European Union Agency for Network and Information Security

European Cyber Security Month 2018 at a glance

Fri, 02/15/2019 - 10:34

ENISA publishes the ‘2018 European Cyber Security Month deployment report’, a summary of the activities organised by the Agency and participating Member States in October 2018. The report is a synthesis of findings based on evaluation and performance information gathered by collecting feedback and open source information.

The report targets both organisations that supported ECSM and those seeking to get involved in the future. At the same time, it also targets ICT and non-ICT security professionals who wish to launch similar awareness raising campaigns. Furthermore, the report is directed at EU and national policy makers who aim to improve the security awareness of citizens, professionals and IT end-users in general.

According to the report, more Member States got involved or increased their participation in the campaign. The number of activities organised under the ECSM umbrella increased by 6.5%, from 532 in 2017 to 567 in 2018. Additionally, over 160 teachers from 22 countries took part in online events destined for students.

Udo Helmbrecht, Executive Director of ENISA: "The latest edition of the ECSM brought many opportunities for people to discover how to stay safe online and play an active role in cybersecurity, in particular the young generations. I am happy to see that the number of participants increased considerably. Europeans understand more and more that a safe online environment can only be built by a common effort. I encourage everyone to join the ECSM in 2019."

The 2018 ECSM campaign was the sixth consecutive edition and was supported by the European Commission, Europol’s Cyber Crime Centre (EC3), European Schoolnet, SaferInternet4EU campaign and cybersecurity organisations from the Member States.

The campaign sought to raise awareness of cybersecurity practices through a plethora of activities such as  specialised reports, conferences, workshops, seminars, online courses, trainings, strategy summits, general presentations to users, online quizzes, etc.

The four themes chosen in 2018 were:

Week 1 – Theme 1: Practice basic cyber hygiene. ENISA and the Anti-Phishing Working Group APWG designed a phishing poster for the first week of the campaign. The phishing poster provided information about the scale of the phishing problem by numbers, tips on how to avoid phishing and what to do if one becomes a victim of phishing. 

Week 2 – Theme 2: Expand your Digital Skills and Education. ECSM learning modules were created for the campaign in collaboration with European Schoolnet, as part of the #SaferInternet4EU campaign launched on Safer Internet Day 2018 by Commissioner Mariya Gabriel to promote online safety, media literacy and cyber hygiene.

Week 3 – Theme 3: Recognise Cyberscams. Europol and the European Banking Federation launched an awareness campaign on the 7 most common online financial scams. Law enforcement agencies from all 28 EU Member States, 5 non- EU Member States, 24 national banking associations and banks and many other cybercrime fighters raised awareness about this criminal phenomenon. 

Week 4 – Theme 4: Emerging Technologies and Privacy. This included a live webinar by ENISA experts and external experts from Industry with the purpose of discussing the importance of having an “Emerging Technologies Horizon Scanning and Research Process”.

Would you and your organisation like to get involved with the European Cyber Security Month in October 2019? Find out what activities you can organise or be part of by contacting us here


Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


New national strategy for cybersecurity published by Norway

Fri, 02/15/2019 - 09:40

© Copyright: Shutterstock

The Prime Minister, the Minister of Public Security, the Minister of Justice and Immigration, the Minister of Defence and the Minister of Research and Higher Education - all took part in the launch of the strategy.

The new strategy is Norway’s fourth cybe security strategy, and is intended to address the challenges that arise in conjunction with the rapid and far-reaching digitalisation of Norwegian society. The developments in relation to previous strategies are based on the need to reinforce public-private, civilian-military and international cooperation.

The List of Measures, a part of the strategy, contains measures with a budget of around 1,6 billion NOK. The strategy also contains ten basic advice for all companies in Norway to follow to raise the cybersecurity level across the nation.

In preparing the strategy, particular emphasis has been put on applying an open and inclusive process so as to involve stakeholders from the public and private sector alike.

For more information and the full strategy visit:


Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


Better security measures for smartphones, ENISA has created a SMAShiNG new tool!

Tue, 02/12/2019 - 08:57

© Copyright: Shutterstock

The SMAShiNG tool supports developers to build secure mobile applications. It is technologically agnostic, hence can be applied to all mobile applications developed for any operating system on the market nowadays

New developments in both software and hardware area have resulted into new significant threats for the mobile computing environment, highlighting the need for a tool to help the developers’ community. SMAShiNG touches upon crucial security measures such as: 

  • User authentication;
  • Sensitive data protection;
  • Secure software distribution;
  • Device and application integrity;
  • Protection from client side injections;
  • Correct usage of biometric sensors.

SMAShiNG makes it easier for the developers’ community to follow guidelines, by selecting only the ones that are relevant to them. The tool allows for selecting security measures associated with a specific domain and export them as a checklist to follow in the design phase, based on the requirements of the developer.

The security measures featured by SMAShiNG are defined in the ENISA Smartphone Secure Development Guidelines report, which provides a guide for developing secure mobile applications. 

The release of SMAShiNG is an important part of ENISA’s continuous work in promoting the ‘security-by-design’ principle, by which strong cybersecurity is built into products as early as the design phase, easing the burden of EU citizens to secure their devices and products. 

SMAShiNG complements the work done by ENISA in this area, such as the recently launched online tool for IoT and Smart Infrastructures and the privacy enhancing technologies (PETs) knowledge management and maturity assessment.

ENISA aims to implement a series of enhancements and to broaden the scope of this tool, in order to facilitate users’ live interaction with security recommendations through a visualised and interactive page. 


Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


ENISA meets OSCE and the National Cyber Security Authority of Greece

Mon, 02/11/2019 - 16:23

The meeting was organised together with the National Cyber Security Authority (Ministry of Digital Policy, Telecommunications and Media/ General Secretariat of Digital Policy) of Greece.

ENISA representatives provided an overview of ENISA's work regarding policy, expertise advice, hands-on work and collaboration with strategic and operational teams across the EU.

Interesting presentations and fruitful discussions on the EU Cybersecurity Certification Framework, the NIS Directive, ENISA Threat Landscape, Cyber Exercises, and CSIRTs took place during the meeting.


Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


What is "state of the art" in IT security?

Thu, 02/07/2019 - 13:35

Copyright: Shutterstock

In many European countries, national legislators are pursuing the objective of reducing the deficiencies in IT security. In addition, the General Data Protection Regulation (EU) 2016/679 (GDPR) with its high requirements for technical and organisational measures has been in force since 25 May 2018. Both legal sources are demanding that IT security be brought up to the level of "state of the art", but do not say what should be understood by this in detail. In Germany, TeleTrusT - IT Security Association Germany has written guidelines that are published in English in cooperation with the European Union Agency for Network and Information Security (ENISA).

Daily reports on security incidents in companies and authorities show that there is an urgent need for action to improve IT security. Article 32 of the GDPR regulates "security of processing" to ensure that, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, appropriate technical and organisational measures are implemented. This provision is aimed at ensuring a level of protection appropriate to the risk.

The document published on the "state of the art" in IT security provides concrete advice and recommendations for action. These guidelines are intended to provide companies, providers (manufacturers, service providers) alike with assistance in determining the "state of the art" within the meaning of the IT security legislation. The document can serve as a reference for contractual agreements, procurement procedures or the classification of security measures implemented. They are not a replacement for technical, organisational or legal advice or assessment in individual cases.
The document will support companies in all EU countries in identifying the required level of security in the field of IT security.

Dr. Udo Helmbrecht, ENISA Executive Director: "ENISA continues its work in supporting the EU Member States by contributing to this handbook. The articles are designed to provide concrete information and recommendations on how to improve IT security. This booklet should be a useful guide to IT practitioners who have the responsibility for complying with legislation."

TeleTrusT Chairman Prof. Dr. Norbert Pohlmann: "By determining the state of the art, we will be able to adequately increase the level of IT security, strengthen our robustness against cyber attacks and thus significantly reduce the risk of ongoing digitalisation."
TeleTrusT Board Member Karsten U. Bartels: "The consideration of the state of the art is a technical, organisational and legal task for companies and authorities. The guidelines help very specifically at these three levels - both in the operative implementation and in the documentation."

English version:
German version:

ENISA - European Union Agency for Network and Information Security

The European Union Agency for Network and Information Security (ENISA) is a centre of expertise for cyber security in Europe. The Agency is located in Greece with its seat in Athens and a branch office in Heraklion, Crete. ENISA is actively contributing to a high level of network and information security (NIS) within the Union, since it was set up in 2004, to the development of a culture of NIS in society and in order to raise awareness of NIS, thus contributing to proper functioning of the internal market. The Agency works closely together with Members States and private sector to deliver advice and solutions. This includes, the pan-European Cyber Security Exercises, the development of National Cyber Security Strategies, CSIRTs cooperation and capacity building, but also studies on secure Cloud adoption, addressing data protection issues, privacy enhancing technologies and privacy on emerging technologies, eIDs and trust services, and identifying the cyber threat landscape, and others. ENISA also supports the development and implementation of the European Union's policy and law on matters relating to NIS.

TeleTrusT - IT Security Association Germany

The IT Security Association Germany (TeleTrusT) is a widespread competence network for IT security comprising members from industry, administration, consultancy and research as well as national and international partner organisations with similar objectives. With a broad range of members and partner organisations, TeleTrusT embodies the largest competence network for IT security in Germany and Europe. TeleTrusT provides interdisciplinary fora for IT security experts and facilitates information exchange between vendors, users, researchers and authorities. TeleTrusT comments on technical, political and legal issues related to IT security and is organiser of events and conferences. TeleTrusT is a non-profit association, whose objective is to promote information security professionalism, raising awareness and best practices in all domains of information security. TeleTrusT is carrier of the "European Bridge CA" (EBCA; PKI network of trust), the IT expert certification schemes "TeleTrusT Information Security Professional" (T.I.S.P.) and "TeleTrusT Professional for Secure Software Engineering" (T.P.S.S.E.) and provides the trust seal "IT Security made in Germany". TeleTrusT is a member of the European Telecommunications Standards Institute (ETSI). The association is headquartered in Berlin, Germany.

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


CSIRTs and incident response capabilities in Europe

Wed, 02/06/2019 - 08:20

Copyright: Shutterstock

The study focuses on providing insights on whether cooperation between different players, particularly CSIRTs, is spontaneous or driven by regulation. The prospective vision of the analysis tries to identify the key evolutions in the CSIRT-IRC landscape within a 5-year timeframe.

For the purpose of this study, ENISA specialists mapped both newly emerging and already-existing CSIRTs, investigating their policies across and outside of Europe. In this process, NIS experts identified and analysed 81 new CSIRTs, as well as a corpus of 36 policy, regulatory and strategic documents relating to the development of cyber incident-response capabilities.
The main findings of the study are:

  • The implementation of the NIS Directive fosters the adoption of a holistic approach towards IR and an upward alignment of national capabilities;
  • The NIS Directive may have a positive effect at the international level and provides the EU with a status of ‘norm setter’;
  • IR capability development of national administration and operators of essential services emphasizes the relevance of collaboration at national and European level;
  • Successful cooperation initiatives in the field of Incident Response Capabilities at an international level are driven by public-private partnerships;
  • There is an important development of IR services in the European private sector; however, new vulnerabilities tend to target the hardware layer of devices manufactured outside of Europe;
  • Acknowledging their exposure to cyber risks, military players tend to follow the same dynamics as the civilian sector when developing their IR capabilities.

CSIRTs play a vital role in cyber resilience in a context of increasing dependency on digital infrastructures. They perform an important function throughout the crisis management process, from identifying security incidents, protecting organisations against attacks, disseminating information on threats and recovering from incidents.

ENISA has a European CSIRT inventory on its public website, which provides an overview of the current situation concerning CSIRT teams in Europe. This inventory provides a list of publicly listed incident response teams that can be visualised via an interactive mapping tool.

For the full report: Study on CSIRT landscape and IR capabilities in Europe 2025

ENISA celebrates Safer Internet Day

Tue, 02/05/2019 - 14:25

ENISA has also played a key role in the EU's Cybersecurity Strategy to increase people's awareness of the key role they can play in ensuring the security of networks and information systems, notably by its active involvement in the European Cyber Security Month. ENISA has created video clips, posters and illustrations, which aim at raising information security awareness, risks, and good practices.  You can find them here.

Just like the physical world, the Internet poses online threats to people, especially children and young adults physically, emotionally and financially. That is why it is of utmost importance to build cybersecurity skills and competences, which aim at raising information security awareness and helping citizens adopt good practices.

Nurturing cybersecurity skills helps individuals to defend themselves on the Internet, enabling them to become more resilient, self-reliant and confident. People with cybersecurity skills can have a positive impact on protecting those around them, contributing essentially to a safer online environment.

Are you a role model, parent, teacher, guardian or community leader? Educate children and young people by taking our educational modules.


Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


ENISA and FORTH met to boost collaboration and pave the way for joint cybersecurity projects in Crete

Fri, 02/01/2019 - 10:25

The two teams together with ENISA’s Executive Director, Prof. Udo Helmbrecht and the Chairman of the Board of Directors at FORTH, Prof. Nektarios Tavernarakis, exchanged information on cybersecurity projects and discussed ways to boost their collaboration following the signature of a Memorandum of Understanding (MoU) in September 2018.

Prof. Udo Helmbrecht said: “FORTH has a special place in the history of ENISA. It was our first home in Greece, and together we have been accomplishing many great projects for over 15 years now. Our joint work and dedication have established Heraklion as a European centre of cybersecurity excellence. We are honoured to be partners and friends in making Greece and Europe cyber safe. ”

Prof. Tavernarakis said: "FORTH keenly fosters and encourages close collaboration between ENISA and Research Teams at FORTH. We are proud to collaborate with ENISA, as this cooperation provides ample opportunity for scientific interactions and fruitful collaborations between the 2 Organisations. Specifically, the Institute of Computer Science of FORTH is actively pursuing research in the area of network and information security, offering considerable potential for synergies. As another example, FORTH, with 2 of its Institutes, the Institute of Molecular Biology and Biotechnology and the Institute of Computer Science, is the coordinator of one of the four national Precision Medicine Centers, that has been established here in Crete. Operating such a center poses unique challenges, relevant to sensitive data processing and storage. Other areas of potential collaboration are the graduate programmes in Bioinformatics and Biomedical Engineering which FORTH is coorganising together with the University of Crete.".

The meeting was the first of a series of steps that will help extend the cooperation between ENISA and FORTH, to the following activities in the area of cybersecurity:

  • Jointly organised cybersecurity conferences and the NIS summer school;
  • Cooperation in the areas of Life Sciences and Computer Science;
  • Jointly organised exercises and training sessions by maintaining/sharing common knowledge and by exploiting available facilities and human resources in the new ENISA premises;
  • Jointly organised research activities touching upon areas of common interest.

ENISA and FORTH are expected to drive many of the key projects outlined above from ENISA’s new building in Heraklion.

ENISA’s new state-of-the-art building in Heraklion, offering conference facilities and suitable IT infrastructure, has been accommodating ENISA’s staff based in Heraklion since December 2018. Its formal inauguration is expected this spring, with the participation of representatives from the Greek Government, Local Authorities and FORTH.


In order to enhance the cooperation between ENISA and FORTH and help establish Heraklion as a European centre of cybersecurity excellence, a Memorandum of Understanding (MoU) was signed by both parties on 24 September 2018. ENISA and FORTH also jointly organised the fifth edition of ENISA-FORTH Network and Information Security (NIS) Summer School event in September.

These actions strengthen the excellent cooperation between the two organisations, which started with the establishment of ENISA in Heraklion in 2004.



Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


National Liaison Officers Network of ENISA has first meeting in 2019

Tue, 01/29/2019 - 16:20

The meeting was chaired by Steve Purser, ENISA’s Head of Core Operations Department. Mr. Purser opened the meeting by addressing the latest developments in the life of the Agency – the new mandate brought forward by the proposed cybersecurity act, and the proposal to make the NLO a statutory body of ENISA.

The NLO initiated constructive discussions on its contribution to the Work Programme of the Agency for 2019, and representatives of the NLO Group provided input on national developments.

ENISA experts updated the NLO on the preparations for the Agency’s flagship projects: the European Cybersecurity Challenge and the European Cybersecurity Month. Training in information security management, the NISD cooperation group, and certification were also discussed.

The NLO Group acts as a liaison between ENISA, the community of network and information security experts and relevant organisations in the EU Member States. They facilitate ENISA’s work in their respective country.

The NLO network is composed of one representative from each EU and EEA Member States. A representative from the European Commission and one from the Council of the European Union are also part of the network.


Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


Denmark launches six new sectoral cyber and information strategies

Mon, 01/28/2019 - 18:24

© Copyright: Shutterstock

As part of the implementation of the Danish National Cyber and Information Strategy (2018-2021) each of six designated sectors – health, bank & finance, telecommunications, shipping, transportation, and energy – are required to formulate a sectoral cyber and information strategy. The sectoral strategies were published on the 7th of January 2019 and they are available on the websites of the respective ministries.

For more information visit:

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


Good practices in the implementation of regulatory technical standards

Thu, 01/24/2019 - 11:24

Copyright: Shutterstock

The study will provide stakeholders such as payment service providers, competent authorities, and EU Member States, with an overview of the implementation of the PSD2 in different national legislations.

Payment service providers (PSPs) can rely on this study to understand the most important topics that have been taken into consideration in the national transposition and security measures applied, such as:

  • Transparency of information provided to payment service users;
  • Protection of personalised security credentials;
  • Monitoring of security incidents; and
  • Security measures.
  • In the process of drafting the study, the following tasks have been carried out:
  • Analysis of common aspects and differences among the different EU Member States, with regards to the transposition of the articles of PSD2 related to incident reporting and security measures;
  • Information on the incident reporting authorities and which channels they use;
  • The security measures adopted in accordance with EBA guidelines.

More information can be found in the study "Good practices on the implementation of regulatory technical standards"

Background information
The European Parliament adopted the Second Payment Services Directive (PSD2) on 25 November 2015. This directive is an extension of the First Payment Services Directive (PSD1, Directive 2007/64/EU), published in 2007, which will promote competition and innovation in the context of financial services, while protecting the security of payment service users.

ENISA, as the European centre for cybersecurity and the competent security incident reporting authority in the European Union, has launched an analysis to investigate the current status of the implementation of the PSD2 in the EU Member States. The main purpose of the project is to provide an overview of the transposition of the PSD2 and of how each of the states has implemented it.


Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


Forest for the trees: an IoT security standards gap analysis

Thu, 01/17/2019 - 09:34

© Copyright: Shutterstock

An ENISA analysis, which maps the existing standards against requirements on security and privacy in the area of the Internet of Things (IoT) yields that there is no significant standards gap - every requirement can be met by an existing standard. While standards exist for many different elements of making a device or service secure, when referring to IoT, one refers to an ecosystem of not only devices and services. Moreover, the context of use of IoT, its high scalability and other features further call for flexible approaches. The gap in IoT device standards for security is that the standards are not treated holistically. Therefore, it is possible to introduce to the market a device that can authenticate its user, can encrypt and decrypt data transmitted and received, can deliver or verify the proof of integrity, but which will still is and remains unsecure.

The study pinpoints potential areas of improvement and additional efforts in securing the IoT area. Special attention has been paid to the EU needs related to the European cybersecurity certification framework. In the very case of security, a large number of processes as well as technical standards have to be in place, to ensure that any device placed on the market is assuredly secure. As the standards alone are essential, but not sufficient to ensure open access to markets, the study also proposes an approach towards certification, assurance and validation schemes to identify what is sufficient.

This study concludes that in general there is an identifiable gap in process, by which a vendor can assert that their IoT product or service is secure. There is no significant gap, however, in standards to introduce secure IoT devices to the market.

The process recommended in this report is intended in part to engender a change in attitude towards device security, by making secure IoT the only form of IoT that reaches the market; also, to give confidence to the market through a mix of certification, assurance testing and validation, as well as market surveillance.

For the full report: IoT Security Standards Gap Analysis


Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


Acceptance of eIDAS audits: Global or local?

Tue, 01/15/2019 - 14:01

© Copyright: Shutterstock

The eIDAS Regulation sets up a framework to grant qualified status to an array of trust services (e.g. electronic signatures, seals etc.) aiming to enhance consumer trust in the digital environment. Qualified trust services undergo regular assessments by accredited bodies, overseen by national and EU authorities for the purpose of meeting requirements laid out in the eIDAS framework. Taking the view point of a global audience, ENISA has published a new report to address aspects of conformity assessment in an effort to improve the global acceptance of eIDAS audits. Towards this goal, the report recommends to:

  • adopt a harmonised conformity assessment approach in the EU and promote it at the international level
  • promote and reference specific standards on the auditing of TSPs and conformity assessment

The report also carries out a review of concurring international auditing schemes for qualified TSPs and the accreditation of the respective CABs. Strategies largely based on improving existing European standards are also proposed for the purpose of fostering cooperation with browser vendors and thus improve better acceptance of eIDAS audits.

Read the full report here: Towards global acceptance of eIDAS audits


Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


Supporting the Fight Against Cybercrime: ENISA report on CSIRTs and Law Enforcement Cooperation

Wed, 01/09/2019 - 09:52

This cooperation is incomplete however, unless the judiciary is equally brought into the picture due to the pre-eminent role it plays across the MS in directing criminal investigations. While collecting evidence is important warranting its admissibility in a criminal trial is equally so. Admissibility of evidence relies on compliance with certain technical and legal requirements as well as the conditions laid down in criminal procedure.

In 2018, ENISA confirmed that CSIRTs, law enforcement and the judiciary have complementary roles and structure and that incident handling varies across Member States. The data CSIRTs and Law Enforcement Agencies have access to varies, and it affects information sharing between them when they seek to respond to cybercrime. CSIRTs interact frequently with the Law Enforcement Agencies rather than with the prosecutor. CSIRTs offer support to Law Enforcement Agencies to collect and analyse different types of evidence. CSIRTs are called rarely as witness in courts but the material they collect during the incident handling might be used to decide on cybercrime cases. 

Cooperation challenges concern data retention, the sharing of personal data (including IP addresses) and the confidentiality around criminal investigations as well as evidential admissibility of digital evidence. Legal challenges are followed by cultural, technical and organisational ones.

ENISA recommendations include:

  • Gather further knowledge and study interactions across the three communities;
  • Analyse the legal and policy framework shaping this cooperation;
  • Seek to better understand tools and methods used for the cooperation between CSIRTs and LE and their interaction with the judiciary and improve via training opportunities.

For full report:

Cooperation Between CSIRTs and Law Enforcement: Interaction with the Judiciary

For further information:

For more information on these reports, please contact: 

More on ENISA’s activities in the area of CSIRTs and communities: 


Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


NCSC publishes four guides to stimulate cybersecurity collaboration

Thu, 01/03/2019 - 11:55

© Copyright: Shutterstock

In recent years many successful collaborations are created by NCSC-NL and its partners within the government and Dutch vital infrastructure. The Dutch approach to public-private cooperation is unique and is built upon three important core values: trust, shared interests and equality. NCSC-NL believes public-private cooperation is crucial to increase the digital resilience of society. Collaboration with other organisations is essential to take the next step in strengthening the resilience of your organisation. These lessons learned form the basis of these guides.

In these publications, NCSC-NL has bundled the lessons learned from recent years to support and inspire organisations to start a successful collaboration in their own sector (an ISAC), region or supply-chain. For organisations that are already working together and would like to deepen this collaboration In these publications has created a guide on how to start a collective Computer Security Incident Response Team (CSIRT) with your partners. 

For more information and the full documents:





Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


EU improves its capacity to tackle cyber crises: Cyber Europe 2018 after-action report

Thu, 12/20/2018 - 05:00

ENISA has compiled all the information gathered during the exercise and produced an after-action report and a closure video, identifying challenges and main takeaways, and making useful recommendations for the participants.

The main conclusion drawn is that the EU-level cooperation has improved considerably over the last years, becoming more mature and effective. Cyber Europe 2018 proved that the European Union is well equipped to respond to cyber crises. To this extent, the technical challenges of the exercise provided an excellent opportunity for the cybersecurity teams to enhance their capabilities and expertise in dealing with a variety of challenges. The operational capacity and technical skills of all participants were at the highest level.

Udo Helmbrecht, Executive Director of ENISA, commented: “Cyber Europe 2018 highlighted the importance of cooperation between national authorities, security providers, and potential victims of a cyber-attack. It proved once again that cybersecurity is a shared responsibility, and extreme incidents can be tackled best only by information exchange and collaboration. All participants did a great job in following business processes, agreements, communication protocols, and regulations to mitigate effectively the situations presented to them. ENISA values very much these capacity-building exercises, and will continue to provide such services for the EU Member States, especially in light of the new mandate of the agency.”

The key findings and recommendations include:

  • The report reveals that EU Member States have improved their cooperation at technical level. The CSIRTs Network can easily address minor issues related to cooperation structures and tools, mainly by organising regular cyber-exercises, trainings and communication checks;
  • In addition, the key actors will define and test the procedures and tools that are necessary for the implementation of the framework on coordinated response to large-scale cyber crises, also known as ‘Blueprint’ (1);
  • At national level, the cybersecurity authorities should develop procedures and tools for a coordinated response, including structured cooperation and information exchange between private and public institutions. After the establishment of such procedures, the responsible actors should test them regularly by organising cyber exercises;
  • One major issue is the shortage of IT security specialists. The private sector should set IT security as a priority and invest in resources and expertise, especially the operators for essential services, such as aviation, energy, finance, healthcare, maritime, and transport;
  • Public and private organisations must ensure that they have crisis communication protocols in place and that personnel in sensitive positions are aware of these protocols.

Organised by ENISA in collaboration with cybersecurity authorities and agencies from all over Europe, Cyber Europe 2018 focused on the aviation sector and enabled the European cybersecurity community to strengthen their capabilities in identifying and tackling large-scale threats, as well as to provide a better understanding of cross-border incident contagion.

ENISA orchestrated the two-day exercise at its headquarters in Athens, bringing together over 900 European cybersecurity specialists from 30 countries (2). They had to deal with over 23 200 injects throughout the exercise, depicting cyber-attacks at major European airports, takeovers of official communication channels, disinformation in the media and social media and many other issues.

About Cyber Europe exercises

‘Cyber Europe’ exercises are simulations of large-scale cybersecurity incidents that escalate to EU-wide cyber crises. The exercises offer opportunities to analyse advanced cybersecurity incidents, and to deal with complex business continuity and crisis management situations. ENISA has already organised four pan-European cyber exercises in 2010, 2012, 2014 and 2016.

International cooperation between all participating organisations is inherent to the gameplay, with most European countries participating. It is a flexible learning experience: from a single analyst to an entire organisation, opt-in and opt-out scenarios, the participants can customise the exercise to their needs.

Note to editors

(1)    Participating countries: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, United Kingdom.

(2)    Key actors involved in the ‘Blueprint’: Computer Security Incident Response Teams network, the European Union Agency for Network and Information Security (ENISA), the European Cybercrime Centre at Europol, the EU Intelligence Analysis Centre (INTCEN), EU Military Staff Intelligence Directorate (EUMS INT) and Situation Room (Sitroom) working together as SIAC (the Single Intelligence Analysis Capacity), the EU Hybrid Fusion Cell (based in INTCEN), the Computer Emergency Response Team for the EU institutions (CERT-EU), and the Emergency Response Coordination Centre in the European Commission.


Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


European research and development priorities in cybersecurity

Wed, 12/19/2018 - 13:50

© Copyright: Shutterstock

The proposed research priorities have the aim to make Europe ”a global leader in cybersecurity by 2025, in order to ensure the trust, confidence and protection of our citizens, consumers and enterprises online, and to enable a free and law-governed internet”, as stated at the Tallinn Digital Summit in September 2017. 

Based on desktop research and interviews with experts, the report tries to foresee the European society in the near future, as far as 2025, and the societal changes brought by innovation in the digitally connected world.

The report recognises the interdependencies among the digital and physical world, the pervasiveness of connectivity in all aspects of society and industries, the evolution of the technologies and their effect on society.

The report focuses on identifying emerging challenges and on those current challenges that are evolving into significant risks to society. Closely related are the challenges in social dynamics, brought about by changes in society that technology has enabled. 

For the full report: Analysis of the European R&D priorities in cybersecurity


Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


New chair of the Article 19 Expert Group on security of e-Trust services

Tue, 12/18/2018 - 17:10

Photo credits: Annika Haas

Electronic trust services is what we call services like digital signatures, digital certificates, electronic seals, timestamps, etc. used in electronic transactions, to make them secure, trustworthy. The eIDAS regulation, which came into force in 2016, provides the EU wide legal framework for both trust services and national eID schemes. Article 19 of the eIDAS regulation sets the security requirements for trust service providers. The Article 19 Expert Group was set up by ENISA in 2015, under the auspices of the Commission, to support voluntary collaboration between Member States about the technical details of how to implement Article 19. This is a voluntary non-binding process, between experts from ministries, agencies, supervisory bodies, national authorities, et cetera, who are involved with the implementation of Article 19. The group has experts from EU member states as well as EEA and EFTA countries. The Article 19 Expert Group meets twice a year.

At the last meeting in October in Malta, hosted by the Maltese Communications Authority, the group agreed to a new terms of reference for the group, formalizing a new modus operandi. At this meeting a new chair was elected, Ulrich Latzenhofer from the Austrian Regulatory Authority for Broadcasting and Telecommunications, will chair the group for the next 2 years. ENISA will continue to support the group in the role of secretariat.

For further information about this work see:


Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


Assessment of Standards related to eIDAS

Fri, 12/14/2018 - 16:49

While CID (EU) 2016/650 lays down standards for the security assessment of QSCDs at the time of drafting it there were no available standards for signing devices yet; consequently, a Trust Services Provider (TSP) managing signature creation data on behalf of the user was unable to support the creation of Qualified Electronic Signature and seals. In a broader context, standards for remote signing devices have yet to be developed too. There are two important use cases relating to the identified gap, namely:

  • trust service providers managing signature creation data on behalf of the user to support the creation of qualified electronic signature and seals 
  • trust service providers creating qualified electronic signature and seals on their own behalf.

In this report, ENISA presents aspects of QSCD certification and QTSP supervision to identify the way to combine respective elements therein, in line with the eIDAS requirements. In this context, this report seeks to support standards CEN EN 419 241‐2 and CEN EN 419 221‐5:2018 so that they could be referenced in an amended version of CID (EU) 2016/650. 

This report suggests that there is shared responsibility between the TSP managing the QSCD to work with appropriate TSP issuing certificates and on the issuing TSP to work with an appropriate TSP to manage the QSCD. Competent supervisory bodies retain of course their function to verify that such requirements are followed in qualified devices management and qualified certificates issuance. 

As a certain amount of coordination across stakeholders is required to achieve a global trust level, it would be pertinent to provide a way to advertise the elements of supervision. Besides the official compilation of Member States notification on secure signature creation devices (SSCDs) and QSCDs, the trusted list of the country where QTSP operates might provide an indication on the way a QSCD is managed. Alternatively, the list of notified SSCDs and QSCDs compiled by the European Commission might also be used for this purpose. Market stakeholders would benefit from further developments in this regard. 

Read the full report here: Assessment of Standards related to eIDAS

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


Winners of ECSC 2018 attend ICT Exhibition

Fri, 12/07/2018 - 09:39


Team Germany met with representatives of ENISA, Ms. Eva Kaili, Member of the European Parliament, Ms. Mariya Gabriel, Commissioner for Digital Economy and Society, Mr. Khalil Rouhana, Deputy Director-General of DG CONNECT, and Ms. Despina Spanou, Director for Digital Society, Trust and Cybersecurity at DG CONNECT.

On 6 December at 10:30 CEST, the aims and objectives of ECSC were presented in a chat broadcasted live on Facebook. ENISA’s network and information security officer Adrián Belmonte Martín joined in the discussion, alongside Team Germany and the moderator Ewelina Jelenkowska-Luca, head of Communication at DG CONNECT. The chat is available here.

For news and updates: @enisa_eu, @CyberSec_EU, @DSMeu, #cybersecurity, #ICT2018, #ECSC2018, and #ECSC2019.

The fifth edition of ECSC was organised between 15 and 17 October 2018 in London, United Kingdom. The event brought together 170 participants, who were selected during cybersecurity challenges on a national level, to compete against each other in a pan-European spirit.

The European Cyber Security Challenge (ECSC) is an initiative of multiple European countries, supported and facilitated by ENISA, which aims at engaging cybersecurity talent across Europe and connecting the cybersecurity industry actors with high potential young talent.

The next edition of ECSC will take place between 13 and 15 October 2019 in Bucharest, Romania.

Please check for more information.

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items: