The European Union's Network and Information Security (NIS) Directive is evolving and NIS2 will come into force from October 2024. This significant regulatory change aims to strengthen the security and resilience of critical infrastructure and essential services in the EU. In anticipation of these changes, QOSQO IT has partnered with Altacom to provide comprehensive advisory and consulting services tailored to organizations of all sizes. Together, we aim to help companies navigate the complexities of NIS2 and ensure compliance.
What is NIS2?
The NIS2 Directive is an updated version of the original NIS Directive, which was introduced to improve cybersecurity in the EU. The new directive addresses the shortcomings of its predecessor by expanding its scope and introducing stricter requirements. The aim is to ensure a high level of cybersecurity across a wider range of sectors, reflecting the increasing digitalization and interconnectedness of our societies.
Who will be affected?
NIS2 covers more sectors than the original directive. Sectors that will be significantly affected are:
- Energy: This includes electricity, oil and gas supply companies.
- Transportation: Air, rail, water and road transport services.
- Banking: Financial institutions and payment services.
- Health: Hospitals, private clinics and other healthcare facilities.
- Drinking water supply and distribution: Ensuring the safety of the water supply.
- Digital infrastructure: data centers, content delivery networks and DNS service providers.
- Public administration: Government agencies that provide important services to the public.
- Space: provider of satellite communication services.
Important requirements of NIS2
- Under NIS2, organizations in these sectors must meet several new requirements:
- Risk management: Implement comprehensive risk management measures that cover technical, operational and organizational aspects.
- Incident reporting: Establish robust procedures for detecting, managing and reporting incidents. Significant incidents must be reported within 24 hours.
- Supply chain security: Ensuring the security of supply chains, including contractors and service providers.
- Responsibility: Designate a person responsible for monitoring compliance with NIS2.
- Collaboration: Participation in information sharing and collaboration to improve cybersecurity across sectors.
How do you prepare for NIS2?
- Preparing for NIS2 involves several strategic steps:
- Assessment: Conduct a thorough assessment of current cybersecurity practices and identify gaps against NIS2 requirements.
- Strategy development: Develop a comprehensive cybersecurity strategy that covers risk management, incident response and supply chain security.
- Training and awareness: Educate employees about NIS2 requirements and their role in maintaining cybersecurity.
- Implementation: Take necessary technical and organizational measures to mitigate identified risks and comply with the policy.
- Continuous improvement: Establish a culture of continuous improvement in cybersecurity practices to adapt to evolving threats and regulatory changes.