To protect ourselves from threats in all our living spaces - our neighbourhoods, schools, roads or airports - we implement protection measures while also trying to minimise exposure to threats through legislation and law enforcement.
Depending on the strength of the measures taken to protect valuable assets, the security of these spaces may range from low (such as disreputable areas) to high (such as airports). The same applies to cyber space. Threats posed by various actors are setting the scene for potential losses of legitimate digital assets.
In addition, these are rapidly evolving, they are not clearly associated with assets and they cannot be easily assigned to threat actors. This creates to an insecure environment within which we are called to implement and deploy all kinds of products, services and digital activities.
Compounding this, various high-capability actors - both malicious and legitimate - are carrying out their activities in cyberspace. Malicious actors include cybercriminals, cyber-terrorists and organised crime.
Meanwhile, computer security incident response teams (CSIRTs), military cyber-defence and law enforcement are examples of those acting to counter upcoming threats. All malicious actors have the capacity to develop and launch complex cyberattacks and to identify weaknesses in cyber-components. According to new trends in attack practices, there is currently increased automation of cyber-attacks.
In parallel, we have vendors looking to bring their products to market within increasingly shorter timescales, seeking to gain a market advantage and develop wider customer bases through innovating products, services and user experience.
At the same time, users are eager to become early adopters of those innovative products and services considered ‘cool tools’ to improve their lives, how they interaction with others or to be seen to have the latest prestigious gadgets.
Clearly, this means that the early detection of cyber-threats and cyber-weaknesses is essential. Those responsible for defence need to establish e¬ffective and efficient means for assessing threats and for developing appropriate protection as quickly as possible. They also need to alert users - many of whom are non-literate on digital assets - and ensure that the protection measures developed are implemented in their devices.
The increasing number of cyber-incidents make it clear that these e¬fforts have not yet delivered to satisfactory results. The work of defenders cannot as yet counterbalance the advances in malicious practices in cyber-space. This constitutes the main challenge in cybersecurity.
Both the increased complexity and the automated nature of cyber-attacks are crippling existing best practices in cyber-defence. Hence, public and private organisations need to both develop automatic means to protect the infrastructure and to deliver sufficient intelligence to users to enable them to understand the threat landscape.
Such advances will reduce the ‘attack surface’, by minimising the weaknesses of digital assets and increase agility of protection measures. This will permit a highly adaptable, orchestrated defence plan.
Some best practices currently include providing actionable cyberthreat intelligence, enforcing efficient infrastructure management practices (i.e. patch/version management, error and incident handling), detecting and preventing intrusion, providing redundant capacities of both components and people and coordinating responses to incidents.
ENISA supports member states and the private sector in developing and disseminating of such good practices. Since the early days of cyber-threat intelligence back in 2013, ENISA has been issuing reports summarising the main cyber-threats, together with their relevance to emerging technology areas. This work provides information on the various threats, including interesting points, emerging trends, threat agents and mitigation measures.
Based on this threat landscape, assessments of threats to various emerging technology areas have been performed. These cover various emerging technology areas such as: cloud computing, mobile devices (BYOD), smart grids, mobile to mobile communication, software-defined networks, big data, Internet of Things (IoT) and smart airports.
Moreover, since 2017 ENISA has started assessing security challenges of new technologies. This work has been documented via the Crystal Ball paper. This examines technology areas, that have been identified via a comprehensive assessment performed among a number of stakeholders from industry, research and academia.
As well as assessing cyber-security challenges, this work aims to identify threat groups applying to these technologies. Based on those threats, those issues that need to be taken into account can be identified.
Finally, via a series of events, ENISA aims to team up with experts in the field of cyber-threat intelligence and contribute to a stronger collaboration between related market and research players.
The ENISA-FORTH NIS Summer School 2018, for example, o¬ffers specialised training in the area of cyber-threat intelligence, incident management and IoT security. This enhances related security skills within the cyber-security community, thus building a common basis for future interactions and networking.
As well as the summer school, ENISA organises cyber-threat intelligence events in cooperation with other EU Agencies (EDA, EC3, CERT-EU) looking at to addressing emerging issues in the area of cyber-threats such as active defence, maturity models, advances in threat modelling and user requirements.
Strengthened by the new proposed ENISA mandate, these activities establish a solid basis for upcoming challenges such as certification of components, services and skills, development of good practices and dissemination of cyber-threat information to target groups. ENISA is convinced that these activities bring agile security management a step closer and will enable a better understanding of security requirements of emerging technology areas.