ETSI publishes cybersecurity advice on the NIS Directive
ETSI announced the publication of ETSI TR 103 456, a technical report released by ETSI’s technical committee on Cybersecurity (TC CYBER). The report provides advice on implementing the NIS Directive which lays down measures for a high common level of security of network and information systems across the European Union.
ETSI TR 103 456 provides guidance on the available technical specifications and those in development by major cybersecurity communities in the world which are designed to meet the legal measures and technical requirements of the NIS Directive.
The report covers several cybersecurity issues and requirements:
- Methods for structured sharing and exchange of information
- Incident notification
- Technical and organisational information system risk management
- Challenges and solutions
- Technical recommendations
Cybersecurity risk management involves assessing a range of risks in the context of an organisation’s environment, understanding assets, resources and processes that are fundamental to the organisation, and taking steps to ensure that the organisation continuously improves how it protects, detects threats and responds to incidents involving those assets, resources and processes.
“This new ETSI report provides a broader cybersecurity context building on the NIS Directive or the ENISA Standardisation Gaps Report”, declares Charles Brookson, chairman of ETSI TC CYBER. “ETSI has a long expertise in security matters, including the work developed in our cyber group. This report should help those striving to meet the requirements of the NIS Directive, and guide them on how to meet them.”
ETSI’s Technical Report is intended to be used by all who need to consider the effects, use or perform the legal transposition of the NIS Directive into national legislation, whether they be regulators, operators of essential services or digital service providers.
As ETSI is working on new technologies such as NFV, 5G or quantum computing which bring new security challenges, various ETSI groups work closely with TC CYBER and make sure security by design is included in all specifications from the beginning. TC CYBER have published 17 specifications and reports on Cybersecurity over the last 3 years.