Threat Landscape for Supply Chain Attacks
This report aims at mapping and studying the supply chain attacks that were discovered from January 2020 to early July 2021. Based on the trends and patterns observed, supply chain attacks increased in number and sophistication in the year 2020 and…
Cyber Europe 2016: After Action Report
Cyber Europe 2016 was the fourth pan-European cyber crisis exercise organised by
the European Union Agency for Network and Information Security (ENISA). Over 1 000
participants working mostly in the ICT sector, from public and private organisations…
Ad-hoc & sensor networking for M2M Communications - Threat Landscape and Good Practice Guide
The ad-hoc and sensor networking Threat Landscape and Good Practice Guide complements the Annual Cyber Security ENISA Threat Landscape (ETL). It provides a deep overview of the current state of security in the ad-hoc and sensor networking for M2M…
National Cyber Security Strategies
The paper includes a short analysis of the current status of cyber security strategies within the European Union and elsewhere. It also identifies common themes and differences, and concludes with a series of observations and recommendations.
The…
Security Issues in Cross-border Electronic Authentication
Improving the interoperability of electronic identification and authentication systems is a European task and a task for all Member States. Considerable efforts have been made in several projects to face the challenges of pan-European…
Technology-induced challenges in Privacy & Data Protection in Europe
The ENISA Working Group on Privacy & Technology has been established to analyse the problems posed by these technology trends and the implications for the current EU legal framework. The main task of the Working Group is to propose actions to…
National-level Risk Assessments: An Analysis Report
This report is based on a study and analysis of approaches to national-level risk assessment and threat modelling for cyber security which was conducted between April and October 2013. ENISA aims to provide an evidence-based methodology for…
Good practice guide for CERTs in the area of Industrial Control Systems - Computer Emergency Response Capabilities considerations for ICS
This document builds upon the current practice of CSIRTs with responsibilities for ICS networks, and also on the earlier work of ENISA on a baseline capabilities scheme for national/ governmental (n/g) CSIRTs. The document is an initial attempt to…
Overview of standards related to eIDAS
The scope of this document is to assess the suitability of the recently published ENs to fulfil the eIDAS Regulation requirements, and to describe the differences with the previous TSs, in view of a possible update of the list of standards…
Assessment of ETSI TS 119 403-3 related to eIDAS
This document assesses the eligibility of [ETSI TS 119 403-3], and the standards it builds upon, to be referenced in an implementing act adopted pursuant to Art.20(4) of the eIDAS Regulation. The findings suggest that if certain revisions take place…