NIS Directive from EU

Fri, 02/26/2016 - 14:34 -- pottol

The “Network and Information Security Directive” was firstly proposed on February 7th, 2013 (see https://ccdcoe.org/sites/default/files/documents/EU-130207-ECNetworkAndInformationDirective.pdf). More than 3 years ago.

In its original intent, it was designed to ensure a high and uniform level of cybersecurity across the EU. It should represent a golden opportunity by:

  • fostering a (trusted and reliable) Digital Single Market

  • creating additional growth and efficiency

  • encouraging a vibrant knowledge-based society

  • issuing hundreds of thousands of new jobs

In brief, NIS would like to issue a shared approach for Risk Management and Incident Reporting, by establishing a unified cyber-security framework.

 

But… There is a  Controversy

In fact many Member States are raising objections about:

  • protection of their sovereignty in security

  • economic impact of this type of regulation

  • disclose and engage “operators of essential services” (usually private ones)

 

NIS Is a Need

However, the Directive is extremely important and powerful. Since the Cyber-Space is the battlefield of new Wars, a Cyber-Security and Cyber-Protection is the new need to cover by the Government. Moreover, issuing a common approach means providing EU with effective Unified Army, thus filling the gap of EU Armed Forces and instantly overtaking this ridiculous lack.

 

NIS Framework in Brief

Strictly speaking, the NIS DIrective is organized for providing the following:

  • Strategical: Improving Member States’ national cybersecurity capabilities

    • New National Strategy: to produce Official Document about strategic objectives and priorities on information security at national level

  • Tactical: Improving cooperation between Member States (as well as Private-Public)

    • Cooperation: to Issue competent authorities to provide cross-border support and strategic co-operation

    • Standards: to Establish the use of Well-Known standards and best-practices for designing and operation

  • Operational: issuing the framework by performing activities

    • Companies in Critical Sectors: to Involve private companies such as Internet services, energy, transport, banking and health

    • Security Practices: to Manage Risk and to Report Major Incidents to the national authorities

 

NIS Enforcement

The current version of NIS is here:

http://www.consilium.europa.eu/en/press/press-releases/2015/12/pdf/st15229-re02_en15_pdf

 

NIS is not still official, it still needs to pass the following requirements:

  1. Approval by the European Union Parliament’s Internal Market Committee

  2. Approval by the European Union Council’s Committee of Permanent Representatives

  3. Publication in the EU Official Journal

Once the NIS Directive is in force, the EU Member States will likely have a 21-month period to implement the regulation into their legislation and six months to identify their operators of essential services.