In the fast-evolving digital world, the challenge now is to support the behavioural changes in citizens, organisations and processes needed to cope with this immaterial environment, still unfamiliar to many of us. The European Union Agency for Cybersecurity (ENISA) aims at supporting a new mind-set of staying safe in this new digital age.
In this respect, ENISA organises the European Cybersecurity Month (ECSM), supported by the European Commission and Member States. The ECSM is the annual campaign dedicated to promoting cybersecurity among citizens and organisations. It provides up-to-date digital security information through awareness raising activities and the sharing of good practices.
Cybersecurity remains a dynamic process, where the possibilities of sophisticated attacks threaten to harm society and organisations. In order to respond to these threats, cybersecurity experts are an essential part of the ecosystem, devising and implementing solutions to keep our infrastructures and data secure from incidents and cyberattacks.
‘Statistics on the job market situation reveal a current lack of about 160 thousand qualified cybersecurity experts in Europe.’
How do we address the skills gap and shortage of professionals?
The EU Agency for Cybersecurity works closely with experts from across the EU to develop a European Cybersecurity Skills Framework. The purpose of this framework is to reach a common understanding and recognition of roles, competencies, skills and knowledge needed in the job market. Such knowledge will help citizens to get a clear understanding of the learning opportunities and skills they need to develop for certain professions, as well as decide their future career paths.
The Agency launched a number of initiatives to encourage young generations to pursue careers in cybersecurity. The Cybersecurity Higher Education Database (CyberHEAD) is an online database designed to help students find higher education courses. Prospective students interested in cybersecurity can use the database via an online portal to search for programmes based on their requirements such as location, degree, language, format, and fees. This helps to promote all higher education programmes on cybersecurity available across the EU.
The Agency also organises the European Cybersecurity Challenge (ECSC) where selected young talents meet to network, collaborate and compete in a cybersecurity competition. This contest is one of the many organised at both national and international levels. ENISA will be organising the first International Cybersecurity Challenge next year in Athens and is currently training TeamEU. , These events give to young individuals interested in a cybersecurity career the chance to test their skills. This is also one of the ways ENISA helps Member States build the cybersecurity capacity they will need in the future.
Is cybersecurity only a topic for specialists?
While technical experts do require specific engineering expertise, cybersecurity is a multidisciplinary subject. As such, the cybersecurity workforce also requires organisational, regulatory and social skills and competences. A team with complementary skills will be better equipped to build secure cybersecurity solutions.
In addition, different skills and competences around cybersecurity are required in other jobs too. You can be a cybersecurity expert and also be a lawyer, a policy maker or an engineer.
‘Education must be seen as the foundation, to share a common understanding around cybersecurity between all the digital market actors.’
Can simulation help to develop and advance skills in cybersecurity?
Cybersecurity knowledge continuously develop.Experts therefore need to continuously upskill, given the fast-evolving technologies and the widening attack of ICT systems and services. An effective mechanism addressing this challenge is cyber ranges: a form of war-gaming where procedures, technical elements and coordination activities can be put in practice and analysed.
Cyber Europe is another flagship initiative of ENISA. This is a simulation of large-scale cybersecurity incidents escalating into a cyber crisis. The exercise allows the analysis of advanced technical cybersecurity incidents but also addresses complex business continuity and crisis management situations. Featuring scenarios inspired by real-life events, it offers a flexible learning experience for the participants.
‘By building cutting-edge competences and capabilities across individuals and organisations alike, ENISA aims towards a trusted and cyber secure Europe.’
***
About Juhan Lepassaar
Mr. Lepassaar took up his functions as Executive Director of ENISA on 16 October 2019. He has more than 15 years of experience in working with and within the European Union. Prior to joining ENISA, he worked for six years in the European Commission including as Head of Cabinet of Vice-President Andrus Ansip responsible for the Digital Single Market. In this capacity, he also led and coordinated the preparations and negotiations of the Cybersecurity Act.
Mr Lepassaar started his career in the EU affairs with the Estonian Government Office, leading for five years the national EU coordination system as the Director for EU affairs and EU adviser of the Prime Minister.
About ENISA
Established in 2004, the European Union Agency for Cybersecurity (ENISA) is the Union’s agency dedicated to achieving a high common level of cybersecurity across the European Union. Strengthened by the Cybersecurity Act in 2019, the Agency is mandated to contribute to EU cyber policy, enhance the trustworthiness of ICT products, services and processes with cybersecurity certification schemes. ENISA cooperates with Member States and EU bodies, and the actions it engages into are designed to help Europe prepare for the cyber challenges of tomorrow.
ENISA works together with its stakeholders to strengthen trust in the connected economy, to boost resilience of the Union’s infrastructure, and, ultimately, to keep Europe’s society and citizens digitally secure.
© ENISA