NIS2: a crucial component of an industrial cybersecurity policy

04 Jun 2024 at 18:33

At a time when cyber threats are evolving rapidly, the NIS2 directive is an essential component of industrial cybersecurity policy. By requiring companies to enhance their security measures, the EU aims to strengthen its resilience against cyberattacks.

NIS2: What and why?

The European NIS2 (Network and Information Security) directive was published on December 27, 2022. Its aim is to strengthen the European Union's cybersecurity resilience at corporate and public administration level. 

Whereas NIS1 concerned only a limited number of sectors designated as essential (health, energy, etc.), NIS2 broadens the scope of essential sectors (space, public administrations, etc.), as well as those classified as important (food, postal services, electronics manufacturers, etc.).

The new sectors concerned will in turn have to implement the obligations laid down in the text (risk management, incident reporting, etc.) by taking concrete action.

Note that NIS2 also requires companies to assess and manage the risks associated with their suppliers and supply chain.

Impose a proactive, coordinated approach through NIS2

The main requirements defined by the NIS2 directive include:

1. Risk assessment
2. Implement a risk management framework
3. Prepare incident response plans
4. Implement advanced technologies to identify and detect the threat
5. Enable business continuity in the event of a cyber-attack through precise response plans
6. Adopt a structured approach to improving cybersecurity
7. Train employees in cybersecurity
8. Implement access control policies

NIS2 to enhance cyber threat info sharing among member states

The NIS2 directive strengthens harmony between EU member states by facilitating the sharing of information on cyber threats in several ways:

1. EU-CyCLONe Network: created in 2020, the European Cyber Crises Liaison Organization Network (EU-CyCLONe) improves the coordination and management of large-scale cyber incidents. It enables the rapid and effective exchange of critical information between member states. 

2. Cooperation mechanisms: NIS2 establishes clear procedures for operational, strategic and technical cooperation between member states. The aim is to develop regular exchanges of information on cybersecurity threats, vulnerabilities and incidents.

3. Cybersecurity coordination centers: the NIS2 Directive encourages the establishment of national and regional coordination centers that work together to monitor and respond to cyberthreats. These centers facilitate the collection and share relevant information.

4. Harmonized standards: by imposing uniform security requirements across the EU, NIS2 facilitates cooperation and understanding between all member states in the field of cybersecurity.

5. Obligation to share information: NIS2 requires critical entities to report cybersecurity incidents to the competent national authorities and, in some cases, to the other member states concerned. This ensures greater transparency and a more effective collective response to threats.

6. Setting up exchange platforms: NIS2 Directive encourages the use of secure platforms for the exchange of information between Member States, national authorities and private players. These platforms facilitate the rapid sharing of information on cyber threats and incidents.

These various measures will enable EU member states to work more closely together, improve their collective resilience and respond more effectively to transnational cyber threats. In cybersecurity, too, there's strength in numbers.

Ewon solutions from HMS Networks at the forefront of cybersecurity

The requirements of the NIS2 directive have many points in common with ISO 27001. Industrial connectivity solutions developed by Ewon by HMS Networks have long been ISO 27001 certified. 

The IEC 62443-4-2 standard, which focuses primarily on operational technologies, also meets the challenges of NIS2.

The Ewon Cosy+ gateway has also been assessed regarding this specific standard.

We can therefore confirm that the choice of our solutions enables our customers to strengthen the cybersecurity of their machines.

HMS TechTalk: Addressing security challenges in machine connectivity & IIoT