Publications

Featured publications

2024 Report on the State of the Cybersecurity in the Union

Download

This document marks the first report on the state of cybersecurity in the Union, adopted by ENISA in cooperation with the NIS Cooperation Group and the European Commission, in accordance with Article 18 of the Directive (EU) 2022/2555 (…

ENISA Threat Landscape 2024

Download

Seven prime cybersecurity threats were identified in 2024, with threats against availability topping the chart and followed by ransomware and threats against data, and the report provides a relevant deep-dive on each one of them by analysing…

Best Practices for Cyber Crisis Management

Download

This study highlights the complexities behind the notion of cyber crisis and the degree of subjectivity it involves. The elevation of a large-scale cyber incident into a cyber crisis relies predominantly on a political decision, and depends…

All publications

By topics

By type

Publish Date

Common practices of EU-level crisis management and applicability to the cyber crises

Despite a number of initiatives within the European Network and Information Security community to establish frameworks and standard operating procedures, the EU-level response to cyber incidents, and in particular these which lead to crisis…
National / EU authorities

Impact evaluation on the implementation of Article 13a incident reporting scheme within EU

As several years have passed since the publication and implementation of the Framework Directive 2009/140 including Art. 13a, an impact evaluation of the new article was necessary. The evaluation has the purpose of assessing the changes in outcome…
National / EU authorities

NIS Directive and national CSIRTs

This is an informative note on what provisions of the upcoming NIS Directive might mean for CSIRTs. It contains references to parts of the Directive, and some comments and proposals from our side. By no means we consider this document fix or final,…
National / EU authorities

Good Practice Guide on Vulnerability Disclosure. From challenges to recommendations

Vulnerabilities are ‘flaws’ or ‘mistakes’ in computer-based systems that may be exploited to compromise the network and information security of affected systems. They provide a point-of-entry or gateway to exploit a system and as such pose…
National / EU authoritiesPrivate Sector

Window of exposure… a real problem for SCADA systems?

Much of Europe’s critical infrastructure which resides in sectors such as energy, transportation,water supply is largely managed and controlled by SCADA (Supervisory Control and Data Acquisition) systems, a subgroup of Industrial Control Systems…

National / EU authorities
Cooperative models for effective public private partnerships

Good Practice Guide on Cooperatve Models for Effective PPPs

This Good Practice Guide on Cooperative Models for Effective Public Private Partnerships (PPPs) classifies PPPs for security and resilience and reveals the main five components addressing Why, Who, How, What and When questions associated with…

National / EU authorities

Who-is-Who Directory on NIS - Ed. 2010

The ENISA Who-is-Who Directory on Network and Information Security (NIS) contains information on NIS stakeholders (such as national and European authorities and NIS organisations), contact details, websites, and areas of responsabilities or…

National / EU authorities

Security Issues in Cross-border Electronic Authentication

Improving the interoperability of electronic identification and authentication systems is a European task and a task for all Member States. Considerable efforts have been made in several projects to face the challenges of pan-European…

National / EU authorities