European Union Agency for Cybersecurity (ENISA)
ENISA, the European Union Agency for Cybersecurity, directly contributes to EU cybersecurity policy by working to enhance the trustworthiness of information and communication technology (ICT) products, services and processes through its cybersecurity certification schemes, and supporting cooperation with Member States and EU bodies.
ENISA coordinates the overall European cybersecurity approach and works with a wide range of international partners to develop this area further and prepare better for the cybersecurity challenges of the future. The mission of ENISA is to achieve a high common level of cybersecurity throughout the European Union through consistent and continuous collaboration with the wider community.
ENISA deals with a wide range of technological topics related to cybersecurity, such as cloud computing, Internet of Things (IoT), technological and network infrastructure availability, Big Data and security of databases, and CSIRT Services (alerts and warnings, incident and vulnerability handling, tools development, knowledge-sharing, and community-driven projects). It is responsible for the development of a European cybersecurity certification programme and is behind key policy documents the EU Cybersecurity Act and the NIS2 (Network and Information Security) Directive.
NIS2 enhances cybersecurity across the EU by establishing a cyber crisis management structure (CyCLONe), harmonizing security requirements and reporting obligations, and encouraging Member States to address new areas such as supply chain security, vulnerability management, core internet services, and cyber hygiene in their national cybersecurity strategies. Additionally, NIS2 introduces peer reviews to improve collaboration and knowledge sharing among Member States and expands coverage to more sectors, thereby requiring more entities to implement cybersecurity measures.The Nis which aims to achieve a high common level of cybersecurity across the Union by improving the cybersecurity capabilities of member states and enhancing cooperation among them. The NIS Directive sets out security and incident reporting requirements for operators of essential services and digital service providers, ensuring that critical infrastructure and key digital services are better protected from cyber threats
In addition, ENISA undertakes a wide range of short and long term actions:
- enhancing and strengthening cybersecurity skills across all levels, from people with little technological background to digital professionals and experts in various fields;
- providing quality cybersecurity education, targeting ICT professionals, companies and SMEs. ENISA also supports and works together with businesses to develop trainings tailored to operational and organisational needs.
- ensuring the safe and secure development of IoT and Smart Infrastructures, with their increased connectivity and dependence on safe and secure cyber networks.
- provision of threat landscape analysis and risk management and foresight of potential cyber threats.
In particular, ENISA continues to raise citizens’ awareness of cybersecurity and potential cyber threats (phishing attacks, botnets, financial and banking frauds, data fraud) by providing guidance on good practices to promote safer online behaviour (such as cyber-hygiene and cyber-literacy). Furthermore, aligning its actions with the European Digital Education Action Plan, ENISA is promoting and analysing cybersecurity education, in order to tackle the cybersecurity professional shortfall.