The new EU Cybersecurity Strategy will bring tasks and responsibilities for ENISA to help Europe become a resilient, technological sovereign leader in cyberspace.
The European Union Agency for Cybersecurity (ENISA) welcomes the Joint Communication on the EU’s new Cybersecurity Strategy. The Agency is ready to utilise fully its mandate and tasks to act in the areas outlined. The package proposes amongst many things, the review of the Network and Information Services (NIS) Directive, a new Critical Entities Resilience (CER) Directive, a network of Security Operations Centres (SOCs) and new measures to strengthen the EU Cyber Diplomacy Toolbox. The package also includes a report on the impact of the Commission Recommendation on the Cybersecurity of 5G networks, which ENISA supported together with EU Member States.
Executive Director of the EU Agency for Cybersecurity Juhan Lepassaar said: “The security of cyberspace has been tested globally in recent times therefore the new cybersecurity strategy is very timely. The proposed framework addresses new sectors and puts in motion recommendations that have also been advocated by the Agency and we look forward to contributing to making this new vision a reality.”
Reviewing the legislative framework: NIS2
The COVID-19 pandemic has more than confirmed the importance of preparing Europe for the digital decade as well as the need to continuously improve cyber resilience particularly for those who operate essential services such as healthcare, energy but also those who provide online marketplace services. The proposed expansion of scope under the NIS Directive (NIS2), in which more entities are obliged to take measures would assist in increasing the level of cybersecurity in Europe.
A recent ENISA study on NIS Investments showed that for organisations implementing the NIS Directive “Unclear expectations” (35%) and “Limited support from the national authority” (22%) were among the challenges faced.
The proposed review of the NIS Directive addresses these areas, aiming to provide more clarity towards what is expected from the national authorities, computer security incident response team (CSIRTs) and essential and important entities in terms of reporting, crisis management framework and information sharing.
The EU Cybersecurity Strategy sets goals, which will impact the Agency’s work both directly and indirectly. We see a number of new elements including the domain name dystem resolution and diversification strategy (DNS4EU) as well as the building of a network of SOCs.
Further Information
Contacts
For questions related to the press and interviews, please contact press (at) enisa.europa.eu