What is ENISA’s strategy to achieve a common level of cybersecurity in the EU?
The EU Agency for Cybersecurity (ENISA)’s strategy is shaped around the evolution of the cybersecurity threat landscape and priorities defined by its Management Board. Current international geopolitics do call for a timely implementation of the EU legislation in the area of cybersecurity. To meet this objective, ENISA issues recommendations and guidance such as the six policy recommendations in the State of the cybersecurity in the Union, a report that details the cybersecurity maturity across Member States (MS). ENISA engages with all MS and public and private stakeholders whose role is key in making Europe more cyber resilient and best prepared to help prevent or mitigate cyber threats in the EU.
What are the main challenges in seeking to achieve this goal?
The changing nature of the threat landscape requires a lot of flexibility in our approach. Technical innovations, geopolitics feed into the complexity of the cybersecurity challenges we are faced with and we therefore need to permanently reassess our response to. Logically, this affects the diversity and scope of the legal framework as well as the range of expertise and capacities in the Member States, and of resources available.
What are the most substantial projects ENISA is currently working on?
Key projects of ENISA include:
- Support to Member States with the implementation of the NIS2 Directive, the main EU-wide cybersecurity law to ensure Member States build up cyber resilience of the EU critical infrastructures, such as energy, transport, health, telecom and finance.
- Management of the EU Cybersecurity Reserve that support Member States with incident response services from trusted managed security providers.
- Maintenance of the EU Vulnerability Database and the development of a Single Reporting Platform for incidents and vulnerabilities.
- Developing common and effective situational awareness through cooperative mechanisms to integrate cross-layer and cross-border information exchange between all operational actors in the EU.
- Implementation of the Cyber Resilience Act providing for manufacturers to apply cybersecurity requirements for products with digital elements in order to access the EU market.
How can EU citizens understand digital risks and remain safe online?
EU citizens can take simple steps to protect devices from cyber threats and personal information when navigating the digital world. Following basic guidelines can significantly reduce risks while keeping personal data and online activities safe such as performing regular software updates and enabling Multi-Factor Authentication (MFA).
Alternatively, citizens can turn to their national authorities on cybersecurity for guidance in their native language.
What can they do to keep abreast of developments in cybersecurity in Europe?
Follow and engage with the activities of the European Cybersecurity Month (ECSM)!
The ECSM promotes cybersecurity among EU citizens and organisations. EU Member States as well as public and private organisations across Europe are all actors of the campaign which aim to reach as many citizens of all age groups. ENISA supports Member States in this initiative, in order to raise cybersecurity awareness across Europe.
