The EU’s security agency is being given €36m ($42m) to handle incident response for major cyber-attacks targeting the bloc.
ENISA yesterday announced the signing of a “contribution agreement” which will see it operate the EU Cybersecurity Reserve. This virtual pool of incident response services from trusted private sector providers was established by the EU Cyber Solidarity Act.
It’s part of efforts to improve cyber-resilience across the region, by boosting response and recovery “in the event of significant or large-scale cybersecurity incidents affecting member states, EU institutions, bodies, offices, or agencies, as well as DEP-associated third countries.”
Digital Europe Programme (DEP) countries include the UK and Ukraine.
The new agreement will add €36m to ENISA’s budget, to be spent over three years. The agency will be expected to procure incident response services from providers and assess requests for support from member states’ cyber-crisis management authorities and/or CSIRTs, or CERT-EU. DEP requests will be forwarded to the European Commission.
When it comes to member states, only entities in the critical sectors referenced in NIS2 will be considered.
It’s also possible for “pre-committed services” to be converted into incident prevention and preparedness services, in case they’re not used, ENISA claimed.
“Being entrusted with such prominent project, puts ENISA in the limelight as a dependable partner to the European cybersecurity community and it allows ENISA to break new ground towards an even more cyber secure digital single market,” argued ENISA executive director, Juhan Lepassaar.
The agency is also working on a European cybersecurity certification scheme related to managed security services (MSS), the first focus of which will be on incident response delivered through the EU Cybersecurity Reserve.
MSSproviders will be expected to certify their services two years after the scheme has been put in place.
The first such certification scheme was launched last year.