On 7 June 2019 the Cybersecurity Act was published in the EU Official Journal. The Act considerably strengthens the position of ENISA Agency and recognizes it as the EU Agency for Cybersecurity.
The Act will come into force on 27 June 2019. Based on this Act the Agency will be able to provide more efficient support and cooperation to Member States in cybersecurity incident handling and response to cyber threats and attacks.
Strengthening the Agency’s mandate is an important step in enhancing the security of European cyberspace. The most important changes concern the Agency’s overall position:
- Permanent mandate for ENISA – ENISA Agency has been given a permanent mandate with increased staffing and funding. Its mandate covers execution of tasks according to Cybersecurity Act, with aim to achieve a high level of cybersecurity in the European Union. ENISA acts as a Point of Single Contact for consultancy and expert knowledge in the field of cybersecurity for institutions, bodies, authorities and agencies of the European Union and also for other relevant parties in the Union concerned. The aim of the Agency is to:
- help EU institutions, bodies, authorities and agencies as well as Member States in development and implementation of EU policies related to cybersecurity,
- support capacity building and preparedness for cybersecurity threats and attacks at the European Union level,
- promote cooperation, information exchange and coordination among Member States, EU institutions, bodies, authorities and agencies as well as relevant private and public parties being involved in cybersecurity issues,
- enhance capabilities in the field of cybersecurity,
- support the use of the European cybersecurity certification,
- promote and spread a high level of cybersecurity awareness, including cyber hygiene and cyber literacy of citizens, organisations and enterprises.
- Certification Framework – within the Cybersecurity Certification Framework, ENISA Agency will have the tasks related to the market economy, especially in preparation of certification frameworks, whereas it will provide professional help and cooperation to national certification bodies and representatives of the industry. The task of ENISA is to:
- constantly monitor development in related standardization areas and provide recommendations of technical specifications suitable for development of European cybersecurity certification systems,
- elaborate European cybersecurity certification systems for ICT products, services and processes,
- evaluate adopted European cybersecurity certification systems,
- take part in partners’ reviews,
- assist the Commission with providing the Secretariat for ECCG group,
- Capacity building – ENISA will improve its support to Member States and EU institutions in the process of creation, implementation and revisions of rules and policies in the cybersecurity field as well as in capacity building, dissemination of security awareness, operational cooperation and information exchange. This form of support is very broad and includes for example the following areas:
- exchange of know-how and best practices,
- consulting service and guidance to issues related to cybersecurity,
- effective exchange of information, escalation procedures between CSIRT network and subjects responsible for technical and political decisions at European Union level,
- support EU institutions, bodies, authorities and agencies as well as support of sharing of information related to cybersecurity incidents or crises,
- analysis of emerging technologies and topic-focused evaluation of expected social, legal, economic and regulatory impacts of technological innovations on,
- public awareness on cybersecurity risks, consultancy, best-practice approaches for users, organisations and companies
Slovak Republic is in ENISA represented by Rastislav Janota from National CSIRT unit SK-CERT, who is a member of the ENISA Management Board. For Slovakia and other Member States, current changes in mandate for ENISA represent a crucial step towards high level of cyber security at European Union level.
The regulation can be found online at the following link Cybersecurity Act.
« Späť na zoznam