- Your TV's USB port is seriously underrated: 5 benefits you're not taking advantage of
- Data center vacancies hit historic lows despite record construction
- DoJ Busts Alleged Global Hacking-for-Hire Network
- Finally, open-ear headphones that sound great and fit me comfortably
- I never travel without these universal chargers - and they can power laptops
Six Critical Infrastructure Sectors Failing on NIS2 Compliance
The EU’s leading security agency has warned that six critical infrastructure (CNI) sectors are struggling to comply with the NIS2 directive.
The directive was created in response to mounting threats to CNI across the region, mandating a strict new set of baseline cybersecurity requirements.
However, in a new report designed to launch the NIS360 security posture assessment scheme, Enisa pointed out that the following are “within the NIS360 risk zone:”
- IT service management, which faces challenges due to its cross-border nature and diverse entities
- Space, where limited cybersecurity knowledge and a heavy reliance on commercial off-the-shelf components present challenges
- Public administrations, which “lacks the support and experience seen in more mature sectors”
- Maritime, which faces OT-related challenges and could benefit from “tailored cybersecurity risk management guidance”
- Health, which relies on complex supply chains, legacy systems and poorly secured medical devices
- Gas, which must improve incident readiness and response capabilities
Enisa also pointed out that the digital infrastructure sector – which includes critical services like internet exchanges, top-level domains, data centres and cloud services – is “a step below in terms of maturity.”
Read more on NIS2: A Fifth of UK Enterprises “Not Sure” If NIS2 Applies
“Enisa is working closely with the EU Member States to implement the NIS2 directive by providing expertise and guidance,” noted Enisa executive director, Juhan Lepassaar. “The Enisa NIS360 [report] gives valuable insight into the overall maturity of NIS sectors and the challenges of individual sectors. It explains where we stand, and how to move forward.”
On the plus side, the report highlighted electricity, telecoms and banking as the three most mature sectors, claiming they have benefited from “significant regulatory oversight” as well as funding and investment, political focus and a robust public-private partnership.
Although most UK organizations are exempt from NIS2, those operating within the EU must follow its rules.
OT Security Gaps
James Neilson, SVP international at OPSWAT, argued that a lack of professionals skilled in both IT and OT security is hampering compliance efforts.
“IT systems, internet connectivity and transient devices remain major attack surfaces for ICS/OT infrastructure. Many organizations neglect to secure data that moves in and out of their OT networks,” he added.
“By controlling data flows and scanning files in transit between devices, employees and digital supply chain members, organizations can detect and neutralize hidden malicious payloads that may infiltrate their critical systems. This not only contributes to their NIS2 compliance but also strengthens their overall cybersecurity posture.”
Image credit: T. Schneider / Shutterstock.com
