In a constantly changing cyber threats environment, EU Member States need to have flexible and dynamic cybersecurity strategies to meet new, global threats. A national cybersecurity strategy (NCSS) is a plan of actions designed to improve the security and resilience of national infrastructures and services. It is a high-level top-down approach to cybersecurity that establishes a range of national objectives and priorities that should be achieved in a specific timeframe. Currently all countries in the European Union have a National Cybersecurity Strategy (NCSS) as a key policy feature, helping them to tackle risks which have the potential to undermine the achievement of economic and social benefits from cyberspace.
Apart from tackling cybersecurity risks, a strategy builds on collaboration. Some of the most important settings to improve collaboration between stakehodlers is Information Sharing and the creation of Public-Private Partnerships.
NCSS Interactive Map
Visit our Interactive Map to see all the national cybersecurity strategies in Europe. The ENISA NCSS Map lists all the documents of National Cybersecurity Strategies in the EU together with their strategic objectives and good examples of implementation.
ENISA's work on National Cybersecurity Strategies
ENISA’s work in supporting these strategies has focused on the analysis of existing NCSS; on the development and implementation of NCSS; on outlining and raising awareness of good practice to provide guidance and practical tools to the Member States for evaluating their NCSS.
- National Capabilities Assessment Framework (NCAF)
- Raising Awareness of Cybersecurity, a key element of NCSS
- Good practices in innovation on Cybersecurity under the NCSS
- Updated NCSS Good Practice Guide
- NCSS: an Implementation Guide
- National Cybersecurity Strategies
- An Evaluation Framework for NCSS
- Incentives and barriers of the cyber insurance market in Europe
- Cyber Insurance: Recent Advances, Good Practices and Challenges
A common objective of every European national cybersecurity strategy is collaboration to enhance cybersecurity across all levels, from threat information sharing to awareness raising. Collaboration is often achieved through two formal structures: Information Sharing and Analysis Centres (ISACs) and Public Private Partnerships (PPPs).
ENISA's work on Information Sharing
Information sharing between national stakeholders but even in cross country cases is one important aspect for cybersecurity. Knowledge on tackling cyber attacked, incident response, mitigation measures and preparatory controls can be shared between the relevant stakeholders. ENISA has invested on this objective and provides good practices and recommendations.
Recommended publications
- Information Sharing and Analysis Center (ISACs) - Cooperative models
- Incentives and Barriers to Information Sharing
- Good Practice Guide on Information Sharing
ENISA's work on Public Private Partnerships
Cooperation in the form of PPPs has evolved in many Member States depending on the environment, culture and legal framework. The need for a European view is demonstrated initially by the European Public Private Partnership for Resilience (EP3R) in 2009 that is engaging with National PPPs to address Critical Information Infrastructure Protection (CIIP) issues at European level. European legislations like the Cybersecurity Strategy of the European Union in 2013, the NIS Directive in 2016, the proposal for the Cybersecurity Act in 2017, underline the importance of cooperation and trust building through public-private partnerships. ENISA has worked towards this direction offering incentives and actual recommendations on how to setup and run a PPP.
Recommended publications
- Public Private Partnerships (PPP) - Cooperative models
- EP3R 2009-2013 Future of NIS Public Private Cooperation
- Good Practice Guide on Cooperative Models for Effective PPPs
- Desktop Research on Public Private Partnerships
Related Workshops
- 1st ENISA National Cybersecurity Strategies workshop (November 2014, Brussels)
- 2nd ENISA National Cybersecurity Strategies workshop (May 2015, Riga)
- 3rd ENISA National Cybersecurity Strategies workshop (September 2015, Luxembourg)
- 4th ENISA National Cybersecurity Strategies workshop (October 2016, Bratislava)
- 5th ENISA National Cybersecurity Strategies workshop (October 2017, The Hague)
- 6th ENISA National Cybersecurity Strategies workshop (September 2018, Helsinki)
- 7th ENISA National Cybersecurity Strategies workshop (September 2019, Warsaw)
- 8th ENISA National Cybersecurity Strategies workhsop (October 2020, Online)
- 9th ENISA National Cybersecurity Strategies workshop (November 2021, Online)