Ireland and the Network and Information Systems Directive
Minister Denis Naughten, has announced important new security requirements for critical national infrastructure in Ireland.
These requirements will apply to the network and information systems of critical national infrastructure providers in Ireland. These include providers in areas such as digital communications. Transport, healthcare, energy and drinking-water supply. These cybersecurity requirements are mandatory principles that all operators of essential services must comply with.
Naughten said: “Information technology and digital technology is an integral part of almost all services on which individuals, businesses, families and communities in this State rely.
“Critical national infrastructure such as energy, telecommunications and transport networks, and services such as healthcare, financial services, education, and drinking-water supply and distribution, have been optimised through internet technology, which also increases their vulnerability to cyberattacks.”
The mandatory cyber security requirements are based around five principles: identify, protect, detect, respond, and recover. All operators must assess and put in place appropriate security measures. The OES process has been underway for some time now.
Naughten continued: “Identifying these operators of essential services in Ireland will help prioritise cybersecurity within those organisations and will also ensure that operations in the relevant critical national infrastructure sectors will have to maximise the preparedness of their computer networks information technology from a cybersecurity perspective.”
Naughten also emphasised that OES will be responsible for identifying systems required to comply with the regulation and able to demonstrate that they are applying security principles. “These security principles mark a substantial step forward in that all operators of essential services in the critical national infrastructure sectors will be obliged to secure their network and information systems from a cybersecurity perspective,” Naughten said.
He added: “In the European Union, we have taken a very rigorous and comprehensive approach to cybersecurity, and to the protection of critical infrastructure in particular.”
How to achieve compliance with the NIS Directive
The best approach to achieving compliance is for DSPs and OES to implement a cyber resilience programme that incorporates measures for information security, business continuity and incident response.
The implementation of business continuity management, penetration testing and cyber incident response (CIR) management can help organisations achieve a heightened level of cyber resilience and help facilitate compliance with the NIS Directive.