A meeting of technology ministers from the 27 member states decided yesterday to fund ENISA until March 2012. The European Parliament is expected to formally endorse the move next week. ENISA's mandate was due to run out next year.
"Ministers agreed to extend ENISA's mandate for three years," a statement released yesterday by the European Council said. "This time will be used to enable further discussions on ENISA and allow reflection on the general direction of European efforts towards increased network and information security."
Until yesterday, ENISA's future was uncertain. With a budget of just under 8million euros per year and only 50 staff, ENISA was set up in 2004 for just five years. It faced the axe under plans by European Commissioner Viviane Reding to form a central telecoms regulatory body with an additional security remit.
Reding's plans would have dissolved ENISA into the larger pan-European regulator. However, her plans were unanimously dismissed yesterday.
The mood at ENISA today was upbeat.
Andrea Pirotti, the agency's executive director said: "We are pleased to see the Council offering the same support and appreciation of ENISA's work."
A spokesperson for the agency added: "This [decision] is very favourable. We feel very confident that after this time , there will be a continuation. We are absolutely certain that network and information security issues will not disappear in 2012."
Awareness of cybercrime has been growing among many European politicians since the flurry of denial of service attacks against Estonia last year.
Crete-based ENISA is the main organisation which fights cybercrime on a European level. Individual countries also have their own separate security organisations, including CERTs, some of which are far larger than ENISA.
Separately, ENISA is set to start screening candidates next week for a job as its new technology leader.
The agency advertised in May for a top-flight security professional to head its technical department, and set down some of the toughest requirements ever made for an information security post.
ENISA said it wanted the successful candidate to have 15 years of professional experience in IT security including considerable work in European R&D.
The desired worker would also have to be degree-educated, familiar with a long list of technologies, and bilingual in two EU languages.
A decision on the successful candidate is expected to be taken in mid-July.