The European Union Agency for Cybersecurity (ENISA) has been supporting the European Union (EU) Member States in developing, implementing and evaluating their cyber security strategies. Since 2012 and as part of this support, ENISA has been developing tools, studies and guidelines to help EU Member States build on their national cyber security strategies. The latest of these developments, launched on 28 November 2019, is a security mapping tool for operators of essential services (OES) and digital service providers (DSPs) in the energy, banking, health and digital infrastructure sectors, helping them comply with their obligations under the Network and Information Systems Directive 2016/1148 (NIS Directive).

Below we take a closer look at the new security mapping tool.Continue Reading ENISA launches security mapping tool

On 7 June 2019, Regulation (EU) 2019/881 on ENISA (the European Union Agency for Network and Information Security) and on information and communications technology cybersecurity certification, also known as the Cybersecurity Act, was given the final go-ahead and published in the Official Journal of the European Union.  The Cybersecurity Act will come into force

The European Union Agency for Network and Information Security (ENISA) recently published its report on ‘Security and privacy considerations in autonomous agents’.

Artificial intelligence (AI) and complex algorithms offer unlimited opportunities for innovation and interaction, but they also bring a number of challenges that should be addressed by future policy frameworks at the EU level – especially in light of the amount of available data.

One of the objectives of the study was to provide relevant insights for both security and privacy for future EU policy-shaping initiatives. We have summarised some of the key security and privacy recommendations from the report below.Continue Reading ENISA tackles AI head on

On 10 December 2018, the European Parliament, the Council of the European Union, and the European Commission reached agreement on the cybersecurity proposal put forward by the Commission.

The aim of the Commission’s proposal is to build strong cybersecurity standards in the EU, allowing the EU to become a global leader in cybersecurity. The proposal will benefit member states, businesses, and consumers by expanding the mandate of the European Union Agency for Network and Information Security (ENISA) to deal with cyberattacks across the EU and establishing an EU-wide certification process for businesses.

Commissioner Mariya Gabriel, who is in charge of Digital Economy and Society, has explained the motivation behind the proposal by stating: “Enhancing Europe’s cybersecurity, and increasing the trust of citizens and businesses in the digital society is a top priority for the European Union.”

Continue Reading Informal agreement reached on EU cybersecurity proposal

To enhance cyber resilience, the EU is building a certification framework for information and communication technology (ICT) products, services and processes. On 8 June 2018, the Council agreed a Proposal (known as the Cybersecurity Act) to prepare for negotiations with the European Parliament to finalise the text.

One of the effects of the Proposal is that it will upgrade the current European Union Agency for Network and Information Security (ENISA) into a more stable EU agency for cybersecurity.

Cybersecurity certification

The Proposal introduces a tool to create a more comprehensive regulatory framework for specific ICT processes, products and services designed to help ensure compliance with specified cybersecurity requirements.

Certificates issued under the scheme will be recognised, legally, across the EU. This will therefore have the dual effect of building trust in users – given the technology certification will mean the technology has received the European-security stamp – and enabling businesses to carry out their business cross-border. The resilience behind the technology in relation to accidental or malicious data loss or alteration will be certified.

This certification scheme addresses the barriers in the EU where Member States have implemented different standards to one another, for example Member States have issued regulations which improve country-specific requirements around security.

The details of this certification scheme and its requirements will, in particular, be important to network and data service operators, including cloud computing service providers.

The certification will be optional unless it is specified as a legal requirement under an EU law or Member State law.Continue Reading EU to create a cybersecurity certification framework

On 27 November 2017, the European Union Agency for Network and Information Security (“ENISA”) published a report on Recommendations on European Data Protection Certification (“Report”). The aim of the Report is to identify and analyse challenges and opportunities of data protection certification mechanisms, as introduced by the General Data Protection Regulation (“GDPR”).

The Report provides an overview of existing data protection certification mechanisms, and looks at the terminology and clarifying concepts that are relevant to GDPR certification, as established in Articles 42 and 43 of the GDPR. The Report also presents research and analysis on various certification schemes, including the ePrivacyseal EU, EuroPrise, CNIL Labels and the ICO Privacy Seal. It further focuses on some of the questions relating to successful take-up of certifications, as well as the role of certification as a transparency and accountability instrument under the GDPR. The Report additionally notes that data protection certification mechanisms under the GDPR are likely to face challenges, given the diversity of existing data protection certifications.

The Report sets out several recommendations that are intended to provide high-level guidance to data protection authorities, certification bodies, and data controllers/processors. The main recommendations include:
Continue Reading ENISA publishes report on recommendations for data protection certification mechanisms under the GDPR

On 5 July, the European Commission (“EC”) published a communication outlining measures to improve resilience to cyber incidents, improve cooperation and information sharing, and promote innovation and competition in the European cybersecurity industry.

 

The communication highlights the EC’s intention to take cooperation, knowledge, and capacity to the next level, particularly through the imminent introduction of

On July 28, the European Union Agency for Network and Information Security (ENISA) published its Annual Activity Report 2014. The report summarises its operations and programs from the previous year, and highlights the areas in which it feels it has contributed the most to Europe’s data protection and cybersecurity environment.

The ENISA prides itself on being a centre of expertise for cybersecurity, and works closely with members of the public and private sector by delivering advice and tailor-made cybersecurity solutions. The ENISA’s activities are divided into three keys areas: (i) recommendations to its stakeholders; (ii) support for policy development and implementation; and (iii) ‘hands on’ work with operational communities. With regard to recommendations, it published 37 reports last year ranging from national issues such as protections of critical infrastructure, to issues affecting individuals such as data protection and privacy.
Continue Reading ENISA, European cybersecurity agency, releases 2014 annual activity report

The EU Agency for Network and Information Security (ENISA) announced in a press release that it has produced a report titled ‘Good Practice Guide for Securely Deploying Governmental Clouds’, which analyses the current state of play regarding governmental Cloud deployment in 23 countries across Europe, categorised on a scale of “Early adoptors”, “Well-Informed”, “Innovators” or

ENISA, the European Union Agency for Network and Information Security, has released a series of reports and guidance tackling the topic of cyber security.

  • ENISA Threat Landscape (ETL) Report 2013
    The report reviews more than 250 incidents of cyber attacks that took place in 2013.  A table in the report analyses fluctuations in the top