Unustasin parooli

Sisesta veebipoe kontoga seotud e-posti aadress ja saadame uue parooli.

Vajan abi

Saame kõige kiiremini aidata tööpaevadel, kui helistad 6518 140.
Võid ka meili saata ja võtame ise ühendust: info@electrobit.ee

Meie tooteportfell

Meie eesmärk on pakkuda innovaatilisi lahendusi ja kaasaegseid tööstusautomaatika tooteid. Täiendame ja uuendame oma tooteportfelli pidevalt, et pakkuda uusimaid ja tõhusaimaid lahendusi.

  • Drives
  • Control
  • Robots
  • Vision
  • Data communication
  • Safety equipment
  • Sensors and encoders
  • Components

NIS 2 Directive - IEC 62443

Networks remain protected,
NIS2 watchful hand,
Secure in silence.
From ChatGPT>

.

NIS 2, which stands for "Second Network and Information Systems Directive," is a European Union directive that aims to establish common standards to enhance cybersecurity in infrastructure sectors. The Directive covers a wide range of measures to ensure cybersecurity for critical businesses such as energy, healthcare, financial services, transport, water, telecoms and digital services providers. The aim is to strengthen defences against cyber threats and to ensure the operational security and resilience of these sectors in the event of potential cyber attacks.

Here are just two key aspects of NIS 2:

Incident Reporting

.

As a business, you have a responsibility to report significant cybersecurity incidents to the appropriate authorities. The aim is to improve incident response capabilities, facilitate information sharing and increase situational awareness across the EU.

Risk management

.

Businesses have an obligation to implement risk management measures to effectively identify, assess and mitigate cybersecurity risks. This includes putting in place appropriate security measures, implementing incident response plans and continuous improvement and training of all staff.

IEC 62443 is an international series of standards that addresses cyber security for operationally critical automation and control systems.

Sectors concerned:

  • Energy: electricity, oil and gas, district heating
    • .
  • Transport: air, rail, water and road
    • .
  • Banking: financial infrastructure
    • .
  • Health
  • Water management: drinking water and waste water treatment
  • Digital services: cloud services, search engines, online marketplaces
    • .
  • Sectors: public administrations and local authorities
  • Food industry: food supply and production systems
  • Chemical industry: chemical manufacturing and supply chains
  • Cosmose and defence

All these sectors are critical and strengthening their cyber security is essential to ensure the functioning of society and the continuity of services in the face of cyber threats.

Cybersecurity topics are broken down by stakeholder categories/roles, including:

  • Operator
  • Service providers (integration/maintenance)
    • .
  • Systems/component manufacturers

Technical requirements for systems (IEC 62443-3-3) and products (IEC 62443-4-2) are assessed in the standard through four so-called Safety Levels (SL). The different levels indicate the resistance to different classes of attackers.

  1. SL 1 - Protection against random attacks:
    This level assumes that the system is able to protect against simple and random attacks, such as automated malicious programs that do not have a deliberate purpose to attack the system. This level is considered to be a minimum security measure.

  2. SL 2 - Protection against low-level attackers:
    SL 2 is designed for systems that need to be able to defend against attacks by attackers with limited knowledge and resources, but who use publicly available tools and techniques. Attackers can target a system in a targeted manner, but their skills are low.

    They have limited resources and resources to attack a system.

  3. SL 3 - Protection against attackers with intermediate skills:
    This level is designed for more sophisticated attacks where attackers are well equipped and have more knowledge and resources. They may use specialised tools and attack methods that require technical skills, but may not be advanced national level attackers.

    .

  4. SL 4 - Protection against highly motivated and resourced attackers:
    The highest level of security is used for systems that need to be protected against highly skilled and well-funded attackers, such as state-sponsored cyber-attacks. Attackers can use targeted and sophisticated attack techniques that require deep technical knowledge and large resources.

    5. Increasing levels of security require increasingly stringent technical security measures from systems and products, increasing their resilience to different types of attackers and the tools they use.

    NIS2 Directive - 4 key requirements to meet

    Risk management and incident response

    Enterprises must implement risk management measures to ensure that risks affecting the security of their networks and systems are adequately addressed:

    • Conducting regular risk assessments
      • .
    • Extensive incident response and recovery plans in place.
    • Implementing security measures to mitigate cybersecurity risks, such as encryption, patch management and monitoring.

    Incident reporting requirements

    .

    According to NIS2, companies are required to report significant cybersecurity incidents to National Competent Authorities (NCAs) within strict timeframes:

    • The initial notification must be submitted within 24 hours
      • .
    • A detailed incident report must be submitted within 72 hours.

    Supply chain security

    .

    Companies must ensure that their supply chains and third-party service providers meet appropriate security standards. This includes:

    • Assessing the risks posed by suppliers and service providers
      • .
    • Assuring that third-party services, such as cloud services or IT service providers, meet security requirements.
    • Implementing contractual agreements with vendors setting out their security obligations.

    Governance and accountability

    .

    Senior management is responsible for the organisation's cyber security practices. Companies must:

    • Designate an individual or team responsible for managing cybersecurity risks
      • .
    • Provide board-level oversight and awareness of cybersecurity risk management.
    • Provide training and awareness programs for employees.

    NIS2 Directive - non-compliance!!!

    .
    • Fines.
    • Legal actions/cases: This may include lawsuits brought by affected parties or enforcement actions brought by regulators.
      • (depending on the level of infringement).
    • Material damage: Reduces trust among customers, partners and stakeholders. It can lead to loss of business opportunities and negative public opinion.
      • .
    • Business disruption:Disrupts business operations, causing financial losses, business disruption and damage to critical infrastructure.
      • .
    • Loss of contracts or licenses: Risk of losing contracts, licenses or certifications, especially if their non-compliance with cybersecurity regulations jeopardizes the security and stability of critical services or infrastructure.

    Osale Westermo at NIS2 webinar

    .

    .

    Employable devices to support your NIS2 compliance

    We provide NIS2 (IEC 62443-4-2) compliant Westermo communication equipment to ensure the security and reliability of your network. Our equipment is specifically designed to meet high cybersecurity requirements and help protect your critical infrastructure and data.

    why Westermo?