Image
As one of the core strategic objectives of ENISA, foresight enables to reflect on possible futures and on the strategic preparation in anticipation of plausible scenarios. ENISA developed a foresight methodology applied to identify future cybersecurity threats, to map emerging challenges and to prioritise efforts on new technologies with potential cybersecurity implications.
ENISA remains vigilant and keeps up with the latest information and guidance on cybersecurity developments in emerging areas. Indicative of this targeted focus are the reports and studies on topics related to Artificial Intelligence (AI) ENISA published over the past few years. These include Cyber Insurance - Models and methods and the use of AI (2024), Artificial Intelligence and Cybersecurity Research, Is Secure and Trusted AI Possible? The EU Leads the Way, Mind the Gap in Standardisation of Cybersecurity for Artificial Intelligence, and a series of reports on cybersecurity and privacy in AI among others, all published in 2023.
Artificial Intelligence is a field of computer science meant to facilitate the creation of systems capable of performing tasks normally requiring human intelligence. These tasks can encompass anything in relation decision making, problem solving, learning from data, speech recognition and understanding of natural language. AI technologies which are rapidly evolving, are already deeply integrated into various industries, from healthcare and finance to autonomous vehicles and customer services. While undoubtedly beneficial, AI and its application to automated decision-making, – especially in deployments where safety is critical – could open new avenues for manipulation and attack methods, while also creating new challenges for security and privacy.
The dual role of AI in security must be acknowledged: While AI can be exploited to manipulate expected outcomes, AI techniques can also enhance security operations and help towards mitigating adversarial attacks. However, the use of AI as a tool for cybersecurity, is essential to develop specific measures ensuring the trustworthiness and security of the AI systems or tools themselves.
In this regard, the European Union introduced the European Artificial Intelligence Act (AI Act), which is the first comprehensive regulation on artificial intelligence. Regulation (EU) 2024/1689 entered into force on 1 August 2024 and aims to support the responsible development and application of AI in the EU. By adopting a product safety approach based on risk levels, the regulation lays down a uniform set of requirements and obligations on the use of AI.
ENISA continues to monitor and assess the specific risks associated with emerging technologies through its membership in the NIS Cooperation Group. The latter's work is also to ensure the security of critical infrastructure in Europe. Furthermore, ENISA has established a dedicated ad hoc Working Group on Foresight for Emerging and Future Cybersecurity Challenges to systematically conduct foresight exercises. Last but not least, the Agency continues working on analysing the AI cybersecurity ecosystem and to provide security recommendations for the challenges foreseen.
Post-Quantum Cryptography
Cryptography is a vital part of cybersecurity, with security properties such as confidentiality, integrity, authentication and non-repudiation all strongly dependent on cryptographic mechanisms. The introduction of quantum technology promises to drive significant advancements across multiple industries, as it has a potential to solve problems not yet resolved by current technologies. However, it also presents significant challenges to security infrastructure, particularly in the realm of cryptography.
The rise of quantum computing raises concerns about the integrity and security of current cryptographic solutions, leading to the development of the post-quantum cryptography field. The objective of such developments is to come up with cryptographic solutions designed to be secure against the potential threats posed by quantum computers. While quantum computers have the potential to break many of the cryptographic systems currently in use, post-quantum cryptography aims to provide alternatives solutions which will remain secure even in a world with quantum computing.
ENISA has been working on post-quantum cryptography for several years and delivered reports on the current state-of-the-art and mitigation techniques for relevant challenges. ENISA’s work provides a concise overview of the progress of the standardisation process for post-quantum cryptography schemes and introduced a framework to analyse existing quantum-resistant solutions, classifying them into families and discussing their advantages and shortcomings. Moreover, work on the integration of post-quantum cryptography with existing cryptographic solutions and communication protocols is at the forefront of ENISA’s efforts.
In cooperation with the European Commission, Member States and other EU bodies, ENISA engages with expert groups to address emerging challenges and promote good practices mainly at the advent of post-quantum cryptography.
