ENISA to Lead €36m EU-Wide Cybersecurity Response Initiative
▼ Summary
– ENISA is receiving €36 million to manage the EU Cybersecurity Reserve, a virtual pool of incident response services from private providers established by the EU Cyber Solidarity Act.
– This initiative aims to enhance cyber-resilience by improving response and recovery efforts for significant or large-scale cybersecurity incidents affecting EU member states, institutions, and associated third countries like the UK and Ukraine.
– ENISA will procure incident response services and assess support requests from member states’ cyber-crisis management authorities, CSIRTs, or CERT-EU, with only critical sectors under NIS2 considered eligible.
– Unused “pre-committed services” can be converted into incident prevention and preparedness services, as stated by ENISA.
– ENISA is developing a cybersecurity certification scheme for managed security services, focusing first on incident response through the EU Cybersecurity Reserve, with providers required to certify within two years of the scheme’s implementation.
The European Union has allocated €36 million to ENISA to spearhead a major cybersecurity response initiative aimed at strengthening collective resilience against large-scale cyber incidents. This funding will empower the EU’s cybersecurity agency to coordinate rapid and effective countermeasures, ensuring a unified and robust defense posture across member states and key partner nations.
Under a newly signed contribution agreement, ENISA will operate the EU Cybersecurity Reserve, a virtual pool of trusted private sector incident response services established by the EU Cyber Solidarity Act. The initiative is designed to enhance Europe’s ability to respond to and recover from significant cyber disruptions affecting critical infrastructure, EU institutions, and associated third countries such as the UK and Ukraine.
The €36 million budget, to be utilized over a three-year period, will enable ENISA to procure incident response capabilities and evaluate support requests from national cyber-crisis management authorities, CSIRTs, and CERT-EU. Requests from Digital Europe Programme (DEP) countries will be directed to the European Commission for further assessment. Only entities within critical sectors outlined in the NIS2 Directive will be eligible for assistance.
Unused pre-committed services may also be reallocated toward incident prevention and preparedness activities, adding flexibility to the program. Juhan Lepassaar, ENISA’s Executive Director, emphasized that this responsibility positions the agency as a dependable partner within the European cybersecurity ecosystem and marks a significant step toward a more secure digital single market.
In a related development, ENISA is advancing a European cybersecurity certification scheme for managed security services, with an initial emphasis on incident response delivered through the Cybersecurity Reserve. Providers will be required to certify their services within two years after the scheme is formally adopted. This effort builds on the first such certification framework introduced last year, reinforcing the EU’s commitment to standardized and trustworthy cybersecurity practices.
(Source: Info Security)
