NIS2 policy and Cyber Security
NIS stands for ‘Network and Information Security’
Information security increases availability and reduces damage. Contact us for a non-binding on-site analysis.
Legal matters
NIS stands for ‘Network and Information Security’ in administration and production. The European Union published the Network and Information Security Directive on 27 December 2022. Member states are obliged to transpose it into national law by 17 October 2024. The management level is responsible for compliance. As with the GDPR, ISO/IEC 27001, ISA/IEC 62443 or NIST 800, NIS2 applies in full to medium-sized and large companies. Minimum measures are recommended for small companies. NIS 2 applies to all sectors.
Terms
NIS: Network and Information Security.
IT: Information Technology in administrative area
OT: Operational Technology in production area
Security: Security in networked systems.
Safety: Safety for people.
MFA: Access protection via multifactor authentication.
ICT; Information and comunication technology
EHMI: Human Machine Interface
GDPR: General Data Protection Regulation
ERP: Enterprise Resource Planning
OEE: Overall Equipment Effectiveness
Backup: Data backup and storage of data carriers
Restore: Restoring or importing data backups
Key points of NIS
Risk analysis and security concept for information systems.
Management of security incidents.
Business continuity and crisis management.
Security within the supply chain.
Security measures for the acquisition/development/maintenance of ICT.
Concepts and procedures for evaluating the effectiveness of risk management measures.
Cyber hygiene and cyber security training
Cryptography and, where applicable, encryption
Personnel security, access control concepts
Multi-factor authentication
Baseline security for all companies
Risk assessment, information security policy and emergency plan
Define responsibilities.
Security training sessions.
Create a list of all networked devices.
Create a directory of access data using secure technology. Restrict access to files and programs.
Restrict and protect internet presence and external access.
Carry out security updates promptly. Replace discontinued devices, operating systems and applications.
Install protection programs against malicious software. Attack protection, malware protection, virus protection.
Create periodic backups.
Our expertise
Eberle Automatic Systems has many years of experience with automatic systems. Today, such systems are comprehensively networked for efficient operation. Controllers communicate with robots and cameras. Master computers and HMIs communicate with the ERP level, edge devices are connected to the internet and send sensor values for monitoring.
The increasing threat of cybercrime is not fully taken into account in systems, that have ‘grown’ over the years.
Eberle employs experts in the fields of automation, mechatronics and IT. We are able to comprehensively assess the existing system and propose measures, placing particular emphasis on cost-effectiveness.
In the course of a retrofit, a machine can become faster, more accurate, more stable, more energy-efficient and, at the same time, more suitable for NIS2 without incurring major additional costs.
Our service portfolio
- Retrofit of machinery and equipment (mechanical, electrical, software, OT) taking into account the requirements of NIS2 and the GDPR.
- Risk assessment and emergency plan. Consideration of recovery scenarios for the energy supply and infrastructure of critical systems, such as refrigeration for food, etc.
- Firewall for separation and segmentation of IT and OT networks.
- Access protection via MFA. Encrypted communication.
- Spare parts. Training and awareness.
- Backup & restore: machine parameters, product parameters, programs, historical measured values. Monitoring of devices and components such as overload, energy consumption, OEE,
- Preventive maintenance.
- Recurring analyses and tests for security and safety.
Click here to go directly to our Eberle online advisor.
Download our NIS2 brochure here.