In order to get a good sense of what the European Union Agency for Network and Information Security (ENISA) does, think of the Internet as a giant body that is constantly fighting attacks from viruses.
In this example, ENISA is like a team of doctors that watches over the Internet and advises European Member States, citizens and the international business community about the best ways of ensuring its health.
While the Web is extremely useful and facilitates rapid communication over great distances and across international borders, constant vigilance is necessary for ensuring its health and optimization. As it turns out, this is no small task.
In Europe alone, there are around 368 million Internet users. This is 15 percent of the world’s Internet population, located in a relatively small geographical area. With so many people online and so much sensitive information available for criminals to access, there exists the need for cybersecurity measurements at the government level to protect the Internet from spiraling out of control at the hands of criminals.
As a governing agency within the European Union, ENISA has been in operation since 2005. As a small organization consisting of only about 60 members, ENISA primarily advises and assists the European Union Commission on key issues related to the safety of hardware and software. Additionally, ENISA aggregates electronic information for the purpose of promoting European security and identifying risks before they occur through the performance of data assessment and management.
It is important to note, however, that ENISA is an advisory council designed to offer cybersecurity advice and best practices. Due to the fact that it has no jurisdiction, similar to the North American Electric Reliability Corporation (NERC), ENISA neither regulates nor inspects suspicious activity within the European Union.
One of the primary roles that ENISA plays as an advisor is to act as a leader in the growing field of critical infrastructure protection. As an advisor to the EU, ENISA offers a Critical Information Infrastructure Protection (CIIP) and Resilience unit designed to promote readiness, immediate response and disaster recovery options as well as best practices for mitigating the likelihood of an electronic attack.
While the definition of critical infrastructure tends to differ depending on geographical location, ENISA includes interconnected networks, ICS-SCADA, mutual aid agreements and cloud-based activity under its critical infrastructure umbrella. ENISA’s CIIP unit offers services such as training, seminars, workshops, multi-national and multi-stakeholder learning exercises to better prepare governments and organizations to meet the growing list of cyber challenges and demands.
Additionally, ENISA provides expertise on the subject of interoperability and security related to government eID solutions. While ENISA does not design or distribute eIDs, it has been a key advisor in the space since 2008, and is well-published on the subject matter.