Anticipating stronger security requirements for critical EU sectors
A pdf copy of this brief is available here.
The EU Commission recently proposed a revision to its Directive on Security of Network and Information Systems (NIS). The existing NIS Directive (“NIS 1”) requires EU Member States to enact security safeguards for critical infrastructure-like entities and large digital services. The proposed revision - nicknamed “NIS 2” - would replace NIS 1 and require EU Member States to implement stronger security safeguards and stricter enforcement. This post provides an analysis of the NIS 2 proposal and comparison with the existing NIS Directive.
The EU Commission recently proposed a revision to its Directive on Security of Network and Information Systems (NIS). The existing NIS Directive (“NIS 1”) requires EU Member States to enact security safeguards for critical infrastructure-like entities and large digital services. The proposed revision - nicknamed “NIS 2” - would replace NIS 1 and require EU Member States to implement stronger security safeguards and stricter enforcement. This post provides an analysis of the NIS 2 proposal and comparison with the existing NIS Directive.
At the present time, the NIS 2 proposal will likely be subject to months of negotiation among EU lawmakers, and the text will likely change somewhat before enactment. However, by reviewing the NIS 2 proposal, we can at least anticipate the direction of changes that regulated organizations may be subject to under a revamped NIS Directive.
Rapid7 is supportive of efforts to ensure critical infrastructure security is strengthened in proportion to the risks, and there are a number of elements in the NIS 2 proposal we view as beneficial. These include recognition of the importance of coordinated vulnerability disclosure, and the need for a central coordinating body in the EU t ..
Support the originator by clicking the read the rest link below.
