ENISA unveils its New Strategy towards a Trusted and Cyber Secure Europe

The European Union Agency for Cybersecurity (ENISA) is unveiling its new strategy, which outlines the Agency’s strengthened path towards achieving a high common level of cybersecurity across the Union. The strategy was developed to fulfil the Agency’s permanent mandate established last year by the EU Cybersecurity Act (CSA). Under the strategy, the Agency takes on the vision of ‘A Trusted and Cyber Secure Europe’ and enhanced mission: “to achieve a high common level of cybersecurity across the Union in cooperation with the wider community.''

Jean-Baptiste Demaison, Chair of the ENISA Management Board, stated: "The EU Agency for Cybersecurity with its permanent mandate and enhanced role and capabilities will be instrumental in supporting Member States and EU institutions to face the cyber challenges of the future."

Juhan Lepassaar, Executive Director of the European Union Agency for Cybersecurity, said: “Our new strategy acts as a compass, guiding the Agency’s work towards a trusted and cyber secure Europe. It will strengthen our key relationships within the cybersecurity ecosystem and equally it will be a key driver for the Agency to follow new values.”

What are the strategic objectives?

The strategy proposes concrete goals for the Agency in the form of seven strategic objectives that will set the priorities for European Union Agency for Cybersecurity in the coming years. These strategic objectives are as follows:

1 - Empowered and engaged communities across the cybersecurity ecosystem;
2 - Cybersecurity as an integral part of EU polices;
3 - Effective cooperation amongst operational actors within the Union in case of massive cyber incidents;
4 - Cutting-edge competences and capabilities in cybersecurity across the Union;
5 - A high level of trust in secure digital solutions;
6 - Foresight on emerging and future cybersecurity challenges;
7 - Efficient and effective cybersecurity information and knowledge management for Europe.

What we want to achieve?

• An EU-wide, state-of-the-art body of knowledge on cybersecurity concepts and practices that builds cooperation amongst key actors in cybersecurity, promotes lessons learned, EU expertise and creates new synergies;
• An empowered cyber ecosystem encompassing Member States’ authorities, EU institutions, agencies and bodies, associations, research centres and universities, industry, private actors and citizens, who all play their role in making Europe cyber secure;
• Proactive advice and support to all relevant EU-level actors bringing in the cybersecurity dimension in the policy development lifecycle through viable and targeted technical guidelines;
• Cybersecurity risk management frameworks that are in place across all sectors and followed throughout the cybersecurity policy lifecycle;
• Continuous cross-border and cross-layer support to cooperation between Member States, as well as with EU institutions. In particular, in view of potential large scale incidents and crises, support the scaling up of technical operational, political and strategic cooperation amongst key operational actors to enable timely response, information sharing, situational awareness and crises communication across the Union;
• Comprehensive and rapid technical handling upon request of the Member States to facilitate technical and operational needs in incident and crises management;
• Aligned cybersecurity competencies, professional experience and education structures to meet the constantly increasing needs for cybersecurity knowledge and competences in the EU;
• An elevated base-level of cybersecurity awareness and competences across the EU while mainstreaming cyber into new disciplines;
• Well prepared and tested capabilities with the appropriate capacity to deal with the evolving threat environment across the EU;
• Cyber secure digital environment across the EU, where citizens can trust ICT products, services and processes through the deployment of certification schemes in key technological areas;
• Understanding emerging trends and patterns using foresight and future scenarios that contribute to mitigating the cyber challenges of the Agency’s stakeholders;
• Early assessment of challenges and risks from the adoption of and adaptation to the emerging future options, while collaborating with stakeholders on appropriate mitigation strategies;
• Shared information and knowledge management for the EU cybersecurity ecosystem in an accessible, customised, timely and applicable form, with appropriate methodology, infrastructures and tools, coupled and quality assurance methods to achieve continuous improvement of services.
  How will ENISA use the strategy?

The strategy’s high-level objectives are directed at shaping a more digitally secure environment for Member States, EU Institutions, Agencies and Bodies, SMEs, academia and all of Europe’s citizens. The European Union Agency for Cybersecurity will use the new strategy to map out its annual work programme to improve security across the Union, and specifically to:

• Better identify and understand the future cybersecurity capabilities needed to maintain competitiveness and preparedness.
• Build on the Agency’s trusted relationships with stakeholders and communities within the cybersecurity ecosystem across Europe.
• Guide ENISA communications within and beyond the Union, to non-EU countries and international organisations.
• Deepen the knowledge and information sharing of ENISA expertise to reach larger audiences and increase awareness of digital security.
• Provide cybersecurity stakeholders a clear understanding of the Agency’s priorities and actions.
• Shape the future outlook of cybersecurity across the Union.

The strategy is both an aggregation of the tasks identified by the Cybersecurity Act and the developed synergies within Articles 5-12 of the CSA.

This publication by the European Union Agency for Cybersecurity outlines the Agency’s strategic objectives to boost cybersecurity, preparedness and trust across the EU under its new strengthened and permanent mandate.