ENISA publishes its Annual Report for 2014
July 2015 by Marc Jacob
ENISA releases its Annual Activity Report for 2014. The report provides an insight into ENISA’s operations and key programmes in the service of the EU’s cyber security.
Throughout this past year, the Agency has built on its renewed regulatory framework actively supporting:
• EU policy building and implementation of EU legislation: ENISA’s work in the context of Article 13a with National Telecom Regulators and European Electronic Communications Service Providers has provided deep insights on root causes of major incidents and best practices. All Member States use ENISA’s technical guidelines in their annual reporting. On standardisation ENISA contributes at the CEN CENELEC ETSI Cyber Security Coordination Group (CSCG) for the development of the CSCG white paper. On Network and Information Security (NIS) the Agency has become a point of reference for European Trust Service Providers (TSPs) on eIDAS security requirements, and the data protection legislation with the reference document on privacy by design. The Agency also supports the EU’s cloud computing strategy and partnership through its work on governmental clouds, and developing best practice in the public and private sector and in particular for SMEs.
• Capacity building of EU Member States within the public and private sector, and raising the level of awareness among EU citizens. The ECSM (European Cyber Security Month) is a known example which takes place across 30 countries; with more than 184 activities and over 2000 twitter followers last year.
Flagship programmes and achievements in 2014 include:
• The threat landscape report, which consolidates and analyses the top cyber threats and their evolution, referencing over 400 sources on threats, to help navigate through the cyber landscape. The report has received around 25000 downloads and is widely referenced. In parallel, two thematic landscapes have been developed by the Agency on Internet Infrastructures and Smart Home Environments.
• The Cyber Exercises, define and test operational procedures (EU-SOPs) for all cybersecurity authorities in the EU, for handling cyber events. A new incarnation of "Cyber Europe 2014" took place in 2014, where 1556 players representing 483 public and private sector organisations from 29 EU and EFTA Member States, tested collaboration during large scale cyber incidents.
• CERTs - the EU’s Computer Emergency Response Teams – which assist public and private sector organizations, to provide a response to incidents and threats across an EU wide network through the exchange of experience and expertise while developing ‘baseline capabilities’. ENISA has developed, together with the CERT community, the training program for advanced skills for IT Security experts which is publically available on the ENISA website.
Commissioner Günther H. Oettinger said: “2014 has been another very successful year for ENISA. It has been a year in which the Agency has further strengthened relations and outreach with stakeholders, both in the public and private domain. ENISA is providing solutions and expertise, and assistance for significant improvements to the state of cyber security throughout the EU. It is important to ensure a high common level of network and information security in the in the EU. ENISA’s role is decisive in this effort to establish a common approach and understanding in the community, to develop cyber security capabilities in the Member States, and to promote a truly EU digital single market for the benefit of citizens, governments and industry”.
ENISA’s Executive Director Udo Helmbrecht stated: “Emerging trends in cyber security in this past year marked the different aspects to cyber security and cyber-attacks. We face a new type of asymmetric warfare with a new paradigm and no taxonomy. Furthermore, the development of digital solutions, result to a more data driven approach, increasing vulnerability to cyberattacks. Applications of new technologies also highlight unchartered territories and whether society can tolerate the consequences resulting from their use. ENISA will continue to deliver its programme to reinforce and promote trust and security in digital services in the EU”.
In 2014 ENISA produced 37 reports in a variety of areas ranging from national level subjects such as the protection of critical infrastructure, to subjects affecting the individual citizen level such as privacy and data protection. ENISA’s 2014 reports are available online here