Strategic Objective

Context

What we want to achieve?

SO1

Empowered and engaged communities across the cybersecurity ecosystem

Cybersecurity is a shared responsibility. Europe strives for a cross sectoral, all-inclusive cooperation framework. ENISA plays a key role in stimulating active cooperation between the cybersecurity stakeholders in Member States and the EU institutions and agencies. It strives to ensure complementarity of common efforts, by adding value to the stakeholders, exploring synergies and effectively using limited cybersecurity expertise and resources. Communities should be empowered to scale up the cybersecurity model.

l  An EU-wide, state of the art body of knowledge on cybersecurity concepts and practices, that builds cooperation amongst key actors in cybersecurity, promotes lessons learned, EU expertise and creates new synergies.

l  An empowered cyber ecosystem encompassing Member States authorities, EU institutions, agencies and bodies, associations, research centres and universities, industry, private actors and citizens, who all play their role in making Europe cyber secure;

SO2

Cybersecurity as an integral part of EU polices

Cybersecurity is the cornerstone of digital transformation and the need for it permeates all sectors, therefore it needs to be considered across a broad range of policy fields and initiatives. Cybersecurity must not be restricted to a specialist community of technical cyber experts. Cybersecurity must therefore be embedded across all domains of EU policy. Avoiding fragmentation and the need for a coherent approach while taking into account the specificities of each sector is essential.

l  Proactive advice and support to all relevant EU-level actors bringing in the cybersecurity dimension in policy development lifecycle through viable and targeted technical guidelines;

l  Cybersecurity risk management frameworks that are in place across all sectors and followed throughout the cybersecurity policy lifecycle.

SO3

Effective cooperation amongst operational actors within the Union in case of massive cyber incidents

The benefits of the European digital economy and society can only be fully attained under the premise of cybersecurity. Cyber-attacks know no borders. All layers of society can be impacted and the Union needs to be ready to respond to massive (large scale and cross-border) cyber-attacks and cyber crisis. Cross-border interdependencies have highlighted the need for effective cooperation between Member States and the EU institutions for faster response and proper coordination of efforts at all levels (strategic, operational, technical and communications).

l  Continuous cross-border and cross layer support to cooperation between Member States as well as with EU institutions. In particular in view of potential large scale incidents and crises, support the scaling up of technical operational, political and strategic cooperation amongst key operational actors to enable timely response, information sharing, situational awareness and crises communication across the Union;

l  Comprehensive and rapid technical handling upon request of the Member States to facilitate technical and operational needs in incident and crises management.

SO4

Cutting-edge competences and capabilities in cybersecurity across the Union

The frequency and sophistication of cyberattacks is rising speedily, while at the same time the use of ICT infrastructures and technologies by individuals, organisations, and industries is increasing rapidly. The needs for cybersecurity knowledge and competences exceeds the supply. The EU has to invest in building competences and talents in cybersecurity at all levels, from the non-expert to the highly skilled professional. The investments should focus not only on increasing the cybersecurity skillset in the Member States but also on making sure that the different operational communities possess the appropriate capacity to deal with the cyber threat landscape.

l  Aligned cybersecurity competencies, professional experience and education structures to meet the constantly increasing needs for cybersecurity knowledge and competences in the EU;

l  An Elevated base-level of cybersecurity awareness and competences across the EU while mainstreaming cyber into new disciplines;

l  Well prepared and tested capabilities with the appropriate capacity to deal with the evolving threat environment across the EU.

SO5

A high level of trust in secure digital solutions

Digital products and services bring benefits as well as risks, and these risks must be identified and mitigated. In the process of evaluating security of digital solutions and ensuring their trustworthiness, it is essential to adopt a common approach, with the goal to strike a balance between societal, market, economic and cybersecurity needs. A neutral entity acting in a transparent manner will increase customer trust on digital solutions and the wider digital environment.

l  Cyber secure digital environment across the EU, where citizens can trust ICT products, services and processes through the deployment of certification schemes in key technological areas;

SO6

Foresight on emerging and future cybersecurity challenges

Numerous new technologies, still in their infancy or close to mainstream adoption, would benefit from the use of foresight methods. Through a structured process enabling dialogue among stakeholders, decision- and policy-makers would be able to define early mitigation strategies that improve the EU resilience to cybersecurity threats and find solutions to address emerging challenges.

l  Understanding emerging trends and patterns using foresight and future scenarios that contribute to mitigating our stakeholder’s cyber challenges;

l  Early assessment of challenges and risks from the adoption of and adaptation to the emerging future options, while collaborating with stakeholders on appropriate mitigation strategies.

SO7

Efficient and effective cybersecurity information and knowledge management for Europe

The energy that fuels the mill of cybersecurity is information and knowledge. For cybersecurity professionals to be efficient at tackling our objectives, to work in a constantly moving environment – in terms of digital developments as well as with regard to actors – to face the challenges of our time, we need a continuous process of collecting, organising, summarising, analysing, communicating, and maintaining cybersecurity information and knowledge. All phases are essential to ensure that information and knowledge is shared and expanded within the EU cybersecurity ecosystem.

l  Shared information and knowledge management for the EU cybersecurity ecosystem in an accessible, customised, timely and applicable form, with appropriate methodology, infrastructures and tools, coupled and quality assurance methods to achieve continuous improvement of services.