Cyber security and NIS2 guideline

 

Brochüre Foto

NIS stands for ‘Network and Information Security’

Information security increases availability and prevents damage. Contact us for a non-binding on-site analysis.

 

Legal matters

NIS stands for ‘Network and Information Security’ in administration and production. The European Union published the Network and Information Security Directive on 27 December 2022. Member states are obliged to transpose it into national law by 17 October 2024. The management level is responsible for compliance. As with the GDPR, ISO/IEC 27001, ISA/IEC 62443 or NIST 800, NIS2 applies in full to medium-sized and large companies. Minimum measures are recommended for small companies. NIS 2 applies to all sectors.

Terms

NIS: Network and Information Security

IT: Information Technology. Administrative area

OT: Operational Technology: Production area

Security: Security in networked systems.

Safety: Safety for people.

MFA: Access via multifactor authentication.

ICT; Information and communication technology

EHMI: Human Machine Interface (user interface)

GDPR: General Data Protection Regulation

ERP: Enterprise Resource Planning (company management)

OEE: Overall Equipment Effectiveness

Backup: Data backup and storage of data carriers

Restore: Restoring or importing data backups

Key points of the NIS

Concept of risk analysis and security for information systems

Management of security incidents

Business >continuity and crisis management

Security of the supply chain

Security measures for the acquisition/development/maintenance of ICT

Concepts and procedures for evaluating the effectiveness of risk management measures

Cyber hygiene and cyber security training

Cryptography and, where applicable, encryption

Personnel security, access control concepts

Multi-factor authentication

Baseline security for small companies

Risk assessment, information security policy and emergency plan

Define responsibilities.

Hold security training sessions.

Create a list of all networked devices.

Create a directory of access data using secure technology. Restrict access to files and programmes.

Restrict and protect internet presence and external access.

Carry out security updates promptly. Replace discontinued devices, operating systems and applications.

Install protection programmes against malicious software. Attack protection, mailware protection, virus protection.

Create regular backups.

Our expertise

Eberle Automatic Systems has many years of experience with automatic systems. Today, such systems are comprehensively networked for efficient operation. Controllers communicate with robots and cameras. Master computers and HMIs communicate with the ERP level, edge devices are connected to the internet and send sensor values for monitoring. The increasing threat of cybercrime is not fully taken into account in systems that have ‘grown’ over the years.

Eberle employs experts in the fields of automation, mechatronics and IT. We are able to comprehensively assess the existing system and propose measures, placing particular emphasis on cost-effectiveness. In the course of a retrofit, a machine can become faster, more accurate, more stable, more energy-efficient and, at the same time, more suitable for NIS2 without incurring major additional costs.

Procedure

Kickoff meeting to define goals and expectations.

Review the OT security architecture. Identify vulnerabilities and potential attack surfaces.

Develop a robust, secure OT network architecture that incorporates industry best practices and standards. Security recommendations and concretely realisable measures.

Our service portfolio

Retrofitting of machines and systems (mechanical, electrical, software, OT) taking into account the requirements of NIS2 and the GDPR.

Risk assessment and emergency plan.

Consideration of recovery scenarios.
Energy supply and infrastructure for critical systems.E.g. refrigeration for food, etc.

Firewall for separating and segmenting IT and OT networks.

Access protection via MFA.

Encrypted communication.
Spare parts.

Training and awareness.

Backup & restore: machine parameters, product parameters, programmes, historical measured values.

Monitoring and notification of devices and components. Overload, energy consumption, OEE, preventive maintenance, etc.

Recurring analyses and tests for security and safety.

Click here to go directly to our Eberle online advisor.

You can download our NIS2 brochure here.