Publications

Featured publications

2024 Report on the State of the Cybersecurity in the Union

Download

This document marks the first report on the state of cybersecurity in the Union, adopted by ENISA in cooperation with the NIS Cooperation Group and the European Commission, in accordance with Article 18 of the Directive (EU) 2022/2555 (…

ENISA Threat Landscape 2024

Download

ENISA Threat Landscape (ETL) report is an annual report on the status of the cybersecurity threat landscape that identifies prime threats, major trends observed with respect to threats, threat actors and attack techniques, and also describes…

Best Practices for Cyber Crisis Management

Download

This study highlights the complexities behind the notion of cyber crisis and the degree of subjectivity it involves. The elevation of a large-scale cyber incident into a cyber crisis relies predominantly on a political decision, and depends…

All publications

By topics

By type

Publish Date

Power Sector Dependency on Time Service: attacks against time sensitive services

This publication describes the threats against energy providers’ services which depend on the availability of precise timing and communication networks. It provides a typical architecture which supports the time measurement service. Then it…
Private Sector

Encrypted Traffic Analysis

This report explores the current state of affairs in Encrypted Traffic Analysis and in particular discusses research and methods in 6 key use cases; viz. application identification, network analytics, user information identification, detection of…
Private Sector

Procurement Guidelines for Cybersecurity in Hospitals

As cybersecurity becomes more of a priority for hospitals, it is essential that it is integrated holistically in the different processes, components and stages influencing the healthcare ICT ecosystem. Procurement is a key process shaping the ICT…

Private Sector

Security Supervision under the EECC

With this report ENISA aims to support EU countries with their transposition, by analysing the main changes to the security requirements and the security supervision under the new rules. The principles of security supervision under the new rules (…
National / EU authorities

Port Cybersecurity - Good practices for cybersecurity in the maritime sector

Developed in collaboration with several EU ports, this report intends to provide a useful foundation on which CIOs and CISOs of entities involved in the port ecosystem, especially port authorities and terminal operators, can build their…
Private Sector

ENISA good practices for security of Smart Cars

This report defines good practices for security of smart cars, namely connected and (semi-) autonomous vehicles, providing added-value features in order to enhance car users’ experience and improve car safety. Taking stock of all existing…
Private Sector

Good practices in innovation on Cybersecurity under the NCSS

ENISA supports the efforts aimed to enhance the overall level of cybersecurity in the Member States (MS) both at a national and EU level. This report supports that effort by analysing how Member States are approaching innovation as a strategic…

National / EU authorities
telecom annual incident reporting 2018

Annual Report Telecom Security Incidents 2018

This is the 8th time ENISA publishes an annual incident report for the telecom sector. In 2018, half of the total user hours lost (482 million user hours) were due to natural phenomena. It is the first year that natural phenomena are the main root…
National / EU authorities

7 Steps to shore up the Border Gateway Protocol (BGP)

In this paper ENISA highlights the security vulnerabilities of BGP and explains why it is so important to address them. Working closely with experts from industry ENISA derived a shortlist of 7 basic BGP security measures which are industry good…
Private Sector

Cybersecurity Culture Guidelines: 'Technical Annex: Evidence Reviews'

This technical annex contains the four reviews that supported the writing of the report Review of “Behavioural Sciences Research in the Field of Cybersecurity”. The reviews are: 1. Measurement of cyber security attitudes and behaviours, 2.…
Private Sector