The European Commission is inviting public input on a draft implementing act under the NIS2 Directive, aimed at achieving a high common level of cybersecurity across the EU.
The public can provide feedback via the ‘Have Your Say’ portal until July 25, as part of a four-week consultation process. This act will establish specific technical and methodological requirements for cybersecurity risk management applicable to entities within the digital infrastructures, digital providers, and ICT service management sectors.
The NIS2 Directive, which expands its scope to include medium and large entities in crucial sectors such as public electronic communications and digital services, enhances cybersecurity measures and standardizes incident reporting across the EU. The draft implementing act details the requirements for managing cybersecurity risks and outlines significant incident scenarios for a wide array of service providers, including cloud computing, data centers, and social networking platforms.
In recognition of the varying capabilities of entities, the EU proposes proportional measures where smaller entities can adopt alternative methods to meet these cybersecurity standards. The draft emphasizes a comprehensive approach to risk management, including risk identification, evaluation, and treatment, supported by continuous education and documentation of security measures.
Authorities are encouraged to offer guidance to entities for risk assessments and implementing suitable risk management frameworks. The draft also addresses the evolution of network security protocols and supports the involvement of various stakeholders through a multi-stakeholder forum to elevate cybersecurity levels swiftly.
Entities are required to review their security management practices independently, monitor their systems for anomalies, and develop robust procedures for responding to incidents and managing supply chain risks. Security patch management and the implementation of network security solutions are also outlined as critical measures.
Overall, the proposal seeks to bolster the cybersecurity framework within the EU, enhancing the resilience of public and private sectors against cyber threats through structured asset management, the strategic allocation of cybersecurity roles, and timely incident response and recovery processes.
Source: industrialcyber.co
