Reflections 18.09.2024

NIS2 obligates and protects

The NIS2 Directive is a new EU-wide legal framework that regulates and strengthens general information security. Its national implementation will come into effect in October. It grants company decision-makers both the right and obligation to comprehensively develop and improve information security through various means, such as risk assessments, information access policies, incident management, and supply chain protection measures.

The NIS2 Directive is particularly crucial for energy sector companies, which provide public services and are part of critical infrastructure, making them potential targets for cyberattacks. The energy system consists of complex networks involving multiple actors, making it vulnerable to various risks. Therefore, protecting the entire supply chain, as well as networks and information systems, is essential.

Different protection and control mechanisms are vital tools for managing security risks. I would particularly emphasize proactive protection, which prevents attempts to compromise the confidentiality, integrity, and availability of critical information. Proactive protection includes principles, processes, access controls, authentication, encryption, and firewalls.

In your own protection assessment, you should consider the following:

  • What critical information systems and data does your company have? What threats and risks are directed to these systems and data?
  • Who has access to your company’s data and databases (employees, third parties)?
  • What authentication practices are in place, if any?
  • What is your company’s software update policy? Are you using the latest versions of applications with comprehensive support from the provider?

Protecting against cyber threats is not only about technical solutions but also requires guidelines, procedures, processes, and awareness. The energy sector, like other key industries, must prepare for various types of cyber risks using at least ten of the security measures described in NIS2, which aim to protect network and information systems and their physical environments from incidents.

Aidon is ready for the implementation of the NIS2 Directive. We are preparing a checklist to help you assess your company’s NIS2 compliance. We are a trusted advisor also in cybersecurity and are happy to collaborate with our customers and partners on this aspect as well.

Harri Valkonen, Information Security Officer
Aidon Oy