• Low Earth Orbit (LEO) SATCOM Cybersecurity Assessment

    This report explores the cybersecurity of Low Earth Orbit (LEO) constellations providing telecommunications services (LEO satcom). Examining various threats and risks-technical, financial, or commercial the landscape of potential attacks is vast. It...

    Published on February 15, 2024
  • Undersea cables

    This report aims to follow up with detailed technical guidelines for national authorities and to support them with the technical aspects of the supervision of undersea cables and their associated infrastructure, including landing stations and cable...

    Published on August 31, 2023
  • 5G Security Controls Matrix

    The ENISA 5G Security controls matrix is a comprehensive and dynamic matrix of security controls and best practices for 5G networks, to support the national authorities in the EU Member States with implementing the technical measures of the EU’s 5G...

    Published on May 24, 2023
  • DNS Identity

    This report provides a view of authentication and verification of domain name owners in the context of domain name registration. It identifies the security challenges, good practices, security controls and associated risks in the domain name...

    Published on May 24, 2023
  • ENISA Transport Threat Landscape

    This report is the first analysis conducted by the European Union Agency for Cybersecurity (ENISA) of the cyber threat landscape of the transport sector in the EU. The report aims to bring new insights into the reality of the transport sector by...

    Published on March 21, 2023
  • ENISA Transport Threat Landscape

    This report is the first analysis conducted by the European Union Agency for Cybersecurity (ENISA) of the cyber threat landscape of the transport sector in the EU. The report aims to bring new insights into the reality of the transport sector by...

    Published on March 21, 2023
  • ENISA Transport Threat Landscape

    This report is the first analysis conducted by the European Union Agency for Cybersecurity (ENISA) of the cyber threat landscape of the transport sector in the EU. The report aims to bring new insights into the reality of the transport sector by...

    Published on March 21, 2023
  • Fog and Edge Computing in 5G

    This report focuses on the fundamentals of fog and edge, an overview of their security aspects, the open challenges that these sectors face, the related standardisation efforts, the existing opportunities in this field, and different application...

    Published on March 09, 2023
  • 5G Cybersecurity Standards

    This report outlines the contribution of standardisation to the mitigation of technical risks, and therefore to trust and resilience, in the 5G ecosystem. This report focuses on standardisation from a technical and organisational perspective.

    Published on March 16, 2022
  • Zoning and Conduits for Railways

    This document gives guidance on building zones and conduits for a railway system. To do so, first the methodology is described. This approach is based on the recently published CENELEC Technical Specification 50701 (CLC/CLC/TS 50701:2021).

    Published on February 28, 2022
  • NFV Security in 5G - Challenges and Best Practices

    In this report explores relevant challenges, vulnerabilities and attacks to the Network Function Virtualization (NFV) within the 5G network. NFV changes the network security environment due to resource pools based on cloud computing and open network...

    Published on February 24, 2022
  • Countering SIM-Swapping

    In this study, we give an overview of how SIM-Swapping attacks work, list measures that providers can take to mitigate the attack and make recommendations for policy makers and authorities in the telecom sector and other sectors. Security of...

    Published on December 06, 2021
  • How to Avoid SIM-Swapping - Leaflet

    This leaflet, addresses the SIM-swapping attacks, how to recognise them and how to mitigate the risk connected to this fraud. In fact, subscriber Identity Module (SIM) swapping is a legitimate procedure performed by a customer to change their SIM...

    Published on December 06, 2021
  • Railway Cybersecurity - Good Practices in Cyber Risk Management

    This report aims to be a reference point for current good practices for cyber risk management approaches that are applicable to the railway sector. It offers a guide for railway undertakings and infrastructure managers to select, combine or adjust...

    Published on November 25, 2021
  • NIS Investments Report 2021

    Following the 2020 NIS Investment publication, this report covers all 27 EU Member States and offering additional insights into the allocation of NIS budgets of OES/DSP, the economic impact of cybersecurity incidents and the organisation of...

    Published on November 17, 2021
  • CSIRT Capabilities in Healthcare Sector

    An attack directed at a critical infrastructure, such as a hospital, can lead to physical damages and put the lives of patients at risk. Therefore, there is a need for solid Incident Response Capabilities (IRC) in the health sector, in particular...

    Published on November 11, 2021
  • Assessment of EU Telecom Security Legislation

    European Union telecom security legislation has been changing over the last few years. In light of these policy changes, ENISA carried out an assessment of the implementation of EU telecom security policy, to inform policy makers in the Commission...

    Published on July 13, 2021
  • 5G Supplement - to the Guideline on Security Measures under the EECC

    This document contains a 5G technology profile which supplements the technology-neutral Guideline on Security Measures under the EECC. The document gives additional guidance to competent national authorities about how to ensure implementation and...

    Published on July 07, 2021
  • Guideline on Security Measures under the EECC

    This document, the Technical Guideline for Security Measures, provides guidance to competent authorities about the technical details of implementing Articles 40 and 41 of the EECC: how to ensure that providers assess risks and take appropriate...

    Published on July 07, 2021
  • PSIRT Expertise and Capabilities Development

    This study focuses on the Sectoral CSIRT and PSIRT capabilities status and development within the Energy and Health sectors as specified within the NIS directive. A desk research has been conducted, followed by a survey which was answered by 7...

    Published on June 03, 2021
  • Technical Guideline on Incident Reporting under the EECC

    This document describes the formats and procedures for cross border reporting and annual summary reporting under Article 40 of the EECC. Paragraph 2 of Article 40 describes three types of incident reporting: 1) National incident reporting from...

    Published on March 22, 2021
  • EU Cybersecurity Initiatives in the Finance Sector

    The finance sector is a heavily regulated sector, and cybersecurity provisions are already included in multiple EU policies and legislations (e.g. PSD 2 , MIFID II ). EU institutions, agencies, bodies, regulators and other groups of stakeholders run...

    Published on March 05, 2021
  • Security in 5G Specifications - Controls in 3GPP

    The objective of this report is to help MS implementing the technical measure TM02 from the EU toolbox on 5G security. The report is also intended to help national competent and regulatory authorities get a better picture of the standardisation...

    Published on February 24, 2021
  • Cloud Security for Healthcare Services

    This study aims to provide Cloud security practices for the healthcare sector and identify security aspects, including relevant data protection aspects, to be taken into account when procuring Cloud services for the healthcare industry. The set of...

    Published on January 18, 2021
  • Guidelines - Cyber Risk Management for Ports

    This report aims to provide port operators with good practices for cyber risk assessment that they can adapt to whatever risk assessment methodology they follow. In order to achieve this, this report introduces a four-phase approach to cyber risk...

    Published on December 17, 2020
  • ENISA Threat Landscape for 5G Networks Report

    This report is an update of the ENISA 5G Threat Landscape, published in its first edition in 2019. This document is a major update of the previous edition. It encompasses all novelties introduced, it captures developments in the 5G architecture and...

    Published on December 14, 2020
  • NIS Investments Report 2020

    Four years after the NIS Directive entered into force and two years after the transposition by Member States into their national laws, this report presents the findings of a survey of 251 organisations across five EU Member States (France, Germany...

    Published on December 11, 2020
  • Railway Cybersecurity

    This ENISA study regards the level of implementation of cybersecurity measures in the railway sector, within the context of the enforcement of the NIS Directive in each European Member State. It presents a thorough list of essential railway...

    Published on November 13, 2020
  • Power Sector Dependency on Time Service: attacks against time sensitive services

    This publication describes the threats against energy providers’ services which depend on the availability of precise timing and communication networks. It provides a typical architecture which supports the time measurement service. Then it...

    Published on May 12, 2020
  • Encrypted Traffic Analysis

    This report explores the current state of affairs in Encrypted Traffic Analysis and in particular discusses research and methods in 6 key use cases; viz. application identification, network analytics, user information identification, detection of...

    Published on April 23, 2020
  • Procurement Guidelines for Cybersecurity in Hospitals

    As cybersecurity becomes more of a priority for hospitals, it is essential that it is integrated holistically in the different processes, components and stages influencing the healthcare ICT ecosystem. Procurement is a key process shaping the ICT...

    Published on February 24, 2020
  • Security Supervision under the EECC

    With this report ENISA aims to support EU countries with their transposition, by analysing the main changes to the security requirements and the security supervision under the new rules. The principles of security supervision under the new rules...

    Published on January 10, 2020
  • Port Cybersecurity - Good practices for cybersecurity in the maritime sector

    Developed in collaboration with several EU ports, this report intends to provide a useful foundation on which CIOs and CISOs of entities involved in the port ecosystem, especially port authorities and terminal operators, can build their...

    Published on November 26, 2019
  • ENISA threat landscape for 5G Networks

    This report draws an initial threat landscape and presents an overview of the challenges in the security of 5G networks. Its added value lays with the creation of a comprehensive 5G architecture, the identification of important assets (asset...

    Published on November 21, 2019
  • 7 Steps to shore up the Border Gateway Protocol (BGP)

    In this paper ENISA highlights the security vulnerabilities of BGP and explains why it is so important to address them. Working closely with experts from industry ENISA derived a shortlist of 7 basic BGP security measures which are industry good...

    Published on May 17, 2019
  • ICT security certification opportunities in the healthcare sector

    The scope of this report covers functional requirements for a potential ICT security certification scheme for a widely understood healthcare sector.

    Published on January 31, 2019
  • Good practices on the implementation of regulatory technical standards

    MS approaches on PSD 2 implementation: commonalities in risk management and incident reporting - The main objective of this study is to identify the differences introduced by Member States in the implementation of the PSD2. In particular, the aim is...

    Published on January 24, 2019
  • Signalling Security in Telecom SS7/Diameter/5G

    The present study has deep dived into a critical area within electronic communications, the security of interconnections in electronic communications (signalling security). Based on the analysis, at this moment there is a medium to high level of...

    Published on March 28, 2018
  • Technical Guidelines for the implementation of minimum security measures for Digital Service Providers

    ENISA has issued this report to assist Member States and DSPs in providing a common approach regarding the security measures for DSPs. This particular initiative has been achieved by examining current information and network security practices for...

    Published on February 16, 2017
  • Distributed Ledger Technology & Cybersecurity - Improving information security in the financial sector

    This paper aims to provide financial professionals in both business and technology roles with an assessment of the various benefits and challenges that their institutions may encounter when implementing a distributed ledger.

    Published on January 18, 2017
  • Security of Mobile Payments and Digital Wallets

    The primary objective of this paper is the production of guidelines to assist mobile payment developers and mobile payment providers towards recommended security controls which if implemented would help ensure that consumers, retailers and financial...

    Published on December 19, 2016
  • Securing Smart Airports

    In response to the new emerging threats faced by smart airports, this report provides a guide for airport decision makers (CISOs, CIOs, IT Directors and Head of Operations) and airport information security professionals, but also relevant national...

    Published on December 16, 2016
  • Cyber security and resilience for Smart Hospitals

    This study proposes key recommendations for hospital information security executives and industry to enhance the level of information security in Smart Hospitals. Through the identification of assets and the related threats when IoT components are...

    Published on November 24, 2016
  • The cost of incidents affecting CIIs

    The aim of the study is to assess the economic impact of incidents that affect CIIs in EU, based on existing work done by different parties, and set the proper ground for the future work of ENISA in this area.

    Published on August 05, 2016
  • Threat Landscape and Good Practice Guide for Software Defined Networks/5G

    This study reviews threats and potential compromises related to the security of SDN/5G networks. More specifically, this report has identified related network assets and the security threats, challenges and risks arising for these assets. Driven by...

    Published on January 27, 2016
  • Stocktaking, Analysis and Recommendations on the protection of CIIs

    This study takes stock of and analyses the different approaches the EU Member States take to protect their critical information infrastructures by presenting key findings, the different CIIP governance structures and by emphasizing on good...

    Published on January 21, 2016
  • Security and Resilience in eHealth Infrastructures and Services

    The aim of this study is to investigate the approaches and measures MS take to protect critical healthcare systems, having as a main goal improved healthcare and patient safety. In that respect this study analyses: - The policy context in Europe...

    Published on December 18, 2015
  • Secure Use of Cloud Computing in the Finance Sector

    In creating this report we analysed input from a number of different sources to better understand the usage of cloud services in the finance sector. Based on the analysis we provide recommendations to financial institutions, regulators and cloud...

    Published on December 07, 2015
  • Methodologies for the identification of Critical Information Infrastructure assets and services

    This study aims to tackle the problem of identification of Critical Information Infrastructures in communication networks. The goal is to provide an overview of the current state of play in Europe and depict possible improvements in order to be...

    Published on February 23, 2015
  • Network and Information Security in the Finance Sector

    Securing cyberspace and e-communications has become both a governmental and an Industry priority worldwide. The growing relevance of information and communication technologies in the essential functions of the economy has reinforced the necessity of...

    Published on January 15, 2015
  • Threat Landscape of Internet Infrastructure

    This study details a list of good practices that aim at securing an Internet infrastructure asset from Important Specific Threats. A gap analysis identifies that some assets remain not covered by current good practices: human resources...

    Published on January 15, 2015
  • Mutual Aid for Resilient Infrastructure in Europe (M.A.R.I.E.) - Phase II: Recommendations Report

    This report presents 5 main recommendations which will –if implemented- improve emergency preparedness for ICT Stakeholders. The results of the preliminary study performed in 2011 showed that the preparedness for Black Swan events (low probability ...

    Published on December 16, 2013
  • Emergency Communications Stocktaking

    The Emergency Communications Stocktaking project is an initiative of the European Network and Information Security Agency (ENISA) to determine how emergency services communicate within their own organisations and with each other in times of...

    Published on December 19, 2012
  • ENISA Report on Resilient Internet Interconnections

    This study provides an overview of past incidents that impaired the Internet’s interconnection fabric, and discusses good practices to limit or avoid the impact of future crises events.

    Published on June 21, 2012
  • Ontology and taxonomies of resilience

    Existing standards in the field have so far only addressed resilience indirectly and thus without detailed definition of the taxonomy and thus of the semantics of security. The primary purpose of an ontology and taxonomies defined in this context is...

    Published on December 21, 2011
  • Mutual Aid Agreements

    This Mutual Aid for Resilient Infrastructure in Europe (MARIE) Phase 1 Report presents twelve Key Observations about MAAs and in so doing lays the foundation for a number of recommendations, which are planned for the MARIE Phase 2 Report (in 2012). ...

    Published on December 19, 2011
  • A Security Analysis of Next Generation Web Standards

    The web browser is arguably the most security-critical component in our information infrastructure. It has become the channel through which most of our information passes. ENISA is seizing a unique chance to make detailed recommendations for...

    Published on July 31, 2011
  • Secure Software Engineering Initiatives

    Most high-profile cyberattacks are enabled by flaws in computer systems‟ software, so-called software vulnerabilities in the application layer. As a preliminary step towards addressing the problem of software vulnerabilities, we have compiled a list...

    Published on May 01, 2011
  • Policy statement

    Position statement prepared for the Ministerial Conference on CIIP organised by the Hungarian EU Presidency in Balatonfüred on 14-15 April 2011

    Published on April 15, 2011
  • Resilience of the Internet Interconnection Ecosystem

    This study looks at the resilience of the Internet interconnection ecosystem. The Internet is a network of networks, and the interconnection ecosystem is the collection of layered systems that holds it together. The interconnection ecosystem is...

    Published on April 11, 2011
  • Botnets: Measurement, Detection, Disinfection and Defence

    “Botnets: Measurement, Detection, Disinfection and Defence” is a comprehensive report on how to assess botnet threats and how to neutralise them. It is survey and analysis of methods for measuring botnet size and how best to assess the threat posed...

    Published on March 07, 2011
  • Botnets: 10 Tough Questions

    As part of the project “Botnets: Detection, Measurement, Mitigation & Defence” a series of questions was discussed by internationally renowned experts in the field of botnets between September and November 2010. This document presents a selection of...

    Published on March 07, 2011
  • Resilience Metrics and Measurements: Technical Report

    During the ENISA survey study on 'Resilience Metrics and Measurements: Challenges and Recommendations' it was found that there is lack of a standardised framework or good metrics. Resilience was not considered to be a well-defined term and depending...

    Published on February 01, 2011
  • Resilience Metrics and Measurements: Challenges and Recommendations

    As part of the study run by ENISA, a set of metrics-specific questions was sent to a group of stakeholders. These questions concerned how resilience is measured on a sector basis (the surveyed participants were from public and private...

    Published on February 01, 2011
Browse the Topics

This site uses cookies to offer you a better browsing experience.
Aside from essential cookies we also use tracking cookies for analytics.
Find out more on how we use cookies.

Accept all cookies Accept only essential cookies