On the move: NIS Directive

 

While the GDPR has been in the limelight for the most part of 2018, the NIS directive made a very discreet entry into national law of some of the EU Member States by a set of transposition measures. In fact, the NIS Directive is much broader in scope than the GDPR, which only covers personal data. The NIS Directive applies stringent regulations regarding the security of network and information systems and affects all digital data. 

Yet contrary to GDPR, only to a restricted list of actors are subject to the NIS Regulations. The NIS Directive identifies two new categories: Operators of Essential Services (OES) and Digital Service Providers (DSP). The OES have to comply with more stringent security requirements than DSPs because of the inherently higher risks they face.

From a strategic perspective, the NIS Directive represents the cornerstone of the EU’s efforts to step up its overall cybersecurity. It is the security counterpart to the European Digital Single Market of 2015 focused on making the EU single market fit for digital age to drive growth from online tools. The NIS Directive imposes a common high level of network and information system security within the European Union.

The complexity of the directive, local legislations and related fines, reputational risks and required investments may understandably be quite daunting for the parties concerned. Furthermore, a NIS incident may lead to a personal data breach, where an initial attack on a service may subsequently compromise personal data that the service processes, (e.g. sensitive customer information). In case of such an unfortunate scenario, the company may be subject to regulatory actions under both NIS and GDPR laws. The OES and DSPs subject to the NIS Regulations are required to implement appropriate security measures to protect and ensure the continuity of services that are essential to critical infrastructures. In doing so, they will achieve NIS compliance, boost the overall level of cybersecurity for their company as well as promote a culture of security across the EU. As the cybersecurity threat landscape is evolving fast, it is necessary to swiftly engage the process outlined by the NIS. Although full compliance may take time, the ability to demonstrate that the NIS Directive is at the core of an organization’s cyber security strategy is the first step towards it.

The company must conduct adequate risk assessments, enact appropriate security measures and implemented robust incident response plans. While no cybersecurity vendor may claim to deliver full NIS Directive compliance, Rohde & Schwarz Cybersecurity portfolio can help to get started on the right path with protecting the organizations’ applications and cloud-based digital assets. Rohde & Schwarz Cybersecurity is one of the rare European security vendors with own core technologies and expertise committed to regulatory compliance.

Rohde & Schwarz Cybersecurity has a strong footprint in Europe with local support and training able to help you implement the requirements outlined by NIS.

Amaury le Roux - Marketing Assistant on Linkedin
Amaury le Roux - Marketing Assistant
Amaury is our marketing assistant. Passionate about new marketing strategies, he actively participates in our communication via our blog, website and social networks. He brings us all his enthusiasm to contribute to the success of our projects.