by: Dr. Claire Vishik
In today’s fast-paced world, ten years is a long time, and nothing changes as fast as the technology landscape. When ENISA was formed in 2004, the importance of cybersecurity was already well understood, but the diversity and dynamism of the ICT space that we know today was yet to emerge. 2004 was before tablets and smart phones became ubiquitous, before Smart Grid was adopted in many countries; the time when the Internet users numbered less than one billion, as opposed to three billion in 2014. It was before most European countries have formed CERTs and before large scale CERTs cooperation became firmly established. It was before Cloud Computing became a household word.
ENISA has been instrumental in making sense of rapid technology changes and their effect on all stakeholders in cybersecurity. The agency reports introduce views on a number of emerging complex issues validated by diverse groups of experts. ENISA’s reports cover a range of topics including R&D strategies in cybersecurity, requirements for secure Cloud, Smart Grid certification, views on standardization and technical priorities in multiple technology areas, such as supply chain, Internet-based healthcare solutions, social networks, privacy and data protection, and many other. In order to incorporate the diversity of views and positions across various stakeholder communities, ENISA has developed connections to broad networks of experts in a wide range of fields, spanning all EU member states. The growing community of practice gave the agency unparalleled ability to collect diverse opinions on a subject and enable multiple constituencies to reach consensus on a potentially divisive issue.
Ten years ago, ENISA entered an uncharted territory where the ways to balance the need of national security and global nature of most cybersecurity issues has not been well understood, even in a cohesive region such as the European Union. The agency can be credited with developing new approaches to cooperation through coordination, supporting the collaboration of CERTs, conducting first preparedness exercises, establishing the cybersecurity awareness month in the EU, and facilitating joint understanding of key technology trends.
On October 1st 2014, the European Union officials and ENISA stakeholders from industry, academia, consumer advocacy organizations, and governments of EU member states met to celebrate the first ten years of ENISA’s work. At the meeting, the importance and success of ENISA’s work in 2004-2014 was strongly recognized. But more work needs to be done. Under the expanded charter of ENISA adopted in 2013, ENISA will continue to help us make sense of complex issues in cybersecurity, bringing constituencies and stakeholders closer together to make cyberspace more secure.