ENISA’s New Mandate to Face Cyber Security Challenges

In April, the European Parliament approved ENISA’s new seven-year mandate to modernise and to strengthen its role as EU’s leading Cyber Security Agency.

The European Network and Information Security Agency (ENISA) is a Greece-based European Union (EU) entity, created in 2004. ENISA’s principal goal is to ensure a high and effective level of network and information security (NIS) within the EU in order to contribute to the smooth functioning of the EU single market. Its two main roles are to give support, advice and expertise to EU institutions and the Member States on all relevant aspects of NIS and to facilitate the exchange of best practices and cooperation between both public and private sectors.1

Previously, ENISA’s mandate has been given five-year-long extensions, always subject to political debates, and this time the process of granting ENISA an extension was no different. After extensive political discussions and several rounds of public consultations, the decision was made to develop ENISA into a more efficient body and to increase its task range as well as its resources. Besides renewing its mandate for seven more years, the European Parliament (EP) approved2, 16 April 2013)) the modernisation of ENISA in order to enable the Agency to play a bigger role in boosting trust between key cyber security players throughout the EU.3

Wider range of tasks & better governance

The new regulation gives the agency a clear mandate to support several new areas within the domain of cyber security. For example, ENISA is expected to assist the establishment and functioning of a full-scale European Union Computer Emergency Response Team (EU CERT) and a pan-EU network of CERTs to counter cyber attacks at EU level. Also, both national entities and EU institutions may request expertise and advice from ENISA in case of a ‘security breach or loss of integrity with a significant impact on the operation of networks and services’.4 Among other areas of competence, ENISA will also start working in the field of NIS aspects related to the fight against cyber crime.5

In addition to ENISA’s original location in Heraklion, Crete, a new ‘branch office’ will be opened in Athens. The new office will accommodate mostly operational staff with the aim of improving the efficiency of its networking activities.6 ENISA’s governing structure will also be amended: according to the regulation, a new executive board will be established to enable the management board to focus on issues of strategic importance and thus improve ENISA’s effectiveness.7

Supporting EU cyber security reforms

The improvement of the Agency includes giving ENISA appropriate tools to focus more clearly on EU priorities and needs, since the EU as a whole is facing an increasing number of cyber challenges. ENISA’s modernisation will include gaining a more flexible response capability, developing European skills and competences and bolstering its operational efficiency and overall impact. The modernisation will also go hand-in-hand with a number of on-going EU regulatory and non-regulatory policy initiatives in the NIS domain, launched under the Digital Agenda for Europe programme.1 Under the recently proposed EU Cyber Security Strategy and NIS Directive, ENISA will have a key role in ensuring EU’s cyber security and establishing NIS standards to support an internationally competitive NIS industry.8

ENISA’s Executive Director, Prof. Udo Helmbrecht, has noted that: ‘With this new mandate, ENISA is able to fully support the EU’s Cyber Security Strategy envisaging a reinforced role for ENISA, with the intention to increase resources to help protect Europe’s digital society and economy. The Strategy is also providing ENISA with a framework for both working more closely with, and providing its expertise to, other EU bodies, like Europol, who are operationally responsible for cybercrime, and the European External Action Service, regarding cyber security at a global level’.9

  1. European Commission, ”Digital Agenda: Commission proposal to strengthen and modernise European Network and Information Security Agency (ENISA) – frequently asked questions,” presse release, September 30, 2010, http://europa.eu/rapid/press-release_MEMO-10-459_en.htm?locale=en [] []
  2. European Union, European Parliament legislative resolution of 16 April 2013 on the proposal for a regulation of the European Parliament and of the Council concerning the European Network and Information Security Agency (ENISA) (COM(2010)0521 – C7-0302/2010 – 2010/0275(COD []
  3. See supra, note 1. []
  4. European Parliament, “ENISA: a new mandate to face the challenges of network and information security”, press release, April 16, 2013. http://www.europarl.europa.eu/news/en/pressroom/content/20130416IPR07353… []
  5. See supra, note 2. []
  6. See supra, note 4. []
  7. Ibid. []
  8. European Commission, “European Commission welcomes European Parliament’s vote to extend mandate of ENISA and strengthen EU Cybersecurity,” press release, April 15, 2013, http://europa.eu/rapid/press-release_MEMO-13-341_en.htm []
  9. ENISA, “Green light for new regulation for EU Cyber Security Agency ENISA given by the European Parliament,” press release, April 16, 2013. http://www.enisa.europa.eu/media/press-releases/green-light-for-new-regu… []