New EU Directive on Protection Against Hacking
Cybersecurity: Need for Action Increasing
Interconnection between the material world and the internet (the “internet of things”) and the associated risks for corporations are steadily increasing. Against this backdrop, an EU-wide approach to cybersecurity issues is becoming more and more important. According to DEKRA experts, the NIS directive that entered into effect in August is a first step in the right direction.
The NIS directive on network and information security, which was passed in July and came into effect in August with a two-year transition period, establishes European standards intended to inhibit cyberattacks and improve the exchange of information. According to DEKRA experts, it constitutes a sensible complement to the more general ISO 27001 information security management guidelines and the IEC 62443 technical standard for the integration of industrial systems with communications networks.
However, further measures are still needed in order to guarantee genuinely secure handling of sensitive data and systems, says Bert Zoetbrood, manager for the global Testing & Product Certification business unit: “Cybersecurity is a complex organizational problem that requires technical and process-oriented testing and certification programs.”
Beyond just data security itself, a critical need for action exists concerning the functional security of components and systems that could have a severe impact on public order and safety, should they malfunction. Zoetbrood additionally states that manufacturers should ensure that networked systems do not mutually impair each others’ operations, which could lead to dramatic consequences. The goal is to prioritize uninterrupted interaction between the triad of individual components, systems, and processes.
The NIS directive on network and information security, which was passed in July and came into effect in August with a two-year transition period, establishes European standards intended to inhibit cyberattacks and improve the exchange of information. According to DEKRA experts, it constitutes a sensible complement to the more general ISO 27001 information security management guidelines and the IEC 62443 technical standard for the integration of industrial systems with communications networks.
However, further measures are still needed in order to guarantee genuinely secure handling of sensitive data and systems, says Bert Zoetbrood, manager for the global Testing & Product Certification business unit: “Cybersecurity is a complex organizational problem that requires technical and process-oriented testing and certification programs.”
Beyond just data security itself, a critical need for action exists concerning the functional security of components and systems that could have a severe impact on public order and safety, should they malfunction. Zoetbrood additionally states that manufacturers should ensure that networked systems do not mutually impair each others’ operations, which could lead to dramatic consequences. The goal is to prioritize uninterrupted interaction between the triad of individual components, systems, and processes.