New Regulation for EU cybersecurity agency ENISA, with new duties
June 2013 by ENISA
European Union (EU) cybersecurity agency, ENISA has today (18 June) received a new Regulation, granting it a seven year mandate with an expanded set of duties. The Regulation is published in today’s Official Journal of the European Union [http://eur-lex.europa.eu/LexUriServ...], and comes into force tomorrow [19 June 2013].[i]
ENISA’s Executive Director, Professor Udo Helmbrecht, said:
“The new Regulation is great news for ENISA and for cybersecurity in Europe. It means that ENISA now has the scope and authority to make an even bigger difference in protecting Europe’s cyberspace. We will be working more closely with Member States and putting an increased focus on cybercrime, working with Europol.
“To reach this very positive conclusion, we have had a great deal of support, from Member States, European Parliamentarians, the European Council, the Commission and individual Commissioners. In particular, the support of MEPs Giles Chichester and Christian Ehler, and Commission Vice-President, Neelie Kroes was essential. Our ENISA staff, Management Board, Permanent Stakeholders Group and National Liaison Officers have also supported us throughout the process. I thank them all. We are now working to secure the resources we need to deliver on the important security tasks that Europe’s citizens have entrusted to us.”
The new Regulation enshrines ENISA’s achievements in areas such as Computer Emergency Response Teams (CERTs) in Member States, and its world-class cybersecurity exercises, such as Cyber Europe 2012, with 600 participants from across Europe.
Other key points of the new Regulation include:
Providing ENISA with a strong interface with the fight against cybercrime - focusing on prevention and detection - with Europol’s European Cybercrime Centre (EC3)
ENISA supporting the development of EU cybersecurity policy and legislation The Agency supporting research, development and standardisation, with EU standards for risk management and the security of electronic products, networks and services
ENISA supporting the prevention and detection of, and response to cross-border cyber-threats
Aligning ENISA more closely to the EU Regulatory process, providing EU countries and Institutions with assistance and advice The Regulation also confirms that the Agency’s seat (its headquarters), will remain in Heraklion, on Crete, with an operational office in Athens.
The EU’s Cybersecurity Strategy, and Directive, published in February, also foresee a key role for ENISA in protecting Europe’s cyberspace.
[i] The ENISA Regulation was approved by the Council of the European Union on 14th May 2013, following it being passed by the European Parliament on 15th April, with an overwhelming majority: 626 votes in favour, of the 687 votes cast, with 45 against and 16 abstentions. The Regulation was signed by the European Parliament and Council of the European Union on 21st May 2013.
ENISA was established in 2004, under Regulation (EC) No 460/2004, with a five year mandate. This mandate was subsequently extended, in 2008 and 2011, to allow time for the new Regulation to be developed.
To see the new ENISA Regulation in full, go to:
European Parliament press statement on 15th April ENISA Regulation vote:
European Commission press statement on 15th April ENISA Regulation vote:
Background on EU Cybersecurity Strategy: