Greece wants more money, top role for EU cyber security agency

EU member states outlined a range of measures to stop and respond to hackers. [Jisc]

Greece wants the European Commission to give the Athens-based European Union Agency for Network and Information Security (ENISA) more money and the leading role in managing Europe’s cyber security issues as part of a legal overhaul next month.

“We want ENISA to have a bigger role in cyber security and the only role in cyber security,” Vassilis Maglaras, the secretary general for communications at Greece’s ministry for digital policy, told EURACTIV.com in an interview.

The Commission will announce a new legal role for the agency in September. ENISA has spent the last few years pushing for a budget increase, but the Commission has so far refused to bump up the agency’s funding, which now totals an annual €11 million.

“We also want ENISA to develop further and to have more money, more personnel and all the opportunities to play in this very problematic and antagonistic sector,” said Maglaras, who oversees the Greek digital ministry’s relations with ENISA.

“It’s an organisation that had a mandate that was irrelevant 15 years ago, it was very small because the ICT sector was not so developed. But now it’s a very huge issue so it has to have more money,” he added.

Maglaras pointed to new cyber security and terrorism threats from automated machines as reasons to invest more in ENISA’s ability to research and coordinate responses to hacking attacks.

EU agency asks Commission to 'avoid fragmentation' in new cyber security plans

The EU needs to step up its cooperation between civil and military cyber security authorities when member states are attacked by hackers, according to the EU cyber security agency ENISA.

ENISA is likely to receive a small boost as part of next month’s legal change, one senior EU official said on condition of anonymity.

The agency was founded in 2004 and employs 84 people; around 42% of its staff is Greek. ENISA is moving most of its staff to work out of its Athens office. Previously, many employees were based in Heraklion, on the island of Crete.

Maglaras argued that the Commission should give ENISA more money and responsibility to work on cyber security—but insisted that Greece won’t be one of the main benefactors of such an overhaul.

“Cyber security, if it’s important for the Greek economy, it’s ten times more important for the German economy and eight times more important for the French economy because these are more industrial economies, more developed, more automated and use more new technologies,” he said.

“It’s a European thing. A stronger ENISA is a stronger and safer Europe, it isn’t for a safer Greece.”

Some EU countries are reluctant to share sensitive information with ENISA and with authorities in other member states when they experience cyber security attacks. As a result of its small staff and lukewarm cooperation from some countries, ENISA’s ability to coordinate EU-wide responses to cyber security incidents has been limited. New EU cyber security legislation set to go into effect next year is expected to change that: member states will be required to share more information.

ENISA’s struggle for a budget increase has also been complicated by the increasing competition from other EU offices that work on cyber security. The EU aviation agency EASA, defence agency EDA and space agency ESA all work on cyber security, in addition to the Commission’s in-house response unit for cyber security breaches and CERT-EU, the office overseeing member states’ national cyber security authorities.

As EURACTIV reported last month, ENISA has asked the Commission to transform the agency into a “cyber security coordination hub” in charge of assessing security threats and organising safety certification for technology products.

The agency wants the Commission to “avoid fragmentation” between the different EU bodies working on cyber security, according to the position paper it sent to the Brussels this summer.

In addition to the new legal basis for ENISA, the Commission will next month publish an updated EU cyber security strategy and announce new measures on cyber security certification for products.

Ansip plans new EU cybersecurity centre

EU digital chief Andrus Ansip wants to set up a new office to certify the cybersecurity level of technology products — which would make them more competitive globally — as part of an overhaul of the bloc’s rules in September.