Welcome to the first issue of ENISA’s Newsletter for 2017!

ENISA has successfully completed its 2016 activities, by producing a significant number of reports and studies, which cover a wide spectrum of NIS areas. The latest reports include: the “Cyber security and resilience for Smart Hospitals”, “Securing smart airports”, “PETs Control Matrix”, “Security of Mobile Payments and Digital Wallets”, the “National Cyber Security Strategy Good Practice Guide” and “ENISA’s Opinion Paper on Encryption”.

In addition to its publications, ENISA has coordinated and supported successful events during the period of October – December. In close collaboration with Europol, ENISA organised the 5th Europol EC3/ENISA Workshop on the importance of information exchange in the fight against cybercrime.

Our agency also supported the EU Cybersecurity challenge competition, helping the EU to motivate and develop new talent and participated in the EU Agencies Forum, discussing EU Agencies contribution for a better EU future.

ENISA will continue its efforts in 2017 to secure Europe’s information society, by raising awareness of network and information security and to develop and promote a culture of NIS in society for the benefit of citizens, consumers, enterprises and public sector organizations.

Several interesting reports and events are coming up, so stay tuned! Share the newsletter with friends, colleagues or associates, who share our passion for cybersecurity.

Best wishes for a Secure New Year 2017!

Securing Smart Airports

ENISA published a study on "Securing smart airports" providing airport decision makers and security personnel a concrete guide on preventing cyber-attacks and disruptions. In response to new emerging threats, ENISA’s report provides a guide for airport decision makers to implement available good practices to date, in order to secure passengers and operations.

5th Europol EC3/ENISA Workshop

On 7 and 8 of November 2016, on the occasion of the 5th Europol EC3/ ENISA Workshop, EU Law Enforcement Agencies (LEAs) and their CSIRT (Computer Security Incident Response Team) counterparts convened at Europol’s headquarters in The Hague for a two-day workshop focusing on “Information: From Taxonomy to a Sharing Mechanism”.

The main purpose of this year’s workshop consisted of fostering better cooperation between national/governmental CSIRTS and EU Law Enforcement agencies, with the aim of establishing a network able to discuss topics of interests to both law enforcement investigators and CSIRT operators alike, such as information exchange and policy elements affecting the activities of both sides.

Securing smart cars today; for safer autonomous cars tomorrow

ENISA has published a study on the "Cyber security and resilience of smart cars", identifying good practices and recommendations to ensure the security of smart cars against cyber threats.

The report lists the sensitive assets present in smart cars, as well as the corresponding threats, risks, attack scenarios, mitigation factors and possible security measures to implement. Smart cars subject matter experts were contacted to reflect the needs of Europe’s automotive cyber security stakeholders.

PETs Control Matrix

Following previous work in the field of privacy engineering, ENISA published the ‘PETs control matrix’, a systematic approach for accessing online and mobile privacy tools for end users. The term ‘PET’ is used in the context of this work with a narrow focus, addressing standalone privacy tools or services.

Security of Mobile Payments and Digital Wallets

ENISA has published good practices and recommendations for payment providers and financial institutions following an analysis of the security of mobile payments and digital wallets.

ENISA assessed the most widely used payment applications and their security models to identify good practices. The identified results, validated in a workshop in November 2016, provide some key recommendations included in this report.

ENISA’s Opinion Paper on Encryption

Following the Council meeting on 8th and 9th December 2016 in Brussels, ENISA’s paper gives an overview into aspects around the current debate on encryption, while highlighting the Agency’s key messages and views on the topic.

EU Agencies Forum

On December 6th and 7th, representatives of EU Agencies met at the European Parliament to discuss and exchange views on how they contribute to Europe and citizens.

ENISA participated at the two-day meeting, sharing with counterparts the role and the contribution of the Agency to the Digital Single Market for the benefit of citizens, consumers, enterprises and public sector organizations in the Union.

Protecting Smart Hospitals

Key recommendations on protecting smart hospitals were presented in the 2nd ENISA eHealth security workshop, which was organised on the 23rd of November, together with the Vienna Hospitals Association. The study sets the scene on information security for the adoption of IoT in Hospitals. It depicts the smart hospital ICT ecosystem; and through a risk based approach focuses on relevant threats and vulnerabilities, analyses attack scenarios, and maps common good practices.

ENISA at Bitkom Hub-Conference

ENISA participated at the BITKOM hub-conference on the 22nd November 2016 in Berlin. This year the Agency shared insights on IoT cybersecurity and smart environments, and showcased a live-demo on securing smart home devices.

The live-demo session, which was presented for the first time, focused on how to securely select, manage and operate smart devices while demonstrating the applicability and cost-effectiveness of good practices.

European Cyber Security Challenge

One hundred young European white hat hackers representing 10 EU Member States and EFTA countries met in Düsseldorf for the 2nd Cyber Security Challenge competition on the 7th - 9th November.

Participants were welcomed to the challenge and were handed their awards by Prof Pohlmann, Thorsten Menne of the Ministry of Innovation, Science and Research of the State of North Rhine Westphalia and the Head of ENISA's Core Operations Department, Dr Steve Purser.

ENISA hosts key workshop on the NIS Directive

Co-organised with the Slovakian National Security Agency on the 17th and 18th of October in Bratislava, the workshop gathered participants from the EU Commission, relevant public authorities within Member States and representatives of the private sector to debate on the implementation of the NIS Directive.

The NIS Directive is the first EU legislation specifically aimed at improving cybersecurity throughout the Union.

Cyber Insurance Report

ENISA recognising the growing need of insurance companies and customers alike, developed a report, focusing on key developments, challenges, and an insurers’ pre-policy risk assessment.

The aim of the report is to raise awareness for the most impactful market advances, by shortly identifying the most significant cyber insurance developments for the past four years – during 2012 to 2016 – and to capture the good practices and challenges during the early stages of the cyber insurance lifecycle, i.e. before an actual policy is signed, laying the ground for future work in the area.

Updated Good Practice Guide on National Cyber Security Strategies by ENISA

ENISA published its second National Cyber Security Strategy Good Practice Guide, providing an update to the 2012 ENISA guidebook on the design and implementation of a National Cyber Security Strategy (NCSS).