Latest news with #ENISA
Euronews
24-06-2025
- Business
- Euronews
Industry calls to safeguard independence of EU cybersecurity agency
Telecom operators, trade unions and industry groups have called for the EU's cyber agency ENISA to steer away from political interference and remain independent in response to a consultation on the European Commission's review of existing cybersecurity rules. In May, the Commission began gathering feedback on a revision to the bloc's 2019 Cybersecurity Act (CSA), which is being revamped in line with efforts to simplify existing rules. The proposal aimed to give the Athens-based ENISA a bigger mandate, including over the drafting of cybersecurity certification schemes, through which companies can demonstrate that their ICT solutions include the right level of cybersecurity protection for the EU market. Since 2019, the Commission requested three of these voluntary certification schemes: on baseline ICT products, 5G and cloud services, of which only the first has yet been adopted. The certification for cloud services (EUCS) turned into a political battle over sovereignty requirements. France has led resistance and wants to be sure that it can continue to use its own scheme – SecNum Cloud – after the adoption of EUCS. Tech industry association CCIA said ENISA's role in the certification scheme development 'should be explicitly grounded in technical independence, allowing it to make non-political decisions that reflect industry realities and cybersecurity best practices.' This was echoed by US tech company Amazon which said that the voluntary certification frameworks should be 'based purely on technical criteria'. 'We strongly believe that introducing non-technical factors could undermine the framework's effectiveness and create unnecessary barriers to innovation,' it added. Global consumer electronics company Lenovo, also warned against introducing non-technical criteria 'such as vendor nationality, ownership, or headquarters location—in cybersecurity risk assessments or certification schemes.' 'These measures risk undermining EU principles of non-discrimination, market access, fair competition, and proportionality, while offering little benefit to actual cybersecurity outcomes,' it said. There have been calls and plans from the Commission to increase the bloc's independence of suppliers from outside the EU. In the upcoming Cloud and AI Development Act, for example, the Commission plans to strengthen the EU's position in the industry. In the European Parliament lawmakers are also calling for measures to boost technological sovereignty and guarantee the bloc's independence and security by protecting its strategic infrastructure and reducing dependence on non-European technology providers. ENISA mandate The Commission began seeking feedback from industry and national governments on the functioning and scope of work of ENISA last year, as reported, in a bid to modify the agency's mandate and financial support. There seems to be support to increase its funding among the participants to the consultation. For example, Eco, a German association for the internet industry, said that the agency hadn't grown in terms of staff despite its expanded remit. 'Given the current geopolitical security challenges and the scale of global cyber threats, its financial resources remain limited compared to other EU bodies. [...] It is important to boost ENISA's role as the independent expert on European Cybersecurity. In order to operate independently and attract necessary resources, staff, and experts to the benefit of its mandate, ENISA has to leverage its public standing among the global community,' the contribution said. Henna Virkkunen, the EU Commissioner for technology, said earlier this year that she will carry out a so-called Digital Fitness Check – expected before the end of 2025 -- which will assess whether all existing tech rules are burdensome to companies, and identify areas for simplification. The CSA is expected to be part of that.
Yahoo
28-04-2025
- Politics
- Yahoo
What could be behind Europe's power outage
The cause of the collapse in Spain and Portugal's national grids remains uncertain. But experts are already suggesting reasons for the widespread power outages, including equipment fault, a cyber attack, the role of renewables and the weather. Here are some of the key theories as to what may have gone wrong. The cyber security wing of the European Union (EU) has suggested a technical or cable fault could be responsible for the mass power outage across Spain and parts of France and Portugal. Preliminary findings from the the European Union Agency for Cybersecurity (ENISA) have veered away from a cyber security attack. A spokesman said: 'For the moment the investigation seems to point to a technical/cable issue.' The ENISA said it is 'closely monitoring' the situation and remains 'in contact with the relevant authorities at national and EU level'. Early speculation centred on whether power could have been knocked offline by a cyber attack. Spain's INCIBE cybersecurity agency initially said it was investigating the possibility of the blackout being triggered by a cyber attack. Juan Manuel Moreno, the president of the regional government of the Spanish region of Andalucia, said: 'Everything points to a blackout of this magnitude only being due to a cyberattack.' Spanish officials initially said they had not ruled out a cyber attack as the cause of the dramatic outage, with one government source telling Politico: 'A cyberattack has not been ruled out and investigations are ongoing.' However, the Portuguese National Cybersecurity Centre said there was no sign that the outage was caused by a cyberattack. Past cyber attacks on grid infrastructure have been used to cause mass blackouts for hundreds of thousands of people. In December 2015, Russian hackers knocked out the systems of three energy companies in Ukraine, causing blackouts for 230,000 people. The attacks were believed to have been ordered by Russia's intelligence agency and carried out by the Sandworm hacking group. Spy chiefs have long warned that hostile states are targeting Britain's electricity grid and other critical national infrastructure. In April, Peter Kyle, the Technology Secretary, told The Telegraph that briefings from the country's intelligence agencies had left him with a 'deep concern about our ability to keep our country and critical services ... safe'. 'I was really quite shocked at some of the vulnerabilities that we knew existed and yet nothing had been done,' Mr Kyle said. In November, Pat McFadden, the Chancellor of the Duchy of Lancaster, warned that Russian cyber attacks had the capability to 'turn off the lights for millions of people'. Spain is the third-most targeted country by Russian cyber criminals known as 'hacktivists', according to a council report. ZIUR, a cybersecurity centre in the Basque province of Gipuzkoa, said that Spain's government, maritime and financial infrastructures had been regularly compromised by pro-Russian groups. A lack of wind and Spain's reliance on turbines for power could also be a factor in the blackouts. Spain has one of Europe's highest proportions of renewable energy, providing about 56pc of the nation's electricity. More than half of its renewables comes from wind with the rest from solar and other sources. That means Spain's electricity supplies are increasingly reliant on the weather delivering enough wind to balance its grid. For much of the last 24 hours, that wind has been largely missing. The website for example, shows wind speeds of 2-3mph, leaving the country reliant on solar energy and old gas-fired power stations. The weather system that has left Spain bereft of wind is also having similar effects across the rest of Western Europe with the UK, Germany, the Netherlands and others all seeking extra sources of electricity as their wind turbines fall still. France, for example, has been calling on Spain for extra electricity. The UK, which is also increasingly reliant on wind, was on Monday morning struggling to get any turbine power. Instead, it was relying on imports from Europe – with the London and South East receiving 58pc of its power from imports, according to the National Energy System Operator (Neso). The sheer scale of the demands being transmitted between countries and across interconnector cables – especially at a time when wind and other renewable output plummets – may be enough to disrupt grids and power transmission. The large amount of solar power on the Spanish and Portuguese grids may have also left the Iberian power grid more vulnerable to faults or cyber attacks, according to one expert. Generators that have spinning parts, such as those running on gas, coal or hydropower, create what is known as 'inertia', which helps to balance the frequency of power on the grid to prevent faults. Solar panels do not generate inertia on the system, however, and there are known issues with low inertia on the Iberian grid. At about 10am on Monday, roughly two hours before the power cuts, almost 60pc of Spain's power was being generated by solar farms, according to transparency data. Ms Porter said: 'If you have a grid fault, it can cause a frequency imbalance and in a low-inertia environment the frequency can change much faster. 'If you have had a significant grid fault in one area, or a cyber attack, or whatever it may be, the grid operators therefore have less time to react. That can lead to cascading failures if you cannot get it under control quickly enough. 'The growing reliance on solar has pushed inertia on the grid to the point where it does become more difficult to respond to disruptions such as significant transmission faults.' However, she added, if the blackouts were caused by cyber attacks on multiple parts of the grid, more inertia would not have helped. Broaden your horizons with award-winning British journalism. Try The Telegraph free for 1 month with unlimited access to our award-winning website, exclusive app, money-saving offers and more.
Telegraph
28-04-2025
- Politics
- Telegraph
What could be behind Europe's power outage
The cause of the collapse in Spain and Portugal's national grids remains uncertain. But experts are already suggesting reasons for the widespread power outages, including equipment fault, a cyber attack, the role of renewables and the weather. Here are some of the key theories as to what may have gone wrong. Cable fault The cyber security wing of the European Union (EU) has suggested a technical or cable fault could be responsible for the mass power outage across Spain and parts of France and Portugal. Preliminary findings from the the European Union Agency for Cybersecurity (ENISA) have veered away from a cyber security attack. A spokesman said: 'For the moment the investigation seems to point to a technical/cable issue.' The ENISA said it is 'closely monitoring' the situation and remains 'in contact with the relevant authorities at national and EU level'. Cyber attack Early speculation centred on whether power could have been knocked offline by a cyber attack. Spain's INCIBE cybersecurity agency initially said it was investigating the possibility of the blackout being triggered by a cyber attack. Juan Manuel Moreno, the president of the regional government of the Spanish region of Andalucia, said: 'Everything points to a blackout of this magnitude only being due to a cyberattack.' Spanish officials initially said they had not ruled out a cyber attack as the cause of the dramatic outage, with one government source telling Politico: 'A cyberattack has not been ruled out and investigations are ongoing.' However, the Portuguese National Cybersecurity Centre said there was no sign that the outage was caused by a cyberattack. Past cyber attacks on grid infrastructure have been used to cause mass blackouts for hundreds of thousands of people. In December 2015, Russian hackers knocked out the systems of three energy companies in Ukraine, causing blackouts for 230,000 people. The attacks were believed to have been ordered by Russia's intelligence agency and carried out by the Sandworm hacking group. Spy chiefs have long warned that hostile states are targeting Britain's electricity grid and other critical national infrastructure. In April, Peter Kyle, the Technology Secretary, told The Telegraph that briefings from the country's intelligence agencies had left him with a 'deep concern about our ability to keep our country and critical services ... safe'. 'I was really quite shocked at some of the vulnerabilities that we knew existed and yet nothing had been done,' Mr Kyle said. In November, Pat McFadden, the Chancellor of the Duchy of Lancaster, warned that Russian cyber attacks had the capability to 'turn off the lights for millions of people'. Spain is the third-most targeted country by Russian cyber criminals known as 'hacktivists', according to a council report. ZIUR, a cybersecurity centre in the Basque province of Gipuzkoa, said that Spain's government, maritime and financial infrastructures had been regularly compromised by pro-Russian groups. Problems with green energy A lack of wind and Spain's reliance on turbines for power could also be a factor in the blackouts. Spain has one of Europe's highest proportions of renewable energy, providing about 56pc of the nation's electricity. More than half of its renewables comes from wind with the rest from solar and other sources. That means Spain's electricity supplies are increasingly reliant on the weather delivering enough wind to balance its grid. For much of the last 24 hours, that wind has been largely missing. The website for example, shows wind speeds of 2-3mph, leaving the country reliant on solar energy and old gas-fired power stations. The weather system that has left Spain bereft of wind is also having similar effects across the rest of Western Europe with the UK, Germany, the Netherlands and others all seeking extra sources of electricity as their wind turbines fall still. France, for example, has been calling on Spain for extra electricity. The UK, which is also increasingly reliant on wind, was on Monday morning struggling to get any turbine power. Instead, it was relying on imports from Europe – with the London and South East receiving 58pc of its power from imports, according to the National Energy System Operator (Neso). The sheer scale of the demands being transmitted between countries and across interconnector cables – especially at a time when wind and other renewable output plummets – may be enough to disrupt grids and power transmission. The large amount of solar power on the Spanish and Portuguese grids may have also left the Iberian power grid more vulnerable to faults or cyber attacks, according to one expert. Generators that have spinning parts, such as those running on gas, coal or hydropower, create what is known as 'inertia', which helps to balance the frequency of power on the grid to prevent faults. Solar panels do not generate inertia on the system, however, and there are known issues with low inertia on the Iberian grid. At about 10am on Monday, roughly two hours before the power cuts, almost 60pc of Spain's power was being generated by solar farms, according to transparency data. Ms Porter said: 'If you have a grid fault, it can cause a frequency imbalance and in a low-inertia environment the frequency can change much faster. 'If you have had a significant grid fault in one area, or a cyber attack, or whatever it may be, the grid operators therefore have less time to react. That can lead to cascading failures if you cannot get it under control quickly enough. 'The growing reliance on solar has pushed inertia on the grid to the point where it does become more difficult to respond to disruptions such as significant transmission faults.' However, she added, if the blackouts were caused by cyber attacks on multiple parts of the grid, more inertia would not have helped.
Euronews
11-04-2025
- Business
- Euronews
EU Commission starts consultation on revision of cybersecurity rules
ADVERTISEMENT The European Commission on Friday started gathering input to help revise the bloc's cyber rules, which date back to 2019, in line with efforts to simplify existing rules. The review of the Cybersecurity Act (CSA) will focus on the mandate of the EU's cyber agency ENISA, as well as the European Cybersecurity Certification Framework, and addressing ICT supply chain security challenges, the Commission's statement said. Euronews reported last year that the Commission already began seeking feedback from industry and national governments on the functioning and scope of work of ENISA, in a bid to potentially modify the agency's mandate and financial support. The CSA gave ENISA – which has some 100 staff members – a mandate to oversee the implementation of EU-wide cybersecurity rules. But one of its tasks, drafting a voluntary cybersecurity certification for cloud services (EUCS), has not advanced significantly since 2019. Related EU cloud scheme needs more privacy safeguards, French watchdog says Cyber certification to remain on hold despite Polish effort The EUCS is intended to be used by companies to demonstrate that certified ICT solutions have the right level of cybersecurity protection for the EU market, but it turned into a political battle over sovereignty requirements. There have been calls to make the system mandatory under the new CSA. Henna Virkkunen, the EU Commissioner for technology, said that she will carry out a so-called Digital Fitness Check this year which will assess whether all existing tech rules are burdensome to companies, and identify areas for simplification. The consultation comes weeks after Virkkunen said that she wants member states to adopt 5G security rules to protect networks from cyber threats and risks. In 2020, member states agreed to apply restrictions for suppliers considered to be high risk – such as China's Huawei and ZTE – including necessary exclusions, following security concerns, but only a limited number of countries have taken concrete steps to ban the companies. Interested parties, including member state competent authorities, cybersecurity authorities, industry and trade associations can give feedback to the consultation until 20 June.
