The EU’s Cyber Security Agency (ENISA) wants a bigger budget to completely reform the way it deals with cyber security. A review by the vice president for the Digital Single Market said a complete bottom-to-top reform of cyber security was necessary to prevent attacks such as this month’s WannaCry ransomware virus that claimed over 200,000 victims in 150 countries.
In particular, president Andrus Ansip, said that defending against attacks on IoT devices, businesses and critical infrastructure needed completely rethinking. “The Commission will review the EU cyber-security strategy and propose a new ENISA mandate in 2017,” Ansip said. “As part of this approach, the Commission is also working on cyber-security certification and labelling to make the EU digital environment safer."
ENISA's executive director Udo Helmbrecht warned that attacks were evolving quicker than predicted with a particular threat to economic wellbeing. He said: “There is now a greater risk that cyber incidents will have an impact in more than one member state. Today, more than ever, there is a place for a European body such [as] ENISA to be positioned with a cyber-security mandate that is resourced to address the cyber challenges of today and tomorrow, and which facilitates and complements the activities of member states towards harmonisation while supporting cost-efficiently the digital single market.”
ENISA currently has an annual budget of £9.5 million with 84 full time members of staff. In his latest report, Helmbrecht said that this wasn’t enough to protect the EU against ‘the rising flood of cyber crime’. In particular, he would like to see the agency's mandate given ‘a stronger position in addressing the cyber-security lifecycle challenges and improving the ability to address its own initiative tasks list’ (IE more money and more man power, although he didn’t specify how much or how many).