The HSD Expert Round Table NIS2 & OT-security
On Friday 30 September 2022, Security Delta (HSD) organised an Expert Round Table NIS2 & OT-security at the HSD campus. During this event, organisations from the public and private sector discussed the opportunities and prospects brought by the European NIS2 directive related to OT security. The event was part of the OT-Security Community of Practice (CoP). The CoP is set up by HSD and aims to increase OT-security awareness, establish best practices, and develop and share tools and research. For more information click here.
The discussion was started with an introduction of the NIS2 directive by Bart Groothuis, Member of European Parliament, and rapporteur for the NIS2 directive. Other discussion topics were brought in by Marcel Jutte of Hudson Cybertec, Vincent Schijven of TÜV and Yoram Meijaard of TNO and concerned the practical implications of the NIS2, CYRA and recovery capacity.
Other organisations that participated in the round table were Agentschap Telecom, Secura, Tesorion, Accenture, Siemens, Royal Floraholland, Booz Allen Hamilton, Connect2Trust, Shell, ONE-Dyas, Compumatica, Hoogheemraadschap van Rijnland, Autoriteit Nucleaire Veiligheid en Stralingsbescherming, Ministerie van Economische Zaken en Klimaat, Ministerie van Infrastructuur en Waterstaat, Ministerie van Defensie.
Cybersecurity and OT security have generated much attention in the past year, putting policymakers, legislators and companies on edge. The NIS2 directive will set stricter requirements for digital security in Europe. NIS stands for Network and Information Systems. Currently, Europe has implemented the NIS1 directive targeting essential businesses such as water, energy, and telecom companies. NIS2 increases cybersecurity requirements across Europe and classifies more organisations as essential businesses. This broadening and deepening of European regulation introduces challenges for both public and private organisations.
To address these challenges, the Expert Round Table NIS2 & OT-security was a great vehicle to share information and strengthen the dialogue between the public and private organisations. The OT-security Community of Practice will continue its efforts to put the issue of OT-security on the agenda and to facilitate knowledge sharing.
For more information on the implications of OT and IT integration for cybersecurity, read our report here.
Bart Groothuis: "The NIS2 is a much-needed update of Europe’s flagship cybersecurity legislation that will tighten cybersecurity requirements for companies and governments and apply them to more key industries. This credit-positive directive will set higher security standards for more than 160,000 organizations across Europe, which can face fines when they breach their obligations."
Marcel Jutte: "Compared to existing legislation, stricter requirements are set for the NIS2 for the asset owners already included in the NIS. In addition, the NIS2 will also have a major impact on the entire supply chain. Especially with the latter, not everyone is aware that they have to comply with the new legislation, so a lot still needs to be done."
Vincent Schijven: "NIS2 could be the game changer that is needed to bring about a massive change in cybersecurity because sole intrinsic motivation creates insufficient movement. The broader target group and the duty of care included within supply chains are important aspects for entrepreneurs, large and small, to work on improved cyber resilience. A central approach such as with the CYRA creates efficiency, trust, and added value that stakeholders can rely on."
Yoram Meijaard: "One of the unique characteristics of OT-security is the importance of availability in opposition to confidentiality. To ensure this, recovery capacity after an incident is critical."