Image
As one of the European Union Agency for Cybersecurity (ENISA’s) core strategic objectives, foresight enables reflection on various possible futures and strategic preparation for plausible scenarios. ENISA has developed a methodology to apply foresight to identify future cybersecurity threats, map emerging challenges and prioritise efforts towards future technologies that may have implications for cybersecurity.
ENISA is vigilant with the latest information and guidance on cybersecurity developments in emerging areas. Indicative of this targeted focus are the numerous reports and studies of ENISA on topics related to Artificial Intelligence (AI) and to the Internet of Things (IoT).
Artificial Intelligence is a field of computer science that facilitates the creation of systems that can perform tasks which typically require human intelligence, such as decision making, problem solving, learning from data, speech recognition and understanding of natural language. AI technologies are already deeply integrated into various industries, from healthcare and finance to autonomous vehicles and customer service continue to rapidly evolve. While undoubtedly beneficial, AI and its application to automated decision-making, – especially in deployments where safety is critical – could open new avenues for manipulation and attack methods, while also creating new challenges for security and privacy.
The dual role of AI in security must be acknowledged: While it can be exploited to manipulate expected outcomes, AI techniques can also enhance security operations and help towards mitigating adversarial attacks. However, the use of AI as a tool for cybersecurity, is essential to develop specific measures which ensures the trustworthiness and security of the AI itself.
In this regard, the European Union introduced the European Artificial Intelligence Act (AI Act), which is the first comprehensive regulation on artificial intelligence. Regulation (EU) 2024/1689 entered into force on 1 August 2024 and aims to support the responsible development and application of AI in the EU. Adopting a product safety approach based on risk levels, the regulation lays down a uniform set of requirements and obligations on the use of AI.
ENISA continues to monitor and assess specific risks regarding emerging technologies through its membership in the NIS Cooperation Group, which also works to ensure the security of critical infrastructure in Europe. Furthermore, ENISA has established a dedicated ad hoc Working Group on Foresight for Emerging and Future Cybersecurity Challenges to systematically conduct foresight exercises. Last but not least, the Agency continues working on analysing the AI cybersecurity ecosystem and to provide security recommendations for the challenges foreseen.
Post- Quantum Cryptography
Cryptography is a vital part of cybersecurity, with security properties such as confidentiality, integrity, authentication and non-repudiation that depends strongly on cryptographic mechanisms. The introduction of quantum technology promises to drive significant advancements across multiple industries, as it has a potential to solve problems that current technologies have not yet tackled. However, it also presents significant challenges to security infrastructure, particularly in the realm of cryptography.
The rise of quantum computing raises concerns about the integrity and security of current cryptographic solutions, leading to the development of the field of post-quantum cryptography. This field focuses on creating cryptographic solutions that are designed to be secure against the potential threats posed by quantum computers. While quantum computers have the potential to break many of the cryptographic systems currently in use, post-quantum cryptography aims to provide secure alternatives that will continue to work in a world with quantum computing.
ENISA has been working on post-quantum cryptography for several years and has delivered reports on the current state-of-the-art and mitigation techniques for relevant challenges. ENISA’s work provides a concise overview of the progress of the standardisation process for post-quantum cryptography schemes and introduces a framework to analyse existing quantum-resistant solutions, classifying them into families and discussing their advantages and shortcomings. Moreover, work on the integration of post-quantum cryptography with existing cryptographic solutions and communication protocols is at the forefront of ENISA’s efforts.
In cooperation with the European Commission, Member States and other EU bodies, ENISA engages with expert groups to address emerging challenges and promote good practices mainly at the advent of post-quantum cryptography.
