Supporting the CERT Community : "Impact assessment and roadmap" : final draft, September 2014

Europe has seen a sharp rise in the number of national/governmental Computer Emergency Response Teams (n/g CERTs) in the past decade with more than 30 established in 2014. ENISA has been instrumental in building and actively supporting a growing network of n/g CERTs since its inception in 2005. The crucial role of a CERT can be compared to that of a 'fire brigade', serving as the first line of defence when security incidents occur. As such, CERTs are primarily in charge of reactive services, such as detection and incident response, but also of security services, which can comprise alerts, advisory and trainings. Despite their unquestionable importance in the face of an evergrowing number of attacks and incidents, the individual capabilities of the n/g CERTs still vary across Europe. In light of this, ENISA's active involvement in supporting CERTs is and will be of great importance to the EU in the years to come. ENISA already publishes recommendations that aim to level these capabilities, and provides training material in order to help CERTs elevate their capabilities level. This report represents the outcome of an impact assessment performed by Deloitte of ENISA's support to Computer Emergency Response Teams (CERTs) for the period 2005 until today. The impact assessment has served as a basis for a proposed roadmap to 2020. The key objectives of the study are to: - Take stock of ENISA achievements in relation to European CERTs, and in light of relevant policy documents; - Perform an impact analysis of ENISA's achievements with regard to CERTs and other operational communities; - Provide a roadmap for the period leading up to 2020 based on the results of the impact analysis.