NIS2 Directive

Introduction :

Cybersecurity is now a top priority for organizations, with an increasing frequency and sophistication of cyber threats posing significant risks to operations, finances, and reputation. In response to these challenges, regulatory authorities have enacted various measures to enhance cybersecurity standards and protect critical infrastructure.

One such regulation is the European Unionʼs National Information Security Standard 2 ,NIS-2 (Directive). The revised directive is intended to better defend critical entities against supply chain vulnerabilities, ransomware attacks, and other cyber threats. All 27 EU member states must incorporate the NIS2 Directive into their national laws by October 2024.

Who will be Impacted :

Essential services

  • Energy – electricity, district heating and cooling, oil, natural gas, hydrogen
  • Manufacture of pharmaceutical products including vaccines
  • Drinking water and waste water
  • Transport – air, rail, water, road
  • Banking (except for central banks)
  • Financial market infrastructures
  • Health
  • Digital infrastructure – internet exchange points (IXPs), DNS providers, TLD name registries, cloud computing service providers, data centre service providers, contentdelivery networks, trust service providers, public electronic communications networks, electronic communications services
  • ICT service management (business-to-business)
  • Space industry
  • Central and regional public administrations, though

Important services (NIS2 Directive Annex II)

  • Postal and courier services
  • Waste management
  • Chemicals – manufacture, production, distribution
  • Food – production, processing, distribution
  • Manufacture of medical devices (but these can be redefined as essential services during a public health emergency)
  • Manufacture of computers, electronic and optical products, electrical equipment, machinery and equipment, and motor vehicles and other transport equipment
  • Digital providers – online marketplaces, online search engines, and social networking service platforms

Eurosec Approach:

NIS-2 Directive introduces more stringent cybersecurity and risk management requirements.NIS-2 Directive Article 21 directs member states to ensure that essential entities manage risk by implementing robust systems, policies, and best practices covering a wide range of cybersecurity measures and disciplines including:

Our approach to helping the organization and meeting the NIS-2 Directive requirements spans various aspects of Cyber Security, which covers:

  • Risk assessments
  • Policies and procedures
  • Industry standards for usingcryptography
  • A plan for handling security incidents;
  • Security of DevSecOps
  • Cybersecurity training and awareness;
  • Data handling procedures
  • Business Continuity management
  • Access control and MFA
  • Supply chain security