the kick-off event at their premises in Brussels on September 30th, 2016.

Check out the themes planned for this year’s ECSM:

Week 1: Oct. 3-7

Theme: Security in Banking

The theme of the week seeks to capture the most important challenges in the banking sector, whether protecting customer online accounts or financial institutions, as these become targeted due to the critical role they play in a functioning economy.

Week 2: Oct. 10-14

Theme: Cyber Safety

Guidelines are presented for staying safe on the internet, addressing the more vulnerable social groups such as students and children.

Week 3: Oct. 17-21

Theme: Cyber Security Training

This week’s theme promotes training to all citizens from internet users to IT professionals and security experts at all levels - from basic IT security skills to computer forensics, whether delivered via seminars, webinars or class room style.

Week 4: Oct. 24-28

Theme: Mobile Malware

This week aims at informing end users of how to protect their mobile devices from malicious actions by preventing malware that has been designed to infect them.

To find out more about the activities and how to get involved visit –

About ECSM: ECSM is the EU’s annual advocacy campaign taking place in October, which aims to raise awareness on cyber security threats, promote cyber security among citizens and provide up to date security information, through education and sharing of good practices.

October is #CyberSecMonth!



Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


ENISA activities in support of Trust Services

Fri, 07/01/2016 - 12:30

The Regulation strengthens the provisions for interoperability and mutual recognition of electronic identification schemes across borders, enhances current rules for electronic signatures and also expands the scope of Directive 1999/93/EC to other trust services used in electronic transactions.

Trust services are a key element in increasing the confidence of EU citizens and businesses in electronic transactions. As such, the eIDAS Regulation establishes a stable legal framework for five types of trust services, namely electronic signatures, electronic seals, electronic time stamps, electronic registered delivery services and Website authentication certificates.

“Electronic identity is the backbone of security on the internet. This work therefore represents an important step forward for Europe” said ENISA’s Executive Director Udo Helmbrecht.

ENISA supports the implementation of the Regulation in two flows with:

1) Activities linked to supporting and providing guidelines for trust service providers. These include studies on:

  • Minimum security measures and good security practices for trust services providers
  • Common audit schemes for trust services providers in Member States
  • Analysis of standards related to TSPs and mapping them to the requirements of the eIDAS Regulation (new!)
  • Recommendations for the introduction on the market of qualified website authentication certificates

2) Activities linked to incident notifications, by providing mechanisms for reporting security breaches by the trust service providers to the competent bodies.

Furthermore the Agency in collaboration with the European Commission, organises annually the Trust Services Forum, a platform that brings together the communities of trust service providers from the EU Trusted List, conformity assessment bodies and supervisory authorities, providing the opportunity to discuss on issues related to the regulation.

Future work of ENISA in the field

In 2016 ENISA will publish a set of technical recommendations, aimed at facilitating the implementation of the provisions related to trust services in the areas not covered by adopted secondary legislation, which are foreseen to be applied on a voluntary basis by the Member States. These include:

  • Procedures for the interaction with trust service providers and conformity assessment bodies. (Article 17)
  • Procedures for granting qualified status to a Trust Service Provider. (Article 21)
  • Formats and procedures for the initiation of a qualified trust service. (Article 21)
  • Minimum content and formats for the conformity assessment report obligatory for the initiation of a qualified trust service. (Article 21)
  • Recommended standards to fulfil the requirements of the Trust Service Chapter of the eIDAS Regulation. (Articles 19.4, 24.5, 32.3, 33.2, 34.2, 44.2, 45.2, 28, 38, 42.)
  • Risk management and security measures for TSPs. (Article 19.a.) 

The Agency also plans on developing a series of documents and informative material to support relying parties and end users of qualified trust services included in the eIDAS Regulation to securely use these services.

* (EC) 910/2014 on electronic identification and trusted services for electronic transactions in the internal market)



Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


ENISA discusses cyber challenges of the digital transformation

Wed, 06/22/2016 - 08:22

ENISA was at the Connected Citizens’ Summit today, June 21st, in Amsterdam with key figures from the public and private sphere, discussing on the digital transformation from smart cities, cybersecurity, and energy efficiency to e-health.

Udo Helmbrecht, ENISA Executive Director, was on the global cybersecurity panel on ‘keeping pace with emerging threats’, together with S.Dacaru (Ambassador, NATO) and H. Lindberg (MSB). Panellists looked into how ‘cyber’ constitutes an element of all aspects of daily life through industry 4.0, IoT and smart environments and the protection of critical infrastructure.

Udo Helmbrecht mentioned: “If you look at emerging technologies there is no doubt, room for many opportunities. But we also see the need to organise more efficiently, and take a closer look into the underlying technologies behind these new models, addressing for example technical challenges such as IT security by design. The NIS helps address key challenges through better exchange of information and prevention. We at ENISA are active in building capabilities and bringing together communities, through CSIRTs, National Cyber Security strategies, and cyber exercises”.   


A video of the discussion is available online, follow #CCSummit



Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


Discussing the impact of cybersecurity in DSM and EU growth

Fri, 06/17/2016 - 15:23

Paulo Empadinhas in his keynote speech gave an overview of the challenges of the DSM, highlighting there are still gaps to be addressed and a more joint-up approach is required to step up supply of more secure solutions by EU industry, and stimulate take-up by enterprises, public authorities, and citizens.

“We witness a lack of education regarding security: from school, academia and in private companies. Education should bring a stronger awareness about the need for security in products, both from the supplier side and the customer. Similarly, a lot of EU companies invest in IoT as a business enabler, however they don’t invest in security. In addition, security as we know it does not apply to the IoT environment, hence new frameworks are required to analyse risks” said Paulo Empadinhas.

ENISA through its work, supports EU Member States in implementing the requirements of the NIS Directive, and initiatives such as the eIDAS, GDPR, which stimulate trust across different stakeholders and support industry policy in cybersecurity. Furthermore, ENISA encourages the use of standardisation - a main pillar in creating the EU single market – which helps support market-based competition, removes market barriers and helps ensure interoperability.

The conference is the European extension of the Annual Security Conference taking place in Las Vegas (USA) for over a decade gathering participants from academia, government and industry to look into ‘the future of cybersecurity’.

For more @EuropeanSeC2015  #iseg



Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


ENISA study looks into the adoption of security and privacy standards by SMES

Fri, 06/17/2016 - 13:45

An extensive analysis was conducted for the study, in order to investigate the perceived adoption of security and privacy standards in European SMEs; as well as the main drivers and barriers that can affect the level of adoption of these standards. The methodology consisted of interviews with subject matter experts and analysis of available studies in the area.

As European SMEs are increasingly dependent on their information systems to provide services to customers and meet business objectives, the use of new technologies brings new opportunities for enhanced business performance and operations but also introduces several information security and privacy risks. New information security and privacy standards are being drafted and proposed to support organizations to mitigate these associated risks.

Within this context, a wide and effective adoption of information security and privacy related standards by SMEs across Europe can be a beneficial factor for fostering their growth, competitiveness and innovation. The recommendations on how to increase adoption are targeted to EU and MS policy makers, standards developing organizations, and professional, industry and small businesses associations.

For the full report: Information security and privacy standards for SMEs


Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


Free online tool for the notification of personal data breaches

Fri, 06/17/2016 - 10:12

The purpose of the tool is to allow data controllers to complete and submit online a personal data breach notification to the competent authority (DPA/NRA).

The tool covers all types of personal data breaches and business sectors, whether public or private. Based on the input of the notification, the tool also provides to the competent authority an assessment of the severity of the breach.

The tool is free for use by any interested party.  The tool aims to facilitate the notification of personal data breaches by data controllers, which may be used by national competent authorities, in their respective countries.

For more information visit the link



Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


ENISA at CODE conference: we need to build on trust and security for a connected world

Thu, 06/16/2016 - 16:13

The high-level meeting of the research centre Cyber Defence (CODE) hosted discussions on current cyber challenges in IoT, eHealth, privacy, and industry 4.0 with key representatives of the German government and industry, including Secretary of State Dr Katrin Suder (BMVG) and Klus Vitt (BMI).

An eHealth session presented by ENISA focused on a real use case in a German hospital. The specific constraints and benefits of using cloud computing in the healthcare environment were discussed in a panel - moderated by the Head of Secure Infrastructures and Services Dr E. Ouzounis (ENISA) - together with panellists from the public and private sector, including Ing. Gerald Götz (Munich Municipal Hospital), Bernd Kowalski (BSI), Marcus Neumann (Capnopy), and Carlos Arglebe (Siemens). NIS expert, Dimitra Liveri (ENISA), gave an overview on issues related to accessibility, sharing and storage of information, availability and reliability, geo-boundaries, and the particularities of healthcare as a critical information infrastructure.

ENISA's Executive Director moderated discussion panels during the two-day event. Udo Helmbrecht said: “The annual meeting organised by the Unversity of Bundeswehr is an excellent opportunity to discuss on trending topics looking into how we can take the next step in a connected world while being securely connected during any online activity. The uptake of digitisation of industry sees many applications in critical infrastructures – from smart transport to eHealth - but foremost requires trust. ENISA through its studies in these areas, promotes standardisation, privacy by design and interoperability, for secure systems and infrastructures benefiting EU industry and citizens”.

Udo Helmbrecht, is an Honorary Professor at the Bundeswehr University.



Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


ENISA survey: Security requirements of online search engines and market places

Thu, 06/16/2016 - 08:50

Take part!

If you are directly involved in Information Security in the above mentioned categories of your organization, and you wish to contribute to ENISA’s survey, please follow the outlined steps to get in touch with the team:

Step 1: To acquire the appropriate credentials to participate, please contact  stating:

a)      the type of digital service you provide

b)      professional email address,

c)      the position you hold in your organisation


Step 2: Visit the following link to fill in the survey. The time required to complete the survey is twenty minutes.



Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


Estonia - Cryptographic Algorithms Lifecycle Report 2016 published

Wed, 06/15/2016 - 18:01

This is the fourth report in the series of cryptographic algorithms reports, started in 2011 by a scientific task force assembled with the mission to analyse the problems and risks that reliance on cryptography is posing on the sustainable functioning of Estonian society.

ENISA's "Algorithms, key size and parameters report" has provided useful input to Estonia's national study.

For the full report: Cryptographic Algorithms Lifecycle Report 2016


Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


Estonia - 2015 Annual Report of the Estonian Information System Authority now available in English

Wed, 06/15/2016 - 13:35

The 2015 annual report of the Estonian Information System Authority’s (RIA) Cyber Security Branch concludes that, for Estonia, another year has passed without incidents that had
major consequences.

Estonia’s cyber security is born out of the daily cooperation between companies and the state, and this cooperation has produced good results.

To read the full report: 2015 RIA Annual Report


Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


National Liaison Officers meet at ENISA

Thu, 06/09/2016 - 15:25

Developments in NIS during the Dutch Presidency, the upcoming contractual Public Private Partnership (cPPP), Critical Information Infrastructure Protection in France and the newly adopted NIS Directive were extensively discussed.

National Liaison Officers are the first point of contact of ENISA in the Member States, acting as ‘facilitators’ for ENISA activities within their countries. The Network currently comprises thirty-five members of the EU Member States, EEA countries and the European Institutions.

For more information visit ENISA NLOs Network page.



Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


ENISA Management Board elects Jean-Baptiste Demaison as its new chair

Thu, 06/09/2016 - 13:10

from left to right: ENISA's Head of Stakeholder Relations and Administration Department, Paulo Empandinhas, New Vice-Chair of the MB, Krzysztof Silicki, ENISA Executive Director, Udo Helmbrecht, Newly elected MB chair, Jean-Baptiste Demaison, and ENISA's

Newly elected chair, Jean-Baptiste Demaison is Senior Advisor on International and European cyber policies within the French Cybersecurity Agency (ANSSI) and has been alternate and member of the Management Board of ENISA since 2011. Previously, Demaison worked for the Strategic-Research Institute of the French Military Academy (IRSEM) and as Deputy Director of the French department of the Faculty of Political Science and Economics of the Cairo University. Demaison holds a Master's degree in International Affairs and is specialized on global technological security challenges.

New Vice-Chair of the Management Board has been appointed Krzysztof Silicki, (PL). Silicki has been a member of the ENISA MB since 2004. He is an advisor to the Director of NASK Institute (Research and Academic Computer Network) while also serving as Technical Director from 2001-2013. Founder of the first incident response team in Poland, acting as today’s CERT Polska, and organiser of Poland’s ‘SECURE’, the first conference devoted to IT security issues.

“Today, ENISA’s key role in supporting the reinforcement of cybersecurity capabilities and cooperation across Europe is unanimously recognized. In a spirit of consensus and ambition, France and Poland wish to work with all Member States, the European Commission and ENISA in order to support the Agency face the many thrilling challenges ahead – starting with the NIS directive implementation – and set the path for the successful renewal of its mandate” said in a joint statement Jean-Baptiste Demaison and Krzysztof Silicki.

ENISA Executive Director Udo Helmbrecht welcomes both chair and vice-chair of ENISA’s Management Board. The Director said: “Both members have extensive experience on the technical and policy aspects of cybersecurity, while being active members of the NIS community. I wish them every success in their positions and look forward to a close and fruitful collaboration, to deliver trusted cybersecurity services for Europe’s citizens and industry”. Udo Helmbrecht also highlighted the commitment and contribution of Jörgen Samuelsson and Ferenc Suba, throughout these years supporting the Agency’s operations.

ENISA’s Management Board defines the general direction of the operation of the Agency. The elected Chair and Vice-Chair serve for a term of three years, which may be renewed. ENISA's structure and Management Board members is available online. Jean-Baptiste Demaison’s mandate will be effective starting October 18th 2016.


*Picture, from left to right: ENISA's Head of Stakeholder Relations and Administration Department, Paulo Empadinhas, new Vice-Chair of the MB, Krzysztof Silicki, ENISA's Executive Director, Udo Helmbrecht, new Chair of the MB, Jean-Baptiste Demaison, and ENISA's Head of Core Operations Department, Steve Purser.

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


Overview from ENISA's Trust Services Forum 2016

Fri, 06/03/2016 - 16:05

The forum organised by ENISA  in collaboration with the European Commission eIDAS Task Force, the Trust Services Forum 2016, for the second consecutive year, aims to provide an annual opportunity for exchange of ideas to the communities closely related to the eIDAS Regulation, namely Trust Service Providers, Conformity Assessment Bodies and Supervisory Authorities.

The agenda consisted of a series of presentations, panels and open sessions set in place to discuss the latest developments in the regulatory framework, to exchange views on identified implementation and operational issues of qualified trust services and to discuss strategies to strengthen the position of Qualified Trust Service Providers in the Digital Single Market. 

On the eve of the entry in force of the provisions related to trust services of the eIDAS Regulation, Member States’ authorities and European Trust Service Providers are confident that a smooth transition from the previous regulatory framework will take place. However, more guidance on many areas is still needed, the experience acquired from the provision of electronic signatures under Directive 1999/93/EC has set up an important basis for the provision of new trust services under eIDAS Regulation. 

The Forum was established as a periodic event following the positive feedback received from participants of the first edition, which took place in June 2015.With this event, complementing other activities in the area of trust services, ENISA continues its efforts to achieve a successful implementation of the eIDAS provisions for qualified trust services in Europe. The Agency is supporting the European market of trust services, which are a basic pillar to build a secure digital Europe.



Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items: