Earlier this week the Minister for Communication Denis Naughten signed orders to protect essential services from cyberattack. The EU NIS Directive requires governments to designate so-called “operators of essential services” who will be required to put special security and reporting measures in place to guard against hacking and cyber attacks.

This regulation is not to be confused with GDPR. The Network and Information Security Directive (NISD),  does not cover all private-sector companies. Its target is only those companies in critical industries as well as a special class of digital providers. Unlike the GDPR, NISD doesn’t have a long list of specific security requirements. NISD, though, will ask companies to notify regulators whenever a cyber incident has a significant impact on their operations.

First proposed in 2013, NISD addresses cybersecurity for “operators of essential services” or  critical infrastructure, and it includes health, energy, banking, telecommunications and transportation. Since digital infrastructure is also a key part of a modern economy, NISD covers digital service providers or DSPs. The directive explicitly refers to online marketplaces, online search engines and cloud computing services.

The Challenge

The EU NIS Directive is really interesting because of the complexities of cyber security in critical infrastructure world. When IT and Industrial control systems converge, the propensity for security risks will increase, particularly if vulnerabilities in older or outdated equipment aren’t addressed in a timely manner. Critical infrastructure service providers have become more connected with smart factories and smart metering there is a large array of systems now accessible through the internet. These systems are complex and have tools that influence machinery in industries such as oil, gas, water, controlling everything from meters to entire pipelines.

To learn more about how Smarttech247 help with protecting critical infrastructure visit www.smarttech247.com