European Commission proposes more powers for EU's infosec agency

Cross-border cybersecurity certification scheme planned

Jean-Claude Juncker speaking in front of EU flag
Jean-Claude Juncker, president of the European Commission

The European Commission has proposed an expansion in the role of ENISA, the EU's cybersecurity agency.

During his State of the Union speech on Wednesday, Jean-Claude Juncker outlined plans to widen ENISA's remit through a Cybersecurity Act. Under a revised mandate, ENISA would be tasked with introducing an EU-wide cybersecurity certification scheme. The thinking is that the agency would be able to counter threats more actively by becoming a centre of expertise for cybersecurity certification and standardisation of ICT products and services.

The agency would also support member states in implementing the Network and Information Security (NIS) Directive and be take a role in reviewing the EU Cybersecurity Strategy, an upcoming blueprint for cyber-crisis cooperation.

Dr Udo Helmbrecht, executive director of ENISA, said in a canned statement: "I welcome the proposal from the Commission to strengthen and expand ENISA's mandate by addressing certification and standardisation of ICT products and better cooperation in relating to preparing and addressing cross-border cybersecurity challenges in Europe. I believe that these initiatives will improve the Digital Single Market and strengthen the ICT industry in Europe."

Senior eurocrats said the revised mandate would include the development of new cybersecurity tools, but details remain unclear. ENISA declined to comment on what it pointed out were draft proposals.

ENISA has been operational since 2005 and is based on the Greek island of Crete. The agency has sought to improve network and information security in the EU, partly by acting as a centre of expertise for both member states and EU institutions. As a think tank, ENISA has published research about everything from connected cars to the security of industrial control systems. ENISA has also played a central role in organising a series of pan-European cybersecurity exercises.

Infosec researcher Claus Cramon Houmann commented: "Good news overall, specifics remain to be proven beneficial and ENISA in Greece isn't optimal at all." ®


Biting the hand that feeds IT © 1998–2017