Cybersecurity built on trust – ENISA supports Member States in establishing PPPs and ISACs

Back to News

Today ENISA publishes two reports: Cooperative models for Public Private Partnerships (PPPs) and Cooperative models for Information Sharing and Analysis Centres (ISACs).

A common objective of every European national cyber security strategy is collaboration to enhance cyber security across all levels, from threat information sharing to awareness raising. Collaboration is often achieved through two formal structures: Information Sharing and Analysis Centres (ISACs) and Public Private Partnerships (PPPs).

Since many critical infrastructures are under private jurisdiction, cooperation between public and private sectors is essential to achieve an adequate level of cybersecurity. Moreover, European legislations like the NIS Directive and the newly announced Cybersecurity Act encourage the creation of sectoral ISACs and PPPs within the EU.

ENISA collected information on best practices and common approaches that resulted in two studies, namely Cooperative Models for Public Private Partnership and Information Sharing and Analysis Centres.

Both reports are addressed at policy and lawmakers, national cybersecurity authorities, the CSIRT community, the general public and private organizations with an interest in network and information security.

Prof. Udo Helmbrecht, Executive Director of ENISA, said: “Cybersecurity is a shared responsibility and ENISA, together with the community, is continually working towards making collaboration as well as information and knowledge sharing stronger. The multi-faceted efforts of ENISA across the cybersecurity spectrum continues to support and promote a safer Europe with better cybersecurity.”

PPPs are long-term agreements and collaborations between representatives of public and private sectors. The study on PPPs identifies four PPP models existing within the EU Member States: Institutional PPPs, goal-oriented PPPs, service outsourcing PPPs and hybrid PPPs.

ISACs are trusted entities, whose purpose is to foster sharing of information and good practices about physical and cyber threats, as well as mitigation. In the study on ISACs, the most common approaches are categorized into three different models: country focused, sector specific and international structures.

The main finding of both studies is that trust is the most essential factor in establishing and maintaining cooperation between private and public sectors.

Both reports provide some specific recommendations:

For PPPs:

  • Legal basis is essential when creating a PPP
  • Investment on private-private and public-public collaboration is also critical for PPPs
  • Open communication and a pragmatic approach are vital for setting up a PPP
  • Small and medium Enterprises (SMEs) should also participate in PPPs

For ISACs:

  • Creating a structure which motivates the private sector is essential for an ISAC
  • Establishing a facilitator to involve all participants is also crucial for ISACs
  • The production of valuable results is key to the success of an ISAC
  • Cross sector collaboration is also very important for the effectiveness of ISACs

Public and private sector stakeholders validated the two studies during the fifth ENISA-NCSS workshop, which was co-organised in October 2017 with NCSC in The Hague, the Netherlands.

For full reports: