The 2016 NIS Directive in brief.

The 2016 NIS Directive in brief.

What is NIS?

The NIS Directive (Network and Information Security) was adopted on July 6, 2016 and is the first European law on cybersecurity. Its purpose is to secure networks and IT systems against attacks and data theft within the European Union.

It imposes a number of obligations on Member States and obliges them to establish appropriate supervisory institutions and introduce cooperation mechanisms.

Scope of the NIS Directive.

NIS applies to two types of entities:

key service operators:

entrepreneurs from the sectors of energy, transport, banking and financial market infrastructure, health care, drinking water supply, digital infrastructure,

digital service providers:

online trading platforms, online search engines, cloud computing services.

Identification of operators and suppliers

Operators of essential services are subject to a six-step identification method

Digital service providers are to be identified at EU level.

Obligations of operators

introduction of protection measures (technical and organizational) depending on the level of risk,

the need to report incidents

Obligations of suppliers

ensure the level of security depending on the identified risk,

report incidents to the appropriate authorities or CSIRT

Organization and major supervisory institutions in brief:

Competent authorities
Their task is to supervise key service operators and digital service providers. Authorities receive information about the safety status from operators and suppliers and should conduct safety audits.

CSIRT
Computer Security Incident Response Teams, which cover all designated key service operators and digital service providers. CSIRTs are elected by the authorities of the member countries.

ENISA Agency
Network of Computer Security Incident Response Teams - has the role of an observer collecting data at the European level

CERT-EU (Computer Emergency Response Team) operates at the European level

Cooperation Group
Its tasks include cooperation, exchange of good practices and collecting periodic reports. The group is composed of the European Commission, state representatives, CERT-EU and the ENISA agency.

In the country we distinguish:

CERT Polska is the first incident response team established in Poland, one of three CSIRTs (Computer Security Incident Response Team) at the national level, responsible, among others, for protecting Polish cyberspace against threats and participating in international scientific and research projects.

CSIRT NASK is a Computer Security Incident Response Team, operating at the national level, run by the Scientific and Academic Computer Network - National Research Institute based in Warsaw.


30/04/2024
source: Safe Cyberspace Foundation

---------------------------------
Dyrektywa NIS, NIS, Bezpieczeństwo sieci i informacji, cyberbezpieczeństwo,Incydenty Bezpieczeństwa Komputerowego, CSIRT, CERT-EU, CERT Polska, CSIRT NASK, NASK, zabezpieczenie sieci i systemów informatycznych, zabezpieczenie sieci przed atakiem, zabezpieczenie systemów informatycznych przed atakiem, zakres dyrektywy NIS, obowiązki w ramach dyrektywy NIS, zespół reagowania na awarie komputerowe, NIS Directive, NIS, Network and information security, cybersecurity, Computer Security Incidents, CSIRT, CERT-EU, CERT Polska, CSIRT NASK, NASK, securing networks and information systems, securing networks against attacks, securing IT systems against attacks, scope of the NIS directive , obligations under the NIS directive, computer failure response team,