European Union Agency for Network and Information Security

Vision for a Stronger Cybersecurity Community going forward – an ENISA industry event

Thu, 06/13/2019 - 11:15

Pictured from left to right: Falk Hermann, (Rohde & Schwarz), Axel Deininger (Secunet), Ilias Chantzos (Symantec), Brian Honan (BH Consulting), Udo Helmbrecht (ENISA), Steve Purser (ENISA), Ursula Pachl (BEUC), Oscar Tapp Scotting(UK), Aidan Ryan (ENISA)

The year 2019 already marks a challenging year for the European Union. The EU is facing multiple geopolitical challenges simultaneously, such as Brexit, but also cybersecurity related challenges such as maintaining EU’s digital sovereignty and securing European elections from outside interference. The EU is confronted with finding the right balance between the digital transformation of our society and preserving our core democratic values.

We must ensure that the EU ICT industry retains and develops essential cybersecurity technological capacities to secure its EU Digital Single Market. The Union must be in a position to autonomously secure its digital assets and to compete on global cybersecurity market. In 2018 the Union was a net importer of cybersecurity products and solutions and largely depending on non-European providers. The cybersecurity market is globally a 600 billion EUR market that is expected to grow in the next five years on average by approximately 17% in terms of sales, number of companies and employment.[1]

However, the European ICT industry is falling behind in the global competition race. Sandwiched between the giants of the ICT industry in the US and China, Europe is struggling to keep up and is losing hold of its own digital sovereignty. Surprisingly, this is while the EU and EU Member States are among the most digitally developed world economies. [2] 

Digital development should work for and not against the European market. Success requires risk. New business and regulatory frameworks need to be produced that anticipate the evolution of the market over the next 5 to 10 years and lay the groundwork for the success of the European ICT industry. In an increasingly inter-connected world, the European ICT sector should be strengthened and stimulated to improve its competitiveness in the global marketplace, as well as in the domestic marketplace.

In this context, the ‘Vision for a stronger cybersecurity community going forward’ event aims to look at a number of topics including the regulation of the internet and social media specifically with speeches from Thomas Myrup Kristensen, Facebook's Managing Director of EU Affairs and Oscar Tapp Scotting, the UK Government’s Online Harms Deputy Director.

Other speakers included Brian Honan from BH Consulting who spoke on threat intelligence, Jean-Pierre Quémard, President of Alliance pour la Confiance Numérique (ACN) on European competiveness and Gabi Dreo Rodosek from the CODE Research Institute at Universität der Bundeswehr München who expressed her concern for the lack of European market leaders in R&D.

Finally, a panel discussed the regulatory agenda for the new European Commission and the newly elected European Parliament, which provided preliminary recommendations from the industry on future potential policy initiatives.

ENISA, Executive Director, Udo Helmbrecht stated that “in an average European office, ICT software and hardware are generally built and developed in Asia and USA. Where Europe once led the world in the deployment of initially analogue and then mobile digital technology such as GSM, Europe is now debating the appropriateness of the supply of 5G technology from non-European suppliers. Traditional EU mobile handset manufacturers are struggling to compete with major Asian and US suppliers. We should emphasise to people European values such as trustworthiness and security of ICT products and services.”

Background

Since 2015, ENISA has been organising its Industry Events in an effort to stimulate the development of the EU network and information security (NIS) industry. The event aims to improve collaboration between ENISA and the private sector particularly SMEs.

ENISA is celebrating its 15th anniversary and on 27 June 2019 its new and permanent mandate will enter into force. The new mandate includes a role for ENISA in certification but also that ENISA will actively support the European Commission and EU Member States in the development, implementation and review of cybersecurity policy. Therefore following the important changes in the European Parliament and European Commission, ENISA takes the opportunity to discuss the future of European cybersecurity with its industry stakeholders.

[1] Proposal for a European Cybersecurity Competence Network and Centre (September 2018): http://ec.europa.eu/newsroom/dae/document.cfm?doc_id=54252

[2] European Commission, “I-DESI 2018”, 26 October 2018. Available at: https://ec.europa.eu/digital-single-market/en/news/how-digital-europe-compared-other-major-world-economies

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

The EU Cybersecurity Act: a new Era dawns on ENISA

Fri, 06/07/2019 - 15:53

The EU Cybersecurity Act will come into force on 27th June 2019.

In a shift towards a role that adds more value to the European Union, ENISA, which will henceforth be known as the EU Agency for Cybersecurity and will receive a permanent mandate.

Find out more: https://europa.eu/!bX86Fp.

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

ICANN CEO visits ENISA to discuss cybersecurity of the internet infrastructure

Mon, 06/03/2019 - 17:15

ICANN is an international, non-governmental and non-profit organization which manages the internet's namespace, i.e. the internet domain names, the DNS root registries. ICANN coordinates the global IP address space by handing out blocks of IP addresses to regional internet registries, like RIPE NCC for Europe. ICANN also hosts the archive of IETS RFCs which define today's internet protocols.  Much of the work that ICANN does is closely related to cybersecurity.

Among the topics of discussion were the big DNS hijacks which have been observed this year (also referred to as DNSpionage), the security issues of DNS in general, the issue of network slicing, elasticity of DNS for IoT, and the influence of EU companies and EU countries in international standards setting bodies like IETF and ITU.

Steve Purser, head of ENISA's core operations department, said: "ENISA acts as a cybersecurity hub, bringing together the right stakeholders and the right experts to develop a common approach to cybersecurity issues. We are looking forward to leverage ICANN's expertise on relevant cybersecurity issues, like the vulnerabilities in DNS. "

The EU's NIS Directive, adopted in 2016, which came into force in 2018, covers critical internet infrastructure like the European internet exchange points, top level domains and DNS. In the context of the NIS Cooperation Group, the NIS Directive's cooperation mechanism, ENISA is currently working with national authorities to develop an efficient approach to supervising of these critical parts of the EU's internet backbone.

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

ENISA meets Energy Community

Mon, 06/03/2019 - 11:04

The objective of the meeting was to engage ENISA with stakeholders from the energy sector, exchange views and create possible synergies.

Interesting discussions took place where ENISA and the Energy Community presented their activities in the energy sector cybersecurity. The Cybersecurity Act as well as the security certification issues were also discussed. Furthermore, the participants of the meeting agreed on the way forward and concrete steps to establish the collaboration between these two organisations.

 Background

The Energy Community is an international organisation, which brings together the European Union and its neighbours to create an integrated pan-European energy market. The key objective of the Energy Community is to extend the EU internal energy market rules and principles to countries in South East Europe, the Black Sea region and beyond on the basis of a legally binding framework.


Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

ENISA Permanent Stakeholders Group meets in Athens

Fri, 05/24/2019 - 15:05

The Executive Director of the Agency, Udo Helmbrecht chaired the meeting. He started by presenting the participants with the status and priorities of the Cybersecurity Act.

One of the most important items on the agenda tackled the role of the PSG in light of the new mandate of the Agency.

Mr. Purser gave input on ENISA’s latest work in the area of opinion papers and the Single Programming Document 2019 and requested the PSG’s input on Work Programme priorities and latest technology evolution.

Main topics on the agenda also included:

  • Final draft discussion on the ‘IoT and consumers’ working group;
  • Status update on working groups within the PSG;
  • Latest technology evolution;
  • Procedure for informing and communicating with the MB.

The PSG group advises the Executive Director on the development of the Agency’s work programme, and on ensuring the communication with the relevant stakeholders on all related issues.

The PSG is composed of “nominated members” and members appointed “ad personam”, in total 33 members from all over Europe. The PSG was established by the ENISA regulation (EU) No 526/2013.

The Management Board of ENISA, acting on a proposal by the Executive Director, sets up a PSG for a term of office of two and a half years. The term of office for the current PSG, which started in 2017, will end in 2020.

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

ENISA Permanent Stakeholders Group meet in Athens

Fri, 05/24/2019 - 15:01

The Executive Director of the Agency, Udo Helmbrecht chaired the meeting. He started by presenting the participants with the status and priorities of the Cybersecurity Act.

One of the most important items on the agenda tackled the role of the PSG in light of the new mandate of the Agency.

Mr. Purser gave input on ENISA’s latest work in the area of opinion papers and the Single Programming Document 2019 and requested the PSG’s input on Work Programme priorities and latest technology evolution.

Main topics on the agenda also included:

  • Final draft discussion on the ‘IoT and consumers’ working group;
  • Status update on working groups within the PSG;
  • Latest technology evolution;
  • Procedure for informing and communicating with the MB.

The PSG group advises the Executive Director on the development of the Agency’s work programme, and on ensuring the communication with the relevant stakeholders on all related issues.

The PSG is composed of “nominated members” and members appointed “ad personam”, in total 33 members from all over Europe. The PSG was established by the ENISA regulation (EU) No 526/2013.

The Management Board of ENISA, acting on a proposal by the Executive Director, sets up a PSG for a term of office of two and a half years. The term of office for the current PSG, which started in 2017, will end in 2020.

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

ENISA's workshop in Warsaw to discuss innovation in the context of National Cyber Security Strategies

Thu, 05/23/2019 - 11:15

© Copyright: Shutterstock

The discussions will focus on national objectives and priorities supporting research and innovation of cybersecurity technologies and services. National experts will have the opportunity to share good practices and discuss gaps and challenges related to funding, incentives, collaboration mechanisms and policy initiatives that shape the national or the European market.

In addition, the workshop will also cover aspects related to Information Sharing and Analysis Centres (ISACs), as well as public private co-operation.

Target audience

People who are involved in the development, implementation, and evaluation of national cyber security strategies (NCSS) and people involved in ISACs, more specifically:

  • National policy and decision makers;
  • Legislators, regulators, and national authorities;
  • Private sector;
  • Academia.

Experts from different Member States will be invited to present and discuss their views on the topics. 

Registration

Please register here: https://ec.europa.eu/eusurvey/runner/NCSSWorkshop.

For more information visit the event page.

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

ENISA is setting the ground for Industry 4.0 Cybersecurity

Mon, 05/20/2019 - 12:50

This work is following up on the recently published seminal study on ‘Good Practices for Security of IoT in the context of Smart Manufacturing

ENISA follows a holistic and comprehensive approach to the issues related to cybersecurity in Industry 4.0. It identifies the main challenges of facing the adoption of security in Industry 4.0 and Industrial IoT associated with one of the following categories: people, processes, and technologies. For each challenge, concrete and actionable recommendations are provided.

Who can benefit from ENISA’s work?

The adoption of the high-level recommendations proposed by ENISA aims at contributing to the enhancement of Industry 4.0 cybersecurity across the European Union and at laying the foundations for future developments.

ENISA lists high-level recommendations in order to facilitate the promotion and wider take-up of Industry 4.0 and relevant innovations in a secure manner. The recommendations are addressed to different key stakeholders groups, namely:

  •  Regulators;
  • Industry 4.0 security experts;
  • Industry 4.0 operators;
  • Standardisation community;
  • Academia and research & development bodies.

Practical advice on Industry 4.0 cybersecurity

Key recommendations for the stakeholders:

  •  Promote cross-functional knowledge on IT & OT security;
  • Clarify liability amongst industry 4.0 actors;
  • Foster economic and administrative incentives for industry 4.0 security;
  • Harmonise efforts on industry 4.0 security standards;
  • Secure supply chain management processes;
  • Establish industry 4.0 baseline for security interoperability;
  •  Apply technical measures to ensure industry 4.0 security.

For the full report: Industry 4.0 - Cybersecurity Challenges and Recommendations

ENISA has been building expertise in this area over the last years. ENISA’s work has become a focal point for IoT and smart infrastructures cybersecurity, with the ENISA IoT Baseline Security study and the IoT and Smart Infrastructures tool standing out. In the future, ENISA will continue its efforts to support all relevant actors of the IoT and Industry 4.0 ecosystem.

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

External audit on ENISA's 2018 financial accounts

Fri, 05/17/2019 - 10:30

© Copyright: Shutterstock

The auditors’ report concluded that both 2018 financial and budgetary performances of the Agency are fairly presented and in accordance with the financial regulations of the European Commission and the International Public Sector Accounting Standards. The annual accounts include the financial statements and the reports on the implementation of the ENISA budget.  

The audit illustrates the effectiveness of implemented financial controls that are in place with the Agency. 

The European Parliament and the EU Council have recently approved the EU Cybersecurity Act reinforcing ENISA’s mandate and significantly increasing its financial resources. Henceforth, ENISA will be known as the EU Agency for Cybersecurity.

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

ENISA delivers course on incident management

Fri, 05/17/2019 - 10:28

The course gave the participants an insight into the basics of defending an infrastructure and a thorough review of an incident lifecycle, detailing all steps and talking audience through a case study with questions that initiated fruitful discussions.

The main takeaway of the discussions was that there is no ‘one-size-fits-all’ approach to incident response.

This is the third visit of ENISA in the last months. The Digital Security Authority of Cyprus invited ENISA specialists to contribute to a better incident response across Europe.

The ENISA CSIRT training material covers four main areas: technical, operational, ‘setting up a CSIRT’, and ‘Legal and Cooperation’.

Besides providing training material, ENISA organises courses and trains around 200 cybersecurity specialists per year.

Trainings for Cyber Security Specialists: https://www.enisa.europa.eu/trainings/

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Testing cooperation of EU CSIRTs Network during large-scale cyber-attacks

Thu, 05/16/2019 - 14:47

The role of ENISA was twofold. On the one hand, the CSIRT Relations team actively participated as the secretariat of CNW, as defined by the NIS Directive. In this regard, ENISA provides overall support to CNW and manages tools for cooperation among all members. On the other hand, ENISA’s exercise team, which also organises the pan-European ‘Cyber Europe’ exercise, organised the exercise, including the definition of the scenario and injects, and controlled the execution.

CSIRT teams from 27 countries, CERT-EU and ENISA played a scenario where cyber-attacks were performed over critical infrastructures before and during European elections. Several operators of essential services across different Member States were the ‘target’ of the attacks, and some incidents tried to diminish trust in the electoral process. Over 50 incident-handling experts from the EU Member States participated in this exercise.

CyberSOPex2019 proved once more how fundamental in developing confidence and trust among Member States the CNW is, promoting swift and effective operational cooperation.

The CyberSOPEx type of exercise is an important part of ENISA’s continuous efforts to improve the large-scale incident response collaboration of the CSIRTs Network members, by focusing on training participants on situational awareness, information sharing, understanding roles and procedures, and utilising CSIRTs Network-related tools just like in a real life situation.

For more info on the CSIRTs Network, visit www.csirtsnetwork.eu

For more information on the ENISA’s exercises contact: exercises@enisa.europa.eu

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Recommendation on the usage of community and public cloud computing services in Hungary, defined by Magyar Nemzeti Bank

Wed, 05/15/2019 - 17:15

© Copyright: Shutterstock

The objective of this recommendation is to provide practical guidance to entities in the financial intermediary system for managing the risks arising from the use of community and public cloud computing services and for the uniform interpretation of relevant national and European Union legislation.

The recommendation of Magyar Nemzeti Bank is  based on the good practices and requirements set out in the recommendations of the European Banking Authority on outsourcing to cloud service providers (EBA/REC/2017/03).

The full recommendation is available in english here: https://www.mnb.hu/letoltes/4-2019-cloud-bg.pdf

 

 

outsourcing to cloud service providers

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

From start-up to enterprise: ENISA's recommendations on building EU cyber-champions

Wed, 05/15/2019 - 16:56

© Copyright: Shutterstock

Based on feedback from key experts, such as founders of start-ups, venture capitals, incubators, accelerators and public institutions, ENISA identifies a number of specific challenges and opportunities faced by NIS start-ups in their development within the EU. 

ENISA's report concludes with a set of recommendations to start-ups, SMEs, and entrepreneurs active or interested in entering the cybersecurity market. In short, ENISA recommends to:

  • Carefully and clearly define product- and service-development strategy;
  • Invest in building team with the proper mix of skills;
  • Invest in compliance with standards or certification schemes;
  • Leverage existing European clusters specialised in cybersecurity;
  • Invest in networking and build mentorship-like relationships with larger enterprises;
  • Understand the EU funding opportunities available and assess their usefulness;
  • Pursue partnerships and events that will allow to position solutions to prospective customers.

This non-exhaustive list of recommendations aims to serve as actionable good practices to help cybersecurity start-ups better reach their objectives and potential as regards business growth. In particular, the report is helping in:

  • understanding the start-up landscape from a technological and market perspective and determining what is currently established in the EU with regards to NIS products and services;
  • gaining insight into the investment and funding channels available for NIS start-ups from both the public and private sector;
  • identifying the main challenges that start-ups may face in their endeavours and ways in which they can address them;  
  • building knowledge of growth opportunities for the EU NIS start-up market, within the context of current EU policy frameworks, at all stages of evolution for start-ups. 

The study is available here: Challenges and opportunities for EU cybersecurity start-ups

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Cybersecurity of smart cars high on ENISA’s agenda

Tue, 05/14/2019 - 11:49

With the aim to strengthen relations with stakeholders from the automotive industry, automotive suppliers and manufacturers discussed with ENISA experts about pertinent matters, including ENISA’s ongoing work on automotive cybersecurity, the NIS Directive, the EU Cybersecurity Certification Group, and methods and practices related to securing the automotive supply chain.

Interesting presentations and fruitful discussions took place during the two days. ENISA aims to further foster collaboration in the area of automotive cybersecurity and will continue to engage with relevant stakeholders in order to promote cybersecurity of smart cars in Europe.

For more information see also:

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Informal Expert Group on EU Member States Incident Response Development

Thu, 05/02/2019 - 22:00

ENISA is concentrating its efforts on assisting MS with their incident response capabilities by providing a state-of-the-art view of the CSIRT  landscape and development in Europe.  One of the main objective of this work is to further develop and apply ENISA recommendations for the CSIRT capability development.

As part of its effort to support EU MS in their incident response development, ENISA is conducting a study on incident response development status within EU MS.  Since implementation of the “Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union” (NIS directive)  brings new challenges to the way CSIRTs handle and respond to incidents . Therefore the particular target of this study are  sectoral CSIRTs or incident handling and response (IR) within sectors and subsectors essential for the maintenance of critical societal and economic activities (NISD sectors).

The results of this work should help ENISA to identify and draw conclusions about the development of IR capabilities particularly in NISD sectors. Informal Expert group should assist ENISA and Contractor with these efforts.

Experts of the group shall have technical background expertise and direct exposure on one or several of the following:

  • IR capabilities, tools and processes;
  • Procedures and operations of CSIRT.
  • IR in one or more of NISD sectors.
  • Regulation bodies, academia, standardisation bodies directly involved in the above topics.

Before applying please read the Terms of Reference and the Privacy Statement. Click here to apply.

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Behavioural aspects of cybersecurity

Tue, 04/16/2019 - 11:02

© Copyright: Shutterstock

In summary, ENISA found a relatively small number of models, none of which were a particularly good fit for understanding, predicting or changing cybersecurity behaviour. Many ignored the context in which much cybersecurity behaviour occurs (i.e. the workplace), and the constraints and other demands on people’s time and resources that it causes. At the same time, there was evidence that models that stressed ways to enable appropriate cybersecurity behaviour were more effective and useful than those that sought to use threat awareness or punishment to urge users towards more secure behaviour.

The report offers recommendations for specific groups such as policy makers, management and organizational leaders, CISO and security specialists, CSIRT / CERT community, software developers and awareness raising managers.

ENISA proposes that practitioners can take significant steps towards helping employees to act in a more secure way. This may involve skills-based training and support but may also require the restructuring of security practices and policies, to better align with people’s workplace goals and/or capabilities. ENISA proposes a model of awareness, analysis and intervention for organisations to systematically plan and implement changes to address human aspects of cybersecurity.

For policy makers, ENISA identified a clear lesson from the reviews - increasing cybersecurity literacy and skills is an evidenced method to support citizens to protect their cybersecurity.

Management and organisational leadership need to shift their perspective on what their role and responsibilities are in managing cybersecurity in their organisations. They should decide which security risks they want to manage, and commit the resources required.

CISOs and security specialists need to know the impact that security policies can have on staff in daily business operations. They need to be visible and approachable and even acquire the ‘soft skills’ to do this effectively, ideally through special programmes.

Incident response teams and security operations centre staff should be enabled to perform in the fight against cyber threats. Their employers need to ensure sufficient staffing levels, invest in training and personal growth, and support innovative approaches such as team and multi-team.

Last but not least, all people involved in cybersecurity should mainly aim to provide users with the skills in order to cope with cyber threats rather than running repetitive awareness campaigns on the scale and vulnerability of cybersecurity threats.

For the full report: Behavioural aspects of cybersecurity

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

ENISA supports Portuguese National Exercise on Elections

Thu, 04/04/2019 - 14:08

© Copyright: Shutterstock

In its second edition, the exercise focuses on the resilience of the electoral process, engaging a large number of stakeholders from public as well private organisations. The exercise tests the coordinated response at different levels, the information exchange processes and the national contingency plans.

ENISA offers direct support by providing the Cyber Exercise Platform that delivers exercise control functionality, hosts the exercise scenarios and allows for realistic simulation of media websites mimicking real-life infrastructures. The electoral process is put to the test by several simulations of cybersecurity incidents and disinformation campaigns and fake news.

ENISA's exercise team supports the exercise in two sites. On part of the team at ENISA’s making sure the infrastructure performance is at the highest level, while a mobile team provides onsite support to the exercise in the Portuguese capital.

The event organised in cooperation with the CNE – the National Elections Commission of Portugal was attended by the highest level including:

  • President of the Portuguese Republic - Mr. Professor Marcelo Rebelo de Sousa,
  • Minister of the Presidency and Administrative Modernization - Dr. Mariana Vieira da Silva,
  • Minister of Internal Affairs - Dr. Eduardo Cabrita,
  • General Secretary of the Internal Security System, Deputy Attorney General  - Ms. Maria Helena Fazenda,
  • General Secretary of the Information System of the Portuguese Republic, Ambassador Maria da Graça Mira Gomes,
  • and many others high-level people in Portugal.

ENISA is committed to continue to actively support the EU Member States authorities by providing its unique cyber exercise expertise and capabilities, in order to reinforce the resilience of the national and European critical IT systems and infrastructures.

Previous news item: https://www.enisa.europa.eu/news/enisa-news/jenisa-supports-portuguese-national-cybersecurity-exercise-on-electoral-process

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

New ENISA office inaugurated in Heraklion – Crete, Greece

Mon, 04/01/2019 - 10:55

Pictured from left to right: ENISA's Head of RD - Paulo Empadinhas, Deputy Mayor of Tourism, Heraklion - Andrea Garancini, FORTH Chairman - Nektarios Tavernarakis, ENISA Executive Director- Udo Helmbrecht and Regional Councillor of Crete- Giorgos Alexakis

This new establishment, as well as the Athens headquarters of the Agency, is provided by the Hellenic authorities in virtue of the seat agreement between ENISA and Greece, which sets down the details of arrangements for the operations of ENISA in Greece. 

Executive Director Helmbrecht said: “I want to thank the Hellenic authorities for their continuous commitment to the good functioning of ENISA in Greece. This new tailor-made office meets the highest standards for a European Agency and offers our staff in Crete the best conditions to safely run the activities of the Agency.”

Secretary General Maglaras said: “Cybersecurity is a major challenge in the Digital Society and ENISA, being the EU centre of expertise for cybersecurity, is continuously promoting cybersecurity awareness, advancing our cybersecurity capacities and building a, so called, “cybersecurity culture” within Europe. The role of the Agency is further enhanced by its permanent mandate that has been recently issued. Secretary General of Digital Policy, Telecommunications and Media support the functioning of ENISA and in this framework we have the pleasure to inaugurate the new office of ENISA, in this new building; we firmly believe that it will facilitate the operation of the Agency and it will further enable the Agency to carry out its competencies. We will continue to support the Agency, by any means, and we anticipate that the cooperation of the Agency with FORTH and other research institutes in Greece will be mutually beneficial.”

Professor Tavernarakis said: “The Foundation for Research and Technology places special emphasis on the field of Network and Information Security, as it directly  as it impacts directly on multiple facets of its research activities. FORTH keenly fosters and encourages close collaboration among ENISA and Research Teams at FORTH, as the multidisciplinary nature of the field of Network and Information Security is relevant to the priorities of several of FORTH Institutes.”

Mr. Alexakis said on behalf the Governor of Crete Region Arnaoutakis: “ The inauguration of ENISA’s new building in Heraklion, is an event of significant importance for the Region of Crete. This, today, is an important step for the European and World community of electronic communications. The European Union Agency for Network and Information Security officially gets a new building, marking a new era. A new era, when everything evolves at a dizzying speed, demanding constant alertness, adaptation and new rules for safety and protection. The fact that ENISA – even a part of it- remains in Heraklion is an honour but also a responsibility. In a symbolic but also in a substantial way, it sets the bar higher for us.”

The inauguration of ENISA’s new building was followed by an art exhibition by the acclaimed artist Stella Koukoulaki entitled “Cybersec Art”, which included works that are artistically related to the field of Network and Information Security.

The new office – a state-of-the-art building offering conference facilities and suitable IT infrastructure – accommodates ENISA employees from various areas of expertise like policy, finance, facilities management, network and information security, and public affairs.

The construction of the building was co-funded by Greece and the European Union, under the Operational Programme “Competitiveness and Entrepreneurship”.

Change of address: From 1 April 2019 onwards, the office will be located at Nikolaou Plastira 95, Vasilika Vouton, Heraklion – Crete.

Note to editors

The former premises were provided by the Foundation for Research and Technology Hellas – FORTH since 2004. Longstanding partners, ENISA and FORTH have constantly worked together to establish Heraklion as a European centre of cybersecurity excellence, culminating with the organisation of five editions of ‘Network and Information Security Summer School’ events and the signing of a memorandum of understanding (read more about this topic here).

Since 2012, ENISA has also opened an office in Athens.

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Privacy standards for information security

Fri, 03/15/2019 - 17:45

© Copyright: Shutterstock

Such integration is fundamental to protect personal identifiable information, particularly in digital environments and it may support the implementation of relevant privacy and data protection legislation.

This ENISA study, explores how the standards-developing world has been responding to the fast-changing and demanding realm of privacy. This study provides insights into the state-of-the-art of privacy standards in the information security context by mapping existing standards available and standardisation initiatives alike.

The main findings of this study include the following:

  • There is an increasing need to analyse the mapping of international standards and European regulatory requirements, as references to standards in the EU legislation are becoming recurrent and there are considerable differences from jurisdictions outside of the EU;
  • Proving compliance with privacy standards in information security is not as straightforward as expected. Some approaches for conformity assessment are available in specific sectors, others are still lacking appropriate mechanisms;
  • A coherent analysis of sector-specific needs for privacy standardisation is essential, especially in the context of information security, before moving ahead with the adoption or development of new standards;
  • Standardisation focuses mainly on covering technological approaches and solutions. Many such solutions address the introduction of privacy-preserving technologies throughout the whole lifecycle of a product or a system. The concept of privacy-by-design and its implementation are still not presented clearly, despite a general common agreement on perceived benefits. 

ENISA complements this information with a range of additional recommendations, which aimed to support the prioritisation of potential areas of action for the near future:

  • EU policy makers and European Standards Organisations should promote the development of European content and input to privacy and cybersecurity standards;
  • EU policy makers and European Cybersecurity Certification Group members should promote the endorsement and adoption of privacy and information security standards, including conformity assessment standards specific to privacy;
  • EU bodies and competent authorities in the Member States should promote the adoption of a structured approach on the analysis of sector-specific needs with regard to privacy standardisation, especially in information security context and then proceed with the adoption or development of new standards;
  • EU policy makers and relevant EU bodies need to be further involved in the standardisation process, so as to define, endorse or affirm potential standardisation goals in the areas of privacy and information security;
  • Competent bodies at EU and Member State level should further promote their research and standardisation activities to support the meaningful implementation of the ‘Privacy by Design’ principle.

For full report: Guidance and gaps analysis for European standardisation

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Security and privacy considerations in autonomous agents

Thu, 03/14/2019 - 17:33

© Copyright: Shutterstock

Autonomous agents range from smartphones applications to autonomous robots supporting the supply chain in product development, for example; a key aspect in this regard is the data collected, mainly to support functionalities in a qualitative and timely manner.

Depending on the level of autonomy and context of operations, security and privacy considerations may vary. This ENISA study outlines AI technology used in autonomous agents in various application domains. It discusses the main security and privacy considerations and delivers a set of recommendations for relevant stakeholders and policy makers.

This study highlights relevant considerations, such as unauthorized autonomous systems, hijacking and misuse transparency and accountability, pervasiveness, retention and opacity of processing. 

This study concludes with a set of recommendations, aimed at further influencing future EU policy initiatives, such as to:

  • Further promote and support the adoption of security and ‘privacy by design’ principles as a pre-requisite during the inception, design and implementation of autonomous agents and systems;
  • Develop a collaborative approach on the identification and the exchange of best practices. Gradually such initiatives should put forward sets of baseline security requirements;
  • Endorse and support existing initiatives on the promotion and protection of human rights, through the establishment of appropriate ethical conditions related to autonomous agents; 
  • Establish a relevant framework for policy development, emerging technologies and new application areas.

For full report: Towards a framework for policy development in cybersecurity - Security and privacy considerations in autonomous agents

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Pages