By Kyriaki Christodoulou
Society is increasingly digital and because new technology is adopted rapidly, the cybersecurity threat landscape changes constantly making cybersecurity a challenging area, ENISA Executive Director Dr. Udo Helmbrecht told the Cyprus News Agency in an interview.
He also pointed out that in cybersecurity, information sharing is key to success, although he admitted that in practice it is often difficult to define exactly what information needs to be shared, with whom and for what purpose.
Helmbrecht has been the Head of ENISA, the European Union Agency for Network and Information Security, since 2009. ENISA’s mission is to improve cybersecurity across the EU. The Agency support Member States’ governments and industry in the EU in their efforts to understand and respond to the rapidly changing cyber-threat environment.
ENISA publishes a cybersecurity threat landscape annually that highlights the changes year after year.
“Cyber-crime is one part of the problem. Security vulnerabilities in ICT (Information and Communications Technology), for example, can leave the door open for fraud and other crime. ENISA collaborates with all the relevant actors to address issues arising out of this changing threat environment,” he told CNA.
“IoT (the Internet of Things) is a very challenging development, from a security perspective. Predictions are that in 2020, 20 billion devices will be connected to the Internet. It is important to understand how these connected devices can be secured and to implement adequate security from the start. Insecure IoT devices opens the door to abuse by criminals,” he explained.
Since ENISA does not interact directly with the public, its efforts are to reach the citizen through a dialogue with ‘multiplier organisations’ who themselves undertake this role. In this capacity, ENISA raises awareness about cyber security by organising the European Cyber Security Month (ECSM), every year in October.
“This is a month long programme of activities and events, each one organised jointly by public and private sector and targeting a wide variety of stakeholders. The events take place all over Europe and the underlying idea is to exploit synergies between campaigns and to encourage the member States and the private sector to share awareness raising material and experience,” he said. For more information visit cybersecuritymonth.eu/.
ENISA also runs the EU Cybersecurity Challenge (ECSC), which builds upon national initiatives by inviting teams of young people (school and/or university level) to compete in a ‘capture the flag’ initiative at EU level. “This encourages young people to consider a career in cybersecurity and provides government and industry with a pool of potential talent,” he said.
ENISA also organises Cyber Europe, which is a bi-annual pan-European cybersecurity exercise and one of the largest exercises in the world, involving hundreds of organisations from across the EU. Cyber Europe 2018 was the fifth exercise, which focused on Aviation, involving more than 1,000 participants, from organizations such as civil aviation authorities, airport companies, air carriers, etc.
“ENISA has a long history of working together with industry to ensure that lessons learned and good practice are shared in an efficient manner across the EU and across different industry segments,” he said.
Hembrecht said SMEs are a very important part of the EU economy and the digital market. “ENISA believes that cybersecurity can be an enabler for European SMEs and even be an important business opportunity. ENISA actively supports SMEs with dedicated whitepapers and guidelines, such as for example the guideline for SMEs on how to adopt cloud securely. In addition, the Agency hosts the ENISA Industry Group twice a year – this is a group composed almost exclusively of SMEs in cybersecurity. The issues discussed in this group are selected to offer support to the EU SME cybersecurity community and the response from the community to date has been enthusiastic,” he told CNA.