In December 2020 the European Commission published a proposal to repeal the current NIS Directive (European Directive on Network and Information Systems) and to replace it with a new Directive: the so-called NIS-2 Directive. This post will give an update on the status of negotiations of NIS-2, and will outline the aspects we already know and don’t know about the upcoming Directive’s final form.
NIS Focus Group – 3 March 2020 – Operationalizing the NIS Directive: a transport sector case study
4 March 2020 – Cyber Security Coalition
The Network and Information Security Directive requires ‘operators of essential services’ (OES) to take measures to insure the availability of those services. The FPS Mobility and Transportation explained about the legal and regulatory framework of NIS in Belgium, for subsectors as aviation, navigation, rail and road, as well as the tasks of the FPS itself (identifying services and OES, providing advice, monitoring sectors). The authorities also determine which standard(s) the operators must comply with.
Presentations by key transport actors (NMBS/ SNCB, Infrabel, Eurocontrol among them) discussed concrete efforts made by them, with active input from attendees through questions and answers. The Centre for Cyber Security Belgium announced a platform for incident notification and a FAQ list (to come). Clearly there is an urgent need for more operational technology experts with cyber security expertise (as proposed by HOWEST), more sectorial cyber security guidelines, more ‘information sharing and analysis centers’, as well as better use of available tools (e.g. from ENISA). A particular challenge will be finding experts capable of auditing transport systems, consisting of extremely customized mixes of modern and legacy systems, with proprietary protocols and strict operating conditions.
Other blog posts
Ransomware – today’s universal cyberworry – is but one aspect of a crime: cyber extortion. Orange Cyberdefense provides some insights into this scourge, based on its ‘Security Navigator 2022’-report.
The Cyber Security Coalition and top cybersecurity trainer SANS Institute joined forces to provide specially needed insights and recommendations on successful cloud security, as well as how to handle cyber security in these times of war.
It is easy to drown in the sea of dire warnings about the danger of AI, in particular to our privacy. The main point is that AI in good trust is possible, but requires solid, long term and well-structured approaches. This session of the Privacy focus group offers some crucial insights and welcome examples.
On computer security day we pay tribute to Ada Lovelace, the forgotten mother of the computer. Often described as the first computer programmer — before computers were even invented — Ada was a real visionary. Imagine what she might have achieved had Babbage actually built his “computer” and she hadn’t died at the age of 36.