|
|
Strategic
Objective |
Context |
What we want to achieve? |
|
SO1 |
Empowered and engaged
communities across the cybersecurity ecosystem |
Cybersecurity is a shared
responsibility. Europe strives for a cross sectoral, all-inclusive
cooperation framework. ENISA plays a key role in stimulating active
cooperation between the cybersecurity stakeholders in Member States and the
EU institutions and agencies. It strives to ensure complementarity of common
efforts, by adding value to the stakeholders, exploring synergies and
effectively using limited cybersecurity expertise and resources. Communities
should be empowered to scale up the cybersecurity model. |
l
An EU-wide, state
of the art body of knowledge on cybersecurity concepts and practices, that
builds cooperation amongst key actors in cybersecurity, promotes lessons
learned, EU expertise and creates new synergies. l
An empowered cyber
ecosystem encompassing Member States authorities, EU institutions, agencies
and bodies, associations, research centres and
universities, industry, private actors and citizens, who all play their role
in making Europe cyber secure; |
|
SO2 |
Cybersecurity as an
integral part of EU polices |
Cybersecurity is the
cornerstone of digital transformation and the need for it permeates all sectors,
therefore it needs to be considered across a broad range of policy fields and
initiatives. Cybersecurity must not be restricted to a specialist community
of technical cyber experts. Cybersecurity must therefore be embedded across
all domains of EU policy. Avoiding fragmentation and the need for a coherent
approach while taking into account the specificities of each sector is
essential. |
l
Proactive advice
and support to all relevant EU-level actors bringing in the cybersecurity
dimension in policy development lifecycle through viable and targeted
technical guidelines; l
Cybersecurity risk
management frameworks that are in place across all sectors and followed
throughout the cybersecurity policy lifecycle. |
|
SO3 |
Effective cooperation
amongst operational actors within the Union in case of massive cyber
incidents |
The benefits of the European
digital economy and society can only be fully attained under the premise of
cybersecurity. Cyber-attacks know no borders. All layers of society can be
impacted and the Union needs to be ready to respond to massive (large scale
and cross-border) cyber-attacks and cyber crisis. Cross-border
interdependencies have highlighted the need for effective cooperation between
Member States and the EU institutions for faster response and proper
coordination of efforts at all levels (strategic, operational, technical and
communications). |
l
Continuous
cross-border and cross layer support to cooperation between Member States as
well as with EU institutions. In particular in view of potential large scale incidents and crises, support the scaling up
of technical operational, political and strategic cooperation amongst key
operational actors to enable timely response, information sharing,
situational awareness and crises communication across the Union; l
Comprehensive and
rapid technical handling upon request of the Member States to facilitate
technical and operational needs in incident and crises management. |
|
SO4 |
Cutting-edge
competences and capabilities in cybersecurity across the Union |
The frequency and
sophistication of cyberattacks is rising speedily, while at the same time the
use of ICT infrastructures and technologies by individuals, organisations, and industries is increasing rapidly. The
needs for cybersecurity knowledge and competences exceeds the supply. The EU
has to invest in building competences and talents in cybersecurity at all
levels, from the non-expert to the highly skilled professional. The
investments should focus not only on increasing the cybersecurity skillset in
the Member States but also on making sure that the different operational
communities possess the appropriate capacity to deal with the cyber threat
landscape. |
l
Aligned
cybersecurity competencies, professional experience and education structures
to meet the constantly increasing needs for cybersecurity knowledge and
competences in the EU; l
An Elevated
base-level of cybersecurity awareness and competences across the EU while
mainstreaming cyber into new disciplines; l
Well prepared and
tested capabilities with the appropriate capacity to deal with the evolving
threat environment across the EU. |
|
SO5 |
A high level of trust
in secure digital solutions |
Digital products and services
bring benefits as well as risks, and these risks must be identified and
mitigated. In the process of evaluating security of digital solutions and
ensuring their trustworthiness, it is essential to adopt a common approach,
with the goal to strike a balance between societal, market, economic and
cybersecurity needs. A neutral entity acting in a transparent manner will
increase customer trust on digital solutions and the wider digital
environment. |
l
Cyber secure
digital environment across the EU, where citizens can trust ICT products,
services and processes through the deployment of certification schemes in key
technological areas; |
|
SO6 |
Foresight on emerging
and future cybersecurity challenges |
Numerous new technologies,
still in their infancy or close to mainstream adoption, would benefit from
the use of foresight methods. Through a structured process enabling dialogue
among stakeholders, decision- and policy-makers
would be able to define early mitigation strategies that improve the EU
resilience to cybersecurity threats and find solutions to address emerging
challenges. |
l
Understanding
emerging trends and patterns using foresight and future scenarios that
contribute to mitigating our stakeholder’s cyber challenges; l
Early assessment of
challenges and risks from the adoption of and adaptation to the emerging
future options, while collaborating with stakeholders on appropriate
mitigation strategies. |
|
SO7 |
Efficient and
effective cybersecurity information and knowledge management for Europe |
The energy that fuels the mill
of cybersecurity is information and knowledge. For cybersecurity
professionals to be efficient at tackling our objectives, to work in a
constantly moving environment – in terms of digital developments as well as
with regard to actors – to face the challenges of our time, we need a
continuous process of collecting, organising, summarising, analysing,
communicating, and maintaining cybersecurity information and knowledge. All
phases are essential to ensure that information and knowledge is shared and
expanded within the EU cybersecurity ecosystem. |
l
Shared information
and knowledge management for the EU cybersecurity ecosystem in an accessible,
customised, timely and applicable form, with appropriate methodology,
infrastructures and tools, coupled and quality assurance methods to achieve
continuous improvement of services. |