The Network and Information Security Agency (ENISA) is an agency of the European Union created to improve the efficiency of the internal market. The agency acts as a consultant and center of advanced technology in the field of network and information security for member states and institutions of the European Union. In addition, the agency promotes the development of relations between EU member states, EU institutions, business entities and private business.
For a long time, public welfare and economic stability have relied on the reliable operation of data networks and computing services. The functioning of key public information systems is influenced by many factors: Internet attacks, disruptions caused by physical impact, failure of software and hardware, human errors. The listed phenomena clearly demonstrate how modern society depends on the stable operation of information systems. A similar thought is repeated in the German cybersecurity strategy: “Ensuring the availability of cyberspace, as well as the integrity, reliability and confidentiality of information in cyberspace has become one of the most important challenges of the 21st century. That is why the protection of cyberspace is becoming the main task of the state, economy and society, both at the state and international levels. ”
At some meetings of the European Commission, the importance of network and information security and the need to create a single European Information Space were emphasized. Existing and ongoing revisions to the legal framework3, as well as recent European Commission Meetings on Critical Information Infrastructure4 Protection4 (CIIP), propose practical measures and regulations to strengthen the security and reliability5 of public networks.
Cybersecurity is increasingly viewed as a strategic issue of national importance that affects all sectors of society. The national cyber security strategy (NCSS) serves as a means of enhancing the security and reliability of a state’s information systems. In the strategy, a high-level and top-down approach is applied to the problem of cybersecurity: a number of government goals and priorities are put forward that must be achieved within a certain period of time. In fact, the strategy is a model for solving the problem of cybersecurity within the state.
In order to support the member states of the European Union in the important mission of developing and supporting public cybersecurity policies, ENISA is developing a special guide6 (Good Practice Guide). The guide provides guidance as well as best practices for developing, implementing and maintaining a cybersecurity strategy.
This document presents preliminary results from the work on the guide. The document includes a brief analysis of the current state of cybersecurity strategies of the EU member states, as well as other countries; then the common features and differences in strategies are identified; and at the very end there are a number of conclusions and recommendations.