Publications

Featured publications

NIS2 Technical Implementation Guidance

This report provides technical guidance to support the implementation of the NIS2 Directive for several types of entities in the NIS2 digital infrastructure, ICT service management and digital providers sectors. The…

ENISA NIS360 2024

The NIS360 is a new ENISA product that assesses the maturity and criticality of sectors of high criticality under the NIS2 Directive, providing both a comparative overview and a more in-depth analysis of each sector. The NIS360 is designed to…

2024 Report on the State of the Cybersecurity in the Union

This document marks the first report on the state of cybersecurity in the Union, adopted by ENISA in cooperation with the NIS Cooperation Group and the European Commission, in accordance with Article 18 of the Directive (EU) 2022/2555 (…

All publications

Publish Date

Telecom Security During a Pandemic

The COVID-19 pandemic not only highlighted the importance of electronic communication networks and services for the EU’s society and economy, but it also triggered major changes and challenges in their use in the EU and worldwide. In this paper, we…

Cybersecurity Stocktaking in the CAM

In this document, the CAM ecosystem and insights involving stakeholder interactions, critical services and infrastructures, standards, as well as security measures are described. The insights gained from the survey, interviews, and desk research…

Railway Cybersecurity

This ENISA study regards the level of implementation of cybersecurity measures in the railway sector, within the context of the enforcement of the NIS Directive in each European Member State. It presents a thorough list of essential railway…

Power Sector Dependency on Time Service: attacks against time sensitive services

This publication describes the threats against energy providers’ services which depend on the availability of precise timing and communication networks. It provides a typical architecture which supports the time measurement service. Then it…

Encrypted Traffic Analysis

This report explores the current state of affairs in Encrypted Traffic Analysis and in particular discusses research and methods in 6 key use cases; viz. application identification, network analytics, user information identification, detection of…

Procurement Guidelines for Cybersecurity in Hospitals

As cybersecurity becomes more of a priority for hospitals, it is essential that it is integrated holistically in the different processes, components and stages influencing the healthcare ICT ecosystem. Procurement is a key process shaping the ICT…

European Cybersecurity Month 2019 - Deployment Report

This report provides an overview of the activities organised for the European Cybersecurity Month 2019 and presents a synthesis of findings based on evaluation and performance information gathered via two questionnaires and media monitoring data.…

Port Cybersecurity - Good practices for cybersecurity in the maritime sector

Developed in collaboration with several EU ports, this report intends to provide a useful foundation on which CIOs and CISOs of entities involved in the port ecosystem, especially port authorities and terminal operators, can build their…

ENISA good practices for security of Smart Cars

This report defines good practices for security of smart cars, namely connected and (semi-) autonomous vehicles, providing added-value features in order to enhance car users’ experience and improve car safety. Taking stock of all existing…

7 Steps to shore up the Border Gateway Protocol (BGP)

In this paper ENISA highlights the security vulnerabilities of BGP and explains why it is so important to address them. Working closely with experts from industry ENISA derived a shortlist of 7 basic BGP security measures which are industry good…