Inadequate Compliance Found Across Six Key Infrastructure Sectors Regarding NIS2 Standards
The European Union's leading security agency, Enisa, has issued a warning that six critical infrastructure sectors are struggling to comply with the NIS2 directive. According to Enisa, sectors such as IT service management, space, public administrations, maritime, health, gas, and the digital infrastructure sector are within the NIS360 risk zone.
The Enisa NIS360 report provides valuable insight into the overall maturity and challenges faced by these sectors. The NIS2 directive was created in response to mounting threats to critical infrastructure across the region. Organizations operating within the EU, including many UK organizations, must comply with the NIS2 directive, regardless of their home country's exemption status.
The directive mandates a strict new set of baseline cybersecurity requirements. IT service management, with its cross-border nature and diverse entities, faces particular challenges. Health, for instance, relies on complex supply chains, legacy systems, and poorly secured medical devices. Maritime, on the other hand, faces operational technology (OT) related challenges and could benefit from 'tailored cybersecurity risk management guidance.'
Space, with its limited cybersecurity knowledge and heavy reliance on commercial off-the-shelf components, is another sector that needs attention. The digital infrastructure sector, which includes critical services like internet exchanges, top-level domains, data centers, and cloud services, is 'a step below in terms of maturity.' Gas must improve incident readiness and response capabilities, while public administrations lack the support and experience seen in more mature sectors.
Enisa's executive director, Juhan Lepassaar, noted that the report explains where they stand and how to move forward. He emphasized the importance of controlling data flows and scanning files in transit between devices, employees, and digital supply chain members to detect and neutralize hidden malicious payloads that may infiltrate critical systems.
However, a lack of professionals skilled in both IT and OT security is hindering compliance efforts, according to James Neilson, SVP international at OPSWAT. The electricity, telecoms, and banking sectors are the most mature according to the report, benefiting from significant regulatory oversight, funding, investment, political focus, and a robust public-private partnership.
Enisa is working closely with the EU Member States to implement the NIS2 directive and ensure the security of critical infrastructure across the region. The directive is a crucial step towards strengthening the EU's overall cybersecurity posture and protecting its citizens and businesses from cyber threats.
Read also:
- Reporter of Silenced Torment or Individual Recording Suppressed Agony
- JPMorgan Chase Announces Plans for a Digital Bank Launch in Germany's Retail Sector
- Urgent Action: Users of Smartphones Advised to Instantly Erase Specific Messages, as per FBI Admonition
- Customer data from Coinbase breached, exposing sensitive information
