Unified-Firewalls-Rohde-Schwarz-Cybersecurity

On the move: NIS directive

While the GDPR has been in the limelight for the most part of 2018, the NIS directive made a very discreet entry into national law of some of the EU Member States by a set of transposition measures. In fact, the NIS Directive is much broader in scope than the GDPR, which only covers personal data. The NIS Directive applies stringent regulations regarding the security of network and information systems and affects all digital data.

Yet contrary to GDPR, only to a restricted list of actors are subject to the NIS Regulations. The NIS Directive identifies two new categories: Operators of Essential Services (OES) and Digital Service Providers (DSP). The OES have to comply with more stringent security requirements than DSPs because of the inherently higher risks they face.

From a strategic perspective, the NIS Directive represents the cornerstone of the EU’s efforts to step up its overall cybersecurity. It is the security counterpart to the European Digital Single Market of 2015 focused on making the EU single market fit for digital age to drive growth from online tools. The NIS Directive imposes a common high level of network and information system security within the European Union.

The complexity of the directive, local legislations and related fines, reputational risks and required investments may understandably be quite daunting for the parties concerned. Furthermore, a NIS incident may lead to a personal data breach, where an initial attack on a service may subsequently compromise personal data that the service processes, (e.g. sensitive customer information). In case of such an unfortunate scenario, the company may be subject to regulatory actions under both NIS and GDPR laws. The OES and DSPs subject to the NIS Regulations are required to implement appropriate security measures to protect and ensure the continuity of services that are essential to critical infrastructures. In doing so, they will achieve NIS compliance, boost the overall level of cybersecurity for their company as well as promote a culture of security across the EU. As the cybersecurity threat landscape is evolving fast, it is necessary to swiftly engage the process outlined by the NIS. Although full compliance may take time, the ability to demonstrate that the NIS Directive is at the core of an organization’s cyber security strategy is the first step towards it.

The company must conduct adequate risk assessments, enact appropriate security measures and implemented robust incident response plans. While no cybersecurity vendor may claim to deliver full NIS Directive compliance, Rohde & Schwarz Cybersecurity portfolio can help to get started on the right path with protecting the organizations’ applications and cloud-based digital assets. Rohde & Schwarz Cybersecurity is one of the rare European security vendors with own core technologies and expertise committed to regulatory compliance.

Rohde & Schwarz Cybersecurity has a strong footprint in Europe with local support and training able to help you implement the requirements outlined by NIS.

Request information

Do you have questions or need additional information? Simply fill out this form and we will get right back to you.

Marketing permission

I want to receive information from Rohde & Schwarz via

What does this mean in detail?

I agree that Rohde & Schwarz GmbH & Co. KG and the Rohde & Schwarz entity or subsidiary company mentioned in the imprint of this website, may contact me via the chosen channel (email or postal mail) for marketing and advertising purposes (e.g. information on special offers and discount promotions) related to, but not limited to, products and solutions in the fields of test and measurement, secure communications, monitoring and network testing, broadcast and media, and cybersecurity.

Your rights

This declaration of consent may be withdrawn at any time by sending an email with the subject "Unsubscribe" to news@rohde-schwarz.com. Additionally, a link to unsubscribe from future email advertisements is contained in each email sent. Further details on the use of personal data and the withdrawal procedure are set out in the Statement of Privacy.

Your request has been sent successfully. We will contact you shortly.
An error is occurred, please try it again later.