Manufacturing is a crucial part of the European economy and encompasses many areas from small-scale production to large-scale industrial processes. NIS2 aims to reduce cybercrime losses.
As the sector becomes more digitized and connected, it faces increasing cybersecurity risks that could have serious consequences for public health and safety. To address these risks, the NIS2 directive classifies manufacturing organizations as critical entities and establishes new cybersecurity requirements that must now be met. The great relevance of the implementation of NIS2 for industrial companies is becoming clear in the current public debate. The Tagesspiegel reports that the Federation of German Industries (BDI) has published a position paper. In it, the association calls for, among other things, EU-wide harmonized implementation and more generous implementation deadlines. In addition, the directive in the field of digital infrastructure includes many new companies that fall under the critical sectors. According to a report by heise, these are estimated to be almost 160.000 companies and public institutions across the EU, almost 20.000 of them in Germany.
Cyber Security in Europe
The NIS (Network and Information Systems) Directive was the first EU-wide piece of legislation aimed at improving the security of network and information systems in the European Union. Since its publication in 2016, the organizations concerned are obliged to take appropriate measures to secure their network and information systems and to report any incident that has a significant impact on the continuity of their services.
NIS2 brings many more areas into focus, introducing fines, sanctions and penalties for failure to comply with proper risk management, basic cyber hygiene and unreasonable delays in countermeasures. This will force companies to constantly update their software and security protocols and implement access controls that prevent unauthorized access to systems and their activities.
NIS2 aims to reduce cybercrime losses by €11,3 billion per year. Achieving this goal requires an estimated 22 percent increase in cybersecurity budget for newly eligible organizations and 12 percent for organizations previously impacted by the current NIS policy.
opportunity and challenge
The impact will hit all manufacturers, including those making IoT devices, medical devices (IoMT) and operational technology (OT). According to the NIS2 directive, essential and important institutions must use certain certified ICT products, ICT services and ICT processes or obtain a certificate under a European cybersecurity certification scheme. This stipulates the safety of their products throughout the entire development process. This poses a major challenge, especially in cases where IoT products are particularly vulnerable to cyberattacks because they are built with inadequate security controls such as hard-coded passwords, lack of encryption of transmitted data, or difficult-to-fix software/firmware vulnerabilities. Industrial companies always need the help of technology partners to set up and implement a coordinated security strategy. The serious consequences of cyber attacks can only be mitigated or proactively prevented with a holistic approach.
Strengthening cybersecurity
Digital networking in manufacturing and OT environments is constantly being expanded, and of course all assets used there are increasingly being targeted by hackers. Due to the acute threat situation, comprehensive IT/OT security concepts are now required that take into account the special needs of industrial production and protect complex industrial systems from unauthorized access and impending production downtimes due to cyber attacks.
In addition to conducting security training and adhering to cyber hygiene, continuous monitoring of assets is a critical factor in enabling compliance with NIS2 guidelines. You can only protect assets that you can clearly identify. This type of complete visibility allows security teams to see anomalies and status changes in real-time, which in turn reduces SOC investigation time and potential damage. In particular, asset vulnerability management provides detailed information about each asset, no matter what type. By using intelligent asset management, companies get a complete overview of the latest vulnerabilities and compromises. This enables them to take a proactive role in strengthening their cybersecurity and stay ahead of threat actors.
More at Armis.com
About Armis
Armis provides the market-leading asset intelligence platform designed for the new threat landscape created by connected devices. Trusted by 40 Fortune 100 companies, our real-time, continuous protection to protect all managed and unmanaged IT, cloud, IoT devices, medical equipment (IoMT), operational technology (OT), industrial control systems (ICS) and 5G assets to be seen in full context. Armis customers span every industry, vertical market and segment, including government, state and local government, education (SLED), healthcare, critical infrastructure providers (CIP), retail, manufacturing, smart cities, transportation and consumer Energy Sector, including companies like Colgate Palmolive, Allegro Microsystems, Takeda Pharmaceuticals, Mondelez, PepsiCo, DocuSign, the Booking Group and many more. Armis is a private company headquartered in Palo Alto, California.