NESSI recently responded to a public consultation on ENISA, in which the European Commission was seeking views of experts and stakeholders to evaluate ENISA’s contribution to the cybersecurity landscape. The questionnaire was in two parts.
Backward looking ex-post evaluation of ENISA in the period 2013-2016.
NESSI members interacted with ENISA or used ENISA’s products and services one to two times per year, mainly by the use of reports (e.g. NIS Threats Landscape) and research publications. The documents provided by ENISA where thought to be relevant with some room for improvement.
ENISA did useful work on: developing and maintaining a high level of expertise in cybersecurity; supporting the development and implementation of EU policy; supporting the EU institutions, agencies, bodies and member states to strengthen their capability and preparedness to prevent, detect and respond to network and information security problems and incidents; and supporting cooperation in the cybersecurity community, e.g. through public-private cooperation, information sharing, enhancing community building, coordinating the Cyber Europe exercise.
ENISA’s most useful achievements were the collection of information on a wide range of cybersecurity-related topics and the formulation of strategy to support improved cybersecurity, especially roadmaps on areas where further research is needed.
Forward looking focusing on the needs and challenges in the cybersecurity landscape and possible policy options for a revision of ENISA’s mandate.
In NESSI’s view the most urgent needs are: capacity to prevent, detect and resolve large scale cyber attacks; protection of critical infrastructure from cyber attacks; cooperation across Member States in matters related to cybersecurity; innovative IT security solutions; and skills development, education, training of professionals in the area of cybersecurity.
The current instruments and mechanisms at the European level, e.g. regulatory frameworks, cooperation mechanisms, funding programmes, EU agencies and bodies are barely adequate to promote and ensure cybersecurity and address the urgent needs.
NESSI’s opinion is that there is a role for an EU-level body in improving cybersecurity and ENISA could take this role, in close interaction with the legislative initiatives.
For a full report on the consultation results, please follow this link.
For the final report on the Evaluation of ENISA, please follow this link.