ENISA: 15 years of building cybersecurity bridges together
On 19 March 2019, the EU Agency for Cybersecurity ENISA organised an event in Brussels to celebrate its 15-year anniversary.
Published on March 20, 2019
Prof. Dr. Udo Helmbrecht, Executive Director of the Agency, and distinguished guests representing the European Parliament, the European Commission, and the EU Member States delivered speeches, including a keynote speech from honorary guest, European Commissioner for Digital Economy and Society, Mariya Gabriel.
Commissioner Gabriel said: “The security of citizens has always been one of the biggest priorities for the European Union. Since it was set up in 2004, ENISA has steadily worked to help reinforce the cybersecurity across the Union. Today, 15 years later, it is established as a strong and credible player in the European cybersecurity eco-system. And now a new chapter is starting, with the Cybersecurity Act giving ENISA a permanent mandate and new important tasks for the Digital Single Market, such as its future role in the European cybersecurity certification framework.”
Executive Director Helmbrecht: ”We are celebrating 15 years since ENISA has started working for the Member States, raising the level of cybersecurity in the European Union. During the last 10 years we have been working closely with all our stakeholders in order to transition ENISA from a ‘centre of excellence’ into the EU Cybersecurity Agency – an Agency which has significant new responsibilities and which is well positioned to support the Member States, private sector and other key stakeholders throughout the next decade. A key success factor in achieving this has been ENISA’s operating model of leveraging expertise in the Member States as a core part of all of its activities. This approach brings both scalability and a sense of ownership from the community and will continue to be the preferred way of working for the future. On a personal note, this is my last year as Executive Director of the Agency, which I joined 10 years ago. I would like to thank all of the ENISA colleagues who have contributed to this wonderful journey, as well as to all of our stakeholders.”
The eminent speakers and guests discussed some of the most important topics on the current European cybersecurity agenda, for instance, the upcoming cyber-challenges and the role ENISA could play in tackling these. The main topics covered were the development of the Network and Information Security Directive and the recent adoption by the European Parliament of the Cybersecurity Act. The participants tackled the joint responsibility of government agencies, industry, and academia to address future cyber-challenges and discussed which cooperation models need to be explored.
The speakers also discussed certification, explaining how the EU Cybersecurity Certification Framework would serve as the key differentiator in Europe when compared to global players and how the EU cybersecurity certification schemes can be recognised on a global scale. Another topic explored was the area of the CSIRTs Network and the ‘Blueprint’, which will enable the EU Member States to better protect EU citizens, operators of essential services and critical infrastructures from cyber-attacks.
The key messages from the conference are:
The conference was opened by ENISA Executive Director, Udo Helmbrecht who set the scene stating that Europe has the chance to lead and that on the political level there is a commitment to cybersecurity. The new European cybersecurity certification scheme will become an important opportunity for the European market.
As the anniversary is an occasion to reflect on the future and the new permanent mandate of the Agency, Jean-Baptiste Demaison, the chair of the ENISA management board shared some of ENISA’s success stories. He stated that we need to scale up in the future as digitisation will change society, this could be done through technical excellence and through the added value that ENISA brings to Member States.
Moderating The ‘Future Challenges’ panel, Steve Purser, Head of Core Operations at ENISA outlined three main challenges in cybersecurity; societal, economic and technological. The panellists reflected on the upcoming threats from their various perspectives. Wim Mijs from the European Banking Federation reflected on the importance of trust in the banking sector and hence the reliance on security. MEP Angelika Niebler, rapporteur of the European Cybersecurity Act called for a European approach to 5G technology. Khalil Rouhana, Deputy Director General of DG CONNECT stated that the growth of ENISA was inevitable and that resources should be put in place for the Agency. Thomas Rosteck, Division President of Infineon Technologies noted that from the private sector’s view, they see that the GDPR had an effect on non European companies and the GDPR according to him is one of the influences Europe can have on devices not made in Europe .
Moderator Reinhard Posch, steered the discussion around awareness raising of certification. The certification panellists explored the opportunities of the new regulation, looking at possibilities and changes from a number of different views; the consumer, industry as well as the EU Member States. Representing BEUC, the European Consumer Organisation representative, Ursula Pachl urged that security by design should be an obligatory principle for consumer devices. Guillaume Poupard, Director General of ANSSI stated that “The European cybersecurity framework is a cornerstone to keep on building the European strategic autonomy, strengthening our common resiliency and securing the Digital Single Market. We must collectively use certification as a tool to enhance competitiveness and protect our citizens and industries. To that end, ENISA, 'the EU Agency for Cybersecurity', reinforced by its new mandate, will play a strategic role to coordinate all the relevant expertise when setting up a certification scheme.”
Gerhard Schabhueser, Vice-President of the German Federal Office for Information Security explained that the Cybersecurity Act is a positive, additional instrument which enables the European market to be more transparent regarding cybersecurity certification and standardisation.
Commissioner for Digital Economy and Society, Mariya Gabriel congratulated ENISA for its 15th anniversary, recognising the hard work that ENISA has done throught the years and she looks forward to the future growth of the Agency. Her concluding remark is that “we are creating a new cybersecurity market place and the world is watching us.”
The final panel ‘From Exercise to Blueprint’ was moderated by Heli Tiirmaa-Klaar, the Estonian Ambassador at Large for Cyber Diplomacy who shared the three layers of cyber crisis. In terms of exercises and the blueprint, the panellists discussed the importance of cooperating. Saad Kadhi, the head of CERT-EU, a key player in the European Union’s cybersecurity ecosystem shared their operational expertise in order to foster additional cooperation across the community. Pawel Busiakiewicz from the Knowledge Hub for Migration and Security talked about the EU HEX-ML 18 (PACE) exercise that took place in November 2018 and commented that, while a lot has been achieved, more can be done to improve the responses at operational and strategic levels. Response must come from the experts, but threat actors are developing and becoming more advanced. The definition of standard operating procedures is still an important area. Despina Spanou, the Director for Digital Society, Trust and Cybersecurity at DG CONNECT said that in the blueprint, the European Commission has recognised that private entities also have a role to play and this is a culture of collaboration that has been set by the NIS directive.