National Cybersecurity Strategies Guidelines & tools

To meet current and emerging cybersecurity threats, EU Member States need to constantly develop and adapt their cybersecurity strategies. National cybersecurity strategies (NCSS) are the main documents of nation states to set strategic principles, guidelines, and objectives and in some cases specific measures in order to mitigate risk associated with cybersecurity.

In order to strengthen critical infrastructure against various threats and to uphold the trust of the EU citizens, the European Commission has proposed the Network and Information Security Directive (NIS Directive) in 2013.

In December 2015, the European Parliament and the Council reached an agreement on the Commission’s proposal. The European Parliament adopted the final Directive in July 2016 and it entered into force in August 2016.

The aim of the NIS Directive is to improve the EU Member States’ national cybersecurity capabilities, enhancing the cooperation between the Member States, the public and the private sector, while also requiring companies in critical sectors to report major incidents to national authorities and to adopt risk management practices.

One of the main provisions of the NIS Directive requires EU Member States to develop and adopt a national cybersecurity strategy (NCSS).  ENISA is supporting the efforts of EU Member States since 2012 by providing guidelines on how to develop, implement and update NCSS, analysing existing strategies and outlining good practices.

ENISA’s work on NCSS includes: