National Cyber Security Strategies
In a constantly changing cyber threats environment, EU Member States need to have flexible and dynamic cyber security strategies to meet new, global threats. A national cyber security strategy (NCSS) is a plan of actions designed to improve the security and resilience of national infrastructures and services. It is a high-level top-down approach to cyber security that establishes a range of national objectives and priorities that should be achieved in a specific timeframe.
Context
The cross-border nature of threats makes it essential to focus on strong international cooperation. Cooperation at pan European level is necessary to effectively prepare, but also respond to cyber-attacks. Comprehensive national cyber security strategies are the first step in this direction
In order to strengthen critical infrastructure against various threats and to uphold the trust of the EU citizens, the European Commission has proposed the Network and Information Security Directive (NIS Directive) in 2013.
In December 2015, the European Parliament and the Council reached an agreement on the Commission’s proposal. The European Parliament adopted the final Directive in July 2016 and it entered into force in August 2016.
The aim of the NIS Directive is to improve the EU Member States’ national cybersecurity capabilities, enhancing the cooperation between the Member States, the public and the private sector, while also requiring companies in critical sectors to report major incidents to national authorities and to adopt risk management practices.
One of the main provisions of the NIS Directive requires EU Member States to develop and adopt a national cybersecurity strategy (NCSS). ENISA is supporting the efforts of EU Member States since 2012 by providing guidelines on how to develop, implement and update NCSS, analysing existing strategies and outlining good practices.
ENISA also created an interactive informative map to present the situation of the cyber-security strategies adoption across EU. Please visit the map in our enisa website.
Reports
- National Capabilities Assessment Framework (2020)
- Good practices in innovation on Cybersecurity under the NCSS(2019)
- National Cybersecurity Strategies Evaluation Tool (2018)
- Updated NCSS Good Practice Guide (2016)
- Evaluation Framework for national cyber security strategies (2014)
- Good practice guide on implementing a national cyber security strategy (2013)
- Desk research on national cyber security strategies (2012)
Experts group
In 2014 ENISA created a working group with experts from the member states and EFTA countries to support the activities on this topic and to support the member states in implementing their strategy. More details on the working group can be found here.
Please read the Terms of Reference for this Experts Group
And the Privacy Statement