The European Union’s Agency for Network and Information Security (ENISA) should expand its collaboration with Computer Security Incident Response Teams (CSIRTs) in the Member States, and include countries beyond the EU in its outreach, according to a review and impact assessment published in November. The report includes more than 20 recommendations for new and expanded activities - ‘roadmap to 2020’.
Among these recommendations, ENISA should carry out pan-European exercises to protect critical IT infrastructure, and improve the communication of it’s opinions and recommendations. The agency should also expand its services for other CSIRTs, and offer a two-speed approach for services and trainings, to accommodate less and more mature CSIRTs.
The impact assessment was published on 12 November. The study appraises the contribution of ENISA to the computer security incident response community. ENISA’s current CSIRT activities include capacity building in sharing best practice and training, supporting CSIRTs in collaboration with law enforcement, and improving crisis cooperation.
The authors expect that ENISA’s objectives will change once the Network and Information Security (NIS) Directive is adopted. This legal act increases ENISA’s role in operating a cooperative network, and in helping the Member States with expertise and advice. The NIS Directive also suggests that ENISA organise the development of an EU-wide cooperation plan to counter incidents and reduce risks.
The study is based on document reviews, online surveys, one-to-one interviews and an internal ENISA workshop with input from key CSIRT experts.