The increased cyber threat landscape and the heightened risk to the Digital Single Market from failure of our digitally enabled and 5G connected essential services requires us to dramatically improve cybersecurity operational cooperation. One key mechanism for empowering such cooperation is through Information Sharing and Analysis Centres (ISACs).
The successful tender of this call (tender reference number: SMART 2018/1022) will assist in resourcing the establishment and further development of European level sectoral ISACs covering all the sectors and subsectors identified by the NIS Directive (Annex II), such as in the health, water, digital infrastructure and transport sectors.
In particular, the selected company/organisation or consortium of companies/organisations will be contracted to provide to the European ISACs for a period of three years support such as:
- Logistical support (e.g. organise meetings, event, workshops, etc.)
- Advice (e.g. on EU competition law, GDPR, etc.)
- Thematic analysis (e.g. cyber threat intelligence)
- IT platform support
- Subscription based services
ENISA, the EU Agency for cybersecurity, will be a key partner in the process of establishing and further developing European level sectoral ISACs in accordance with its new strengthened and permanent mandate under the EU Cybersecurity Act.
This public procurement is funded by the Connecting Europe Facility (CEF) Telecom Work Programme 2018 which aims to support cybersecurity capacity building and operational cooperation. This call is one of the three calls for tender that the European Commission launched this year under CEF. The other two are the following:
The concept of Information Sharing and Analysis Centres (ISACs) in cybersecurity has existed for over a decade in Europe. They generally involve structured and voluntary secure information sharing between trusted colleagues from both suppliers and operators in a particular industrial sector. ISACs can assist with improved cybersecurity preparedness, situational awareness and coordinated vulnerability disclosure.
In the Joint Communication to the European Parliament and the Council “Resilience, Deterrence and Defence: Building strong cybersecurity for the EU”, the role of ISACs was cited as particularly important in creating the necessary trust for sharing information between the private and public sector. The European Commission together with the support of ENISA is committed to this approach and in particular with regard to sectors providing essential services (OES) as identified in the NIS Directive. In Europe, there have already been efforts in establishing European level ISACs in the financial sector (FI-ISAC) and more recently in the energy sector (EE-ISAC).