• Power Sector Dependency on Time Service: attacks against time sensitive services

  This publication describes the threats against energy providers’ services which depend on the availability of precise timing and communication networks. It provides a typical architecture which supports the time measurement service. Then it...

  Published on May 12, 2020

• Encrypted Traffic Analysis

  This report explores the current state of affairs in Encrypted Traffic Analysis and in particular discusses research and methods in 6 key use cases; viz. application identification, network analytics, user information identification, detection of...

  Published on April 23, 2020

• Procurement Guidelines for Cybersecurity in Hospitals

  As cybersecurity becomes more of a priority for hospitals, it is essential that it is integrated holistically in the different processes, components and stages influencing the healthcare ICT ecosystem. Procurement is a key process shaping the ICT...

  Published on February 24, 2020

• 7 Steps to shore up the Border Gateway Protocol (BGP)

  In this paper ENISA highlights the security vulnerabilities of BGP and explains why it is so important to address them. Working closely with experts from industry ENISA derived a shortlist of 7 basic BGP security measures which are industry good...

  Published on May 17, 2019

• ICT security certification opportunities in the healthcare sector

  The scope of this report covers functional requirements for a potential ICT security certification scheme for a widely understood healthcare sector.

  Published on January 31, 2019

• Good practices on the implementation of regulatory technical standards

  MS approaches on PSD 2 implementation: commonalities in risk management and incident reporting - The main objective of this study is to identify the differences introduced by Member States in the implementation of the PSD2. In particular, the aim is...

  Published on January 24, 2019

• Signalling Security in Telecom SS7/Diameter/5G

  The present study has deep dived into a critical area within electronic communications, the security of interconnections in electronic communications (signalling security). Based on the analysis, at this moment there is a medium to high level of...

  Published on March 28, 2018

• Technical Guidelines for the implementation of minimum security measures for Digital Service Providers

  ENISA has issued this report to assist Member States and DSPs in providing a common approach regarding the security measures for DSPs. This particular initiative has been achieved by examining current information and network security practices for...

  Published on February 16, 2017

• Communication network dependencies for ICS/SCADA Systems

  ENISA is continuing the work on communication network dependencies in industrial infrastructures, focusing in this case on ICS/SCADA systems and networks. The main objective is to provide insight into the communication network interdependencies...

  Published on February 01, 2017

• Distributed Ledger Technology & Cybersecurity - Improving information security in the financial sector

  This paper aims to provide financial professionals in both business and technology roles with an assessment of the various benefits and challenges that their institutions may encounter when implementing a distributed ledger.

  Published on January 18, 2017

• Security of Mobile Payments and Digital Wallets

  The primary objective of this paper is the production of guidelines to assist mobile payment developers and mobile payment providers towards recommended security controls which if implemented would help ensure that consumers, retailers and financial...

  Published on December 19, 2016

• Securing Smart Airports

  In response to the new emerging threats faced by smart airports, this report provides a guide for airport decision makers (CISOs, CIOs, IT Directors and Head of Operations) and airport information security professionals, but also relevant national...

  Published on December 16, 2016

• Cyber security and resilience for Smart Hospitals

  This study proposes key recommendations for hospital information security executives and industry to enhance the level of information security in Smart Hospitals. Through the identification of assets and the related threats when IoT components are...

  Published on November 24, 2016

• The cost of incidents affecting CIIs

  The aim of the study is to assess the economic impact of incidents that affect CIIs in EU, based on existing work done by different parties, and set the proper ground for the future work of ENISA in this area.

  Published on August 05, 2016

• Communication network interdependencies in smart grids

  This study focuses on the evaluation of the interdependencies and communications between all the assets that make up the new power grids, their architectures and connections in order to determine their importance, threats, risks, mitigation factors...

  Published on January 29, 2016

• Stocktaking, Analysis and Recommendations on the protection of CIIs

  This study takes stock of and analyses the different approaches the EU Member States take to protect their critical information infrastructures by presenting key findings, the different CIIP governance structures and by emphasizing on good...

  Published on January 21, 2016

• Security and Resilience in eHealth Infrastructures and Services

  The aim of this study is to investigate the approaches and measures MS take to protect critical healthcare systems, having as a main goal improved healthcare and patient safety. In that respect this study analyses: - The policy context in Europe...

  Published on December 18, 2015

• Analysis of ICS-SCADA Cyber Security Maturity Levels in Critical Sectors

  This study reveals the current maturity level of ICS-SCADA cyber security in Europe and identifies good practices used by European Member States to improve this area. The first and second part of this study introduces us to the ICS-SCADA cyber...

  Published on December 11, 2015

• Secure Use of Cloud Computing in the Finance Sector

  In creating this report we analysed input from a number of different sources to better understand the usage of cloud services in the finance sector. Based on the analysis we provide recommendations to financial institutions, regulators and cloud...

  Published on December 07, 2015

• Methodologies for the identification of Critical Information Infrastructure assets and services

  This study aims to tackle the problem of identification of Critical Information Infrastructures in communication networks. The goal is to provide an overview of the current state of play in Europe and depict possible improvements in order to be...

  Published on February 23, 2015

• Certification of Cyber Security skills of ICS/SCADA professionals

  This document explores how current initiatives on certification of professional skills are related to the topic of ICS/SCADA cyber security. It also identifies the challenges and proposes a series of recommendations towards the development of...

  Published on February 19, 2015

• Network and Information Security in the Finance Sector

  Securing cyberspace and e-communications has become both a governmental and an Industry priority worldwide. The growing relevance of information and communication technologies in the essential functions of the economy has reinforced the necessity of...

  Published on January 15, 2015

• Threat Landscape of Internet Infrastructure

  This study details a list of good practices that aim at securing an Internet infrastructure asset from Important Specific Threats. A gap analysis identifies that some assets remain not covered by current good practices: human resources...

  Published on January 15, 2015

• Smart Grid Security Certification in Europe

  The report describes the need for harmonised European smart grid certification practices which cover the complete smart grid supply chain, and are supported by a European platform based on M/490 SGAM1 (Smart Grid Architecture Model) and the concept...

  Published on December 19, 2014

• Mutual Aid for Resilient Infrastructure in Europe (M.A.R.I.E.) - Phase II: Recommendations Report

  This report presents 5 main recommendations which will –if implemented- improve emergency preparedness for ICT Stakeholders. The results of the preliminary study performed in 2011 showed that the preparedness for Black Swan events (low probability...

  Published on December 16, 2013

• Good Practices for an EU ICS Testing Coordination Capability

  There is growing interest in ICS security testing in Europe. This has led to the current situation in which several initiatives have emerged. Unfortunately, they are mostly considered immature, with poor or no coordination between them and room for...

  Published on December 10, 2013

• Window of exposure… a real problem for SCADA systems?

  Much of Europe’s critical infrastructure which resides in sectors such as energy, transportation,water supply is largely managed and controlled by SCADA (Supervisory Control and Data Acquisition) systems, a subgroup of Industrial Control Systems...

  Published on December 06, 2013

• Can we learn from SCADA security incidents?

  Security experts across the world continue to sound the alarm bells about the security of Industrial Control Systems (ICS). Industrial Control Systems look more and more like consumer PCs. They are used everywhere and involve a considerable...

  Published on October 09, 2013

• Appropriate security measures for smart grids

  This document introduces a set of cyber security measures for smart grids. These measures are organised in ten (10) domains and three sophistication levels.

  Published on December 19, 2012

• Emergency Communications Stocktaking

  The Emergency Communications Stocktaking project is an initiative of the European Network and Information Security Agency (ENISA) to determine how emergency services communicate within their own organisations and with each other in times of...

  Published on December 19, 2012

• ENISA Smart Grid Security Recommendations

  This study makes 10 recommendations to the public and private sector involved in the definition and implementation of smart grids. These recommendations intend to provide useful and practical advice aimed at improving current initiatives, enhancing...

  Published on July 10, 2012

• ENISA Report on Resilient Internet Interconnections

  This study provides an overview of past incidents that impaired the Internet’s interconnection fabric, and discusses good practices to limit or avoid the impact of future crises events.

  Published on June 21, 2012

• Ontology and taxonomies of resilience

  Existing standards in the field have so far only addressed resilience indirectly and thus without detailed definition of the taxonomy and thus of the semantics of security. The primary purpose of an ontology and taxonomies defined in this context is...

  Published on December 21, 2011

• Mutual Aid Agreements

  This Mutual Aid for Resilient Infrastructure in Europe (MARIE) Phase 1 Report presents twelve Key Observations about MAAs and in so doing lays the foundation for a number of recommendations, which are planned for the MARIE Phase 2 Report (in 2012). ...

  Published on December 19, 2011

• Annex VI. Minutes of the Workshop

  Annex VI of the report "Protecting Industrial Control Systems. Recommendations for Europe and Member States" includes the minutes from the validation workshop held in Barcelona, 16 Sept, 2011.

  Published on December 14, 2011

• Annex V. Key Findings

  Annex V of the report "Protecting Industrial Control Systems. Recommendations for Europe and Member States" presents the key findings of the ENISA ICS Security study.

  Published on December 14, 2011

• Annex IV. ICS Security Related Initiatives

  Annex IV of the report "Protecting Industrial Control Systems. Recommendations for Europe and Member States" overviews the inititatives on the ICS security.

  Published on December 14, 2011

• Annex III. ICS Security Related Standards, Guidelines and Policy Documents

  Annex III of the report "Protecting Industrial Control Systems. Recommendations for Europe and Member States" presents Standards, Guidelines and Policy Documents related to the area.

  Published on December 14, 2011

• Annex II. Survey and Interview Analysis

  Annex II of the report "Protecting Industrial Control Systems. Recommendations for Europe and Member States" presents the results of the survey and the interviews.

  Published on December 14, 2011

• Annex I: Desktop Research Results

  Annex I of the report "Protecting Industrial Control Systems. Recommendations for Europe and Member States" presents the results of the literature-based stock taking.

  Published on December 14, 2011

• Protecting Industrial Control Systems. Recommendations for Europe and Member States

  The report describes the current situation of Industrial Control Systems security and proposes seven recommendations to improve it. The recommendations call for the creation of the national and pan-European ICS security strategies, the development...

  Published on December 14, 2011

• A Security Analysis of Next Generation Web Standards

  The web browser is arguably the most security-critical component in our information infrastructure. It has become the channel through which most of our information passes. ENISA is seizing a unique chance to make detailed recommendations for...

  Published on July 31, 2011

• Secure Software Engineering Initiatives

  Most high-profile cyberattacks are enabled by flaws in computer systems‟ software, so-called software vulnerabilities in the application layer. As a preliminary step towards addressing the problem of software vulnerabilities, we have compiled a...

  Published on May 01, 2011

• Policy statement

  Position statement prepared for the Ministerial Conference on CIIP organised by the Hungarian EU Presidency in Balatonfüred on 14-15 April 2011

  Published on April 15, 2011

• Resilience of the Internet Interconnection Ecosystem

  This study looks at the resilience of the Internet interconnection ecosystem. The Internet is a network of networks, and the interconnection ecosystem is the collection of layered systems that holds it together. The interconnection ecosystem is...

  Published on April 11, 2011

• Botnets: Measurement, Detection, Disinfection and Defence

  “Botnets: Measurement, Detection, Disinfection and Defence” is a comprehensive report on how to assess botnet threats and how to neutralise them. It is survey and analysis of methods for measuring botnet size and how best to assess the threat...

  Published on March 07, 2011

• Botnets: 10 Tough Questions

  As part of the project “Botnets: Detection, Measurement, Mitigation & Defence” a series of questions was discussed by internationally renowned experts in the field of botnets between September and November 2010. This document presents a...

  Published on March 07, 2011

• Resilience Metrics and Measurements: Technical Report

  During the ENISA survey study on 'Resilience Metrics and Measurements: Challenges and Recommendations' it was found that there is lack of a standardised framework or good metrics. Resilience was not considered to be a well-defined term and depending...

  Published on February 01, 2011

• Resilience Metrics and Measurements: Challenges and Recommendations

  As part of the study run by ENISA, a set of metrics-specific questions was sent to a group of stakeholders. These questions concerned how resilience is measured on a sector basis (the surveyed participants were from public and private...

  Published on February 01, 2011