The European Union Agency for Network and Information Security (ENISA) came into existence following the adoption of Regulation (EC) No 460/2004 on 10 March 2004.
Within those last 15 years, ENISA has established itself as a centre for cybersecurity expertise in Europe, developing collaborations that are key to the Digital Single Market.
The Agency has successfully collaborated with European bodies and the EU Member States in preparing to respond to cyber challenges and threats.
The past 15 years have been about working together both in policy and on an operational level, thereby creating a safer European cyberspace for everyone.
ENISA strongly advocates that cybersecurity is a shared responsibility that can range from the cyber hygiene practiced by all to the introduction of connected cars.
In the last few years, the European Union made tremendous efforts to improve its preparations against rising cyber threats by developing new regulation (Network Information Security Directive, Cybersecurity Act) and making targeted proposals for cooperation (Cyber Competence Centre & Network, Public-Private Partnership on Cybersecurity, the Information Sharing and Analysis Centres).
ENISA has made a major contribution to these efforts, and the agency’s anniversary is an opportunity to reflect on its successful work.
In creating lighthouse projects such as the Cyber Exercises, the Annual Data Protection Forum and the Cyber Threat Landscape, ENISA hugely drives increasing cybersecurity in Europe.
Despite the success and the achievements to date, this year will be special for ENISA and marks an important milestone.
On the one hand, there will be changes in the ENISA leadership team, as I will leave the agency later this year concluding my tenth year as Executive Director.
I wish my successor the very best in continuing the development of the agency’s role in a time when stakeholders will increasingly look to ENISA for support.
The change of the ENISA Executive Director and the European Institutional leadership indicates that a new era in EU cybersecurity is coming.
In addition to those upcoming changes, ENISA is expected to receive a new permanent mandate and will henceforth be known as ‘the EU Agency for Cybersecurity’.
According to the proposed Cybersecurity Act (CSA), the agency will play a more important role, especially regarding the development and implementation of the cybersecurity policy in the EU.
Moreover, the Cybersecurity Certification Framework will offer a new opportunity to prepare certification schemes.
Thanks to this new mandate and the opportunity to exert more influence, the Agency will grow in 2019. As a result, ENISA is currently hiring experts from a wide range of fields as cybersecurity is not a purely technical challenge but involves far more parameters such as societal and economic challenges.
The Internet of Things (IoT), one of the most discussed and important technologies in the age of an increasingly ongoing digitisation, is a prime example for the aforementioned interconnection of different disciplines.
Nowadays, IoT basically touches upon every aspect of human live.
Therefore, it is essential to find ways to secure the European information society in such a way that the citizens feel safe using their devices as well as services while protecting their data.
To offer the needed trust and security, ENISA continuously develops processes and means of promoting security and was the first to introduce baseline IoT security recommendations.
Earlier this year, the Agency released an online tool for IoT and Smart Infrastructures Security, which helps to identify threats and prioritise certain security areas.
It ensures that companies can stay ahead of new deployments and have practical tools that cover cybersecurity requirements regarding all elements of the IoT ecosystem throughout its lifetime.
While ENISA continues to provide tools and reports that offer concrete technical advice, it is also becoming a thought leader for IoT cybersecurity by, for example, implementing new formats to raise awareness for this topic.
In January 2019, ENISA held its first ‘Transport Cybersecurity’ conference, gathering a wide range of stakeholders from the aviation, maritime, road, rail and other public transportation sectors to discuss the security of our homes, cities and the entire infrastructures, which are becoming smarter and smarter.
ENISA already highlighted the security concerns regarding IoT environments in the ENISA 2018 Cyber Threat Landscape but despite the Agency’s efforts and recommendations, low-end IoT devices and services still often lack some important protection mechanisms.
In the past few years, there have been numerous instances where IoT enabled children’s toys had to be banned from sale as they provided poor security.
This is one example where ENISA’s expertise comes into play.
The agency offers support in analysing and advising where IoT needs to be more secure, and helps to prevent potential future problems instead of trying to solve them in the aftermath.
Therefore, ENISA will continue to raise awareness for challenges surrounding cybersecurity of information technology while also providing practical and economically viable solutions for all stakeholders to lead the EU member states into a safer future.
The next few years should be seen as an opportunity to build on ENISA’s existing achievements and to continue fostering cooperation and increased stakeholder engagement, thereby shaping the future European cybersecurity landscape.