ENISA welcomes the agreement of EU Institutions on the first EU wide cybersecurity Directive and Agency’s extended role

Report this content

Following extensive negotiations the EU institutions have reached an agreement, which will support Member States in achieving a high level of network & information security that is coherent across the EU and which will pave the way for more collaboration among them.

The Directive foresees significant new tasks for ENISA, strengthening its role. ENISA considers this agreement as an important step forward for securing ICT infrastructure across the EU. 

ENISA welcomes the agreement on the upcoming NIS Directive, which is a significant step towards further improvements in NIS across the EU. The NIS Directive foresees a number of concrete measures to make this happen, the most fundamental of which are two co-operation mechanisms among Member States, namely the network of Computer Security Incident Response Teams (CSIRT Network), to be coordinated by ENISA, and the “Cooperation group”, consisting of members of national competent authorities, the EU Commission and ENISA. Member States also have to appoint a competent national authority dealing with NIS matters.

Other important measures include the requirement to produce a national cybersecurity strategy and the obligation for companies working in critical sectors such as energy, transport, finance and others to inform national authorities about incidents of significant impact.

The Executive Director of ENISA, Udo Helmbrecht, commented on this agreement: Ensuring the availability, integrity and confidentiality of critical and digital infrastructures is a challenging task for public and private stakeholders. ENISA welcomes the new tasks associated with the implementation of the NIS Directive and will continue to assist the EU Member States and the private sector in improving cybersecurity capabilities and cooperation towards the implementation of the NIS Directive and in line with the objectives of the DSM.”


Background

The Network and Information Services (NIS) Directive was the main legislative proposal under the 2013 EU Cybersecurity Strategy. EU’s cyber security strategy is a policy document published by the European Commission (EC), explaining a number of steps the EC will undertake, in cooperation with the Member States, public and private stakeholders and other relevant actors, in the area of cyber security.Parliament is expected to approve the agreed text on December 17 and Council the following day. EU countries will then have 21 months in which to transpose the directive into national law.

CSIRT network: Since 2005 ENISA is already operating a network of national and governmental CSIRTs that is used to establish trust and enable information sharing.

ENISA assists EU public and private cybersecurity experts in preventing and reacting to future crises. In particular, ENISA organises regular crisis exercises with hundreds of participants to train experts, foster cooperation amongst them and provide guidance on best practices. The Agency also provides expert trainings on crisis management, crisis planning or exercise development, conducted several studies and organised international conferences on the topic of cyber crisis cooperation. ENISA’s Cyber Security Training material was introduced in 2008, and was complemented ever since. The material contains essential material for success in the CSIRT community and in the field of operational security.

Exercises: Since 2010 ENISA organises the bi-yearly pan-European cyber exercise Cyber Europe; the next major event will happen in 2016.

Article 13a, ICS-SCADA, NCSS: ENISA’s assisted national competent authorities to implement a harmonised approach to incident reporting for Telecoms (known as article 13a of the Telecom Package) and Trust Service Providers (article 19 of eIDAS). The Agency also assists EU Member States to develop National Cyber Security Strategies. ENISA has also developed good practices for several critical sectors and services (e.g. smart grids, ICS-SCADA, cloud, eHealth, IoT).

For more on the subject and press enquiries please contact press@enisa.europa.euTel+30 2814 409576

Tags:

Documents & Links