NIS2

How Kappa Data can help with NIS2 directives

What is NIS2

NIS2 is a European directive focused on the security of Network and Information Systems (NIS2) and contains a set of regulations to ensure the security and resilience of these systems throughout the European Union (EU). This directive seeks to improve cybersecurity in the EU in several ways. These guidelines are an extension of the existing NIS guidelines (since 2016), but also extended to other sectors.

With EU countries adopting the NIS2 directive by the end of 2022, member states still have two years to transpose it into national legislation. The Belgian government have approved the draft law since April 18 and is currently being transposed into law, with the goal of becoming effective Oct. 17, 2024.

Compliancy NIS2

The NIS2 directives apply to critical (important) as well as very critical (Essential) entities and services. Companies between 50 and 250 employees are considered “important” entities, while entities with more than 250 employees fall under “Essential.” Smaller entities fall outside this scope, but may still be determined as critical or very critical by our government. Especially in the Supply Chain, larger entities may have higher security requirements for their “smaller” suppliers. That is why it is important to inform yourself well with the Cybersecurity Center Belgium (CCB)

An important element within these directives is top management accountability. Thus, top management is required to undergo additional training to master the content of these NIS2 directives. In the event of an incident, management can be held liable for this. Awareness among its own personnel must also be updated on a regular basis.

CyberFundamentals Framework

The CCB also refers to the Cyberfundamentals Framework which is based on the well-known ISO27001 framework. This framework consists of 5 core functions :

1. Identify: Know key cyber threats to your most valuable assets. Essentially, you can’t protect what you don’t know exists. This function helps to
   develop an organizational understanding of how to manage cyber security risks related to systems, people, assets, data and capabilities.
2. Protect: The protect function focuses on developing and implementing the safeguards needed to mitigate or contain a cyber risk.
3. Detect: The purpose of the Detect function is to ensure that cyber security events are detected in a timely manner.
4. Response: revolves around the controls that help respond to cyber security incidents. The Respond function supports the ability to contain the impact of a potential cyber security incident.
5. Recover: focuses on the safeguards that help maintain resilience and restore services affected by a cyber security incident.

This cyberfundamentals framework is already being used as a framework for both the important and essential entities. In short, any company that qualifies for the NIS2 directives will need to apply these 5 core functions of the framework.

For example, we at Kappa Data are already seeing many questions coming in about the various solutions for both Detect and Response requirements.

The NIS2 legislation will be a challenge for many companies. Beyond applying additional security technologies, company management will have to perform risk assessments on every part of its business. Thus, numerous procedures and regulations will have to be established, which will require a lot of time and administration from the company.

Timeline implementation NIS2

On April 18, the Belgian Parliament also unanimously approved the draft law from the EU and work is currently underway to transform this draft into a proper legal text that will then become active on October 17, 2024.

Companies still have extra time to register as an important essential company with the CCB until March 31, 2025, but must take the initiative to do so themselves.

The final deadline for the application of the NIS2 legislation has been set for April 18, 2027, giving companies time to put both procedures, administration and other application in place.

However, essential entities will have to comply with the basic measures of the Cyberfundamentals framework by April 18, 2026.

For both essential and key entities, it is recommended to start by implementing the basic measures of the Cyfun framework and you can also obtain an attestation for this from the Conformity Assessment Body.

You can visit the page above to perform your own scope test soon, find a self-assessment tool and obtain an attestation.

Learn more about NIS2 solutions

Did you miss one of our webinars, but would still like more info on how Kappa Data can help your business? No worries, send your question to one of the email addresses listed below :

[email protected] | [email protected]

Conclusion

Enacting legislation around cybersecurity will make businesses more resilient to massive cyber-attacks by hackers. However, this legislation will cause quite a few headaches for many business owners. There are quite a few challenges to raising awareness within companies, establishing procedures and ISMS systems. Therefore, we at Kappa Data offer our knowledge and solutions to IT Partners to solve issues around total network visibility, vulnerability management, detect-response-recover solutions, Network Access Control and many other technologies considered necessary within the NIS2 legislation.

As a Value Added Distributor, we recommend that our partners reach out to their customer base themselves and start the conversation, how they can unburden their customers with technology. Would you like to learn more about one or more solutions? Then contact your Account Manager, to set up a meeting. We are happy to help our partners implement technology solutions for the NIS2 requirements with their customers.

Still have questions about NIS2? Get in touch with our team. We will be happy to help you further.