Threathunt 2030: How to Hunt Down Emerging & Future Cyber Threats

The new “Threathunt 2030” conference gathered ENISA’s key cybersecurity stakeholders from Member States, as well as from the European Union institutions and agencies to brainstorm on the identification of emerging and new cybersecurity threats. The event took place at the historic ‘’Zappeion Megaron’’ in the centre of Athens.

To keep pace with the fast-evolving cybersecurity threat landscape, ENISA is currently exploring how foresight can specifically help understand emerging and future challenges. The approach of the ongoing work is to try to capture the multi-dimensional aspect of the threats we know today and take the different technical, operational, strategic and political levels and different stakeholders into account.

Already included as a key element of ENISA’s strategy, foresight enables a broader approach thanks to its participatory and multidisciplinary nature. This is also why the discipline has now become a major strategic planning tool for both private and public organisations.

The conference was the first opportunity to support this work and draw initial conclusions. The full programme of the event can be consulted here.

Objectives of the Threathunt 2030 conference

Taking place under Chatham House rules, the main purpose of the conference was to discuss the resources and methodologies we can use today to identify new threats which could emerge by 2030 and to ensure the EU cybersecurity ecosystem will be adequately equipped to tackle them in a timely manner.

In addition, the intention was also to establish the foundation for a long-standing community of partners with a keen interest to contribute to achieving a strong cyber secure Union.

Foresight as a strategic priority

The conference opened with a first panel on foresight as a strategic priority for cybersecurity, moderated by ENISA Executive Director Juhan Lepassaar.

Foresight is a complex and evolutive process designed to allow informed decision-making at strategic level. Based on a reflection on possible future developments grounded in the present, its purpose is to lead to decisions best suited to the anticipated evolutions, and to strategic preparations tailored to plausible scenarios. The panel noted how critical it will be not to mix terminology when it comes to the future - it is not only about challenges and opportunities, but also about real threats - and this needs to be clearly spelt out to prepare for the knowns and unknowns that lie ahead.

A second panel focused on future operational cooperation. While seeing the new threats is essential, seeing alone will not be sufficient. Equally important is to be well prepared on how to handle and respond to these timely. The panellists from the institutional side of the cybersecurity community highlighted the evolution and complexities of the threat landscape, and the increasingly blurred lines between tactical, strategic and operational dimensions. Hence the need to proactively build capacities, train staff and look for new profiles to be ready for the future. Europe has already achieved much in terms of putting the right frameworks and cooperation networks in place and building on existing structures. Now, all of these tools need to be further enhanced with better situational awareness and information sharing mechanisms. What lies ahead in the future will be assessed and tackled jointly. The underlying message here was that indeed, we are all in this together.

The third panel took a wider security angle and looked at the need to converge wider perspectives when it comes to cybersecurity. Hybrid threats, cyber physical systems, information manipulation and disinformation, cyber defense and response - all these aspects come with their own challenges and threats looking at 2030. As far as supply chains are concerned, large cyberthreats may come from everywhere, therefore it is essential to support a holistic and multidisciplinary approach to cybersecurity.

The panel on future cybersecurity threats for sectors brought together actors from railway, aviation, maritime and energy sectors. It looked at the move from analogue to digital in various sectors and the growing interdependencies between sectors. Drones and remote control, augmented reality in the cockpit, GPS jamming, sophistication of cyber-attacks including the use of AI are all expanding the cyber attack surface, and information sharing is paramount also for these sectors.

The last panel on cybersecurity challenges in the horizon of 2030 stressed the necessity to address the future threat landscape in a collaborative manner by sharing information and promoting suitable methodologies to follow. To this end, ENISA will soon be publishing a methodology on how to map the threat landscape and is actively running a foresight exercise to identify cyber threats in 2030 with results expected by the end of the year.

Background

The work on foresight implements objective 6 of the ENISA strategy: “Foresight on emerging and future cybersecurity challenges” in order to:

• understand emerging trends and patterns;
• assess emerging challenging and risks;
• collaborate with stakeholders, decision- and policy-makers on appropriate mitigation strategies;
• improve the EU resilience to cybersecurity threats and find solutions to address emerging challenges.

Further information

• Threathunt 2030 – Events
• ENISA report - Foresight Challenges
• ENISA Cybersecurity Strategy

Contact

• For questions related to the press and interviews, please contact press(at)enisa.europa.eu

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS