National Cybersecurity Strategies

In a constantly changing cyber threats environment, EU Member States need to have flexible and dynamic cybersecurity strategies to meet new, global threats. A national cybersecurity strategy (NCSS) is a plan of actions designed to improve the security and resilience of national infrastructures and services. It is a high-level top-down approach to cybersecurity that establishes a range of national objectives and priorities that should be achieved in a specific timeframe. Currently all countries in the European Union have a National Cybersecurity Strategy (NCSS) as a key policy feature, helping them to tackle risks which have the potential to undermine the achievement of economic and social benefits from cyberspace.

Apart from tackling cybersecurity risks, a strategy builds on collaboration. Some of the most important settings to improve collaboration between stakehodlers is Information Sharing and the creation of Public-Private Partnerships.

NCSS Interactive Map

Strategy

Visit our Interactive Map to see all the national cybersecurity strategies in Europe. The ENISA NCSS Map lists all the documents of National Cybersecurity Strategies in the EU together with their strategic objectives and good examples of implementation.

ENISA's work on National Cybersecurity Strategies

ENISA’s work in supporting these strategies has focused on the analysis of existing NCSS; on the development and implementation of NCSS; on outlining and raising awareness of good practice to provide guidance and practical tools to the Member States for evaluating their NCSS.

A common objective of every European national cybersecurity strategy is collaboration to enhance cybersecurity across all levels, from threat information sharing to awareness raising. Collaboration is often achieved through two formal structures: Information Sharing and Analysis Centres (ISACs) and Public Private Partnerships (PPPs).

ENISA's work on Information Sharing

Information sharing between national stakeholders but even in cross country cases is one important aspect for cybersecurity. Knowledge on tackling cyber attacked, incident response, mitigation measures and preparatory controls can be shared between the relevant stakeholders. ENISA has invested on this objective and provides good practices and recommendations.

Recommended publications

ENISA's work on Public Private Partnerships

Cooperation in the form of PPPs has evolved in many Member States depending on the environment, culture and legal framework. The need for a European view is demonstrated initially by the European Public Private Partnership for Resilience (EP3R) in 2009 that is engaging with National PPPs to address Critical Information Infrastructure Protection (CIIP) issues at European level. European legislations like the Cybersecurity Strategy of the European Union in 2013, the NIS Directive in 2016, the proposal for the Cybersecurity Act in 2017, underline the importance of cooperation and trust building through public-private partnerships.

Recommended publications

Related Workshops

ENISA has worked towards this direction offering incentives and actual recommendations on how to setup and run a PPP.