Impactstudie CSIRT’s in het kader van de herziening van de NIB-richtlijn | Nieuwsbericht

Leave a Comment / CTI / By

News item |: 12-10-2022 |: 7:29 p.m

In June 2022, a political agreement was reached on the revision of the European Directive on Network and Information Security (NIS). This review is driven by developments in technology, ever-increasing digitization, increasing reliance on information and security networks, combined with new and existing threats. The new NIB2 directive extends the tasks and powers of CSIRTs compared to NIB1. The NIB2 guidance not only covers more areas, but the type of CSIRT tasks has been expanded. In response to this review, NCSC asked Tilburg University to conduct an impact study for its own organization and activities.

Purpose:

The objective of the study was to map the changes in the requirements and tasks of computer security incident response teams (CSIRTs) and the best practices in the execution of their tasks, as well as the organization. To this end, the researchers surveyed six CSIRTs from EU member states: NCSC in the Netherlands, CERT.at in Austria, CERT-FR in France, CERT-BUND in Germany, CERT-EE in Estonia, and the Cyber ​​Center. Security in Denmark.

Results

The main results of the research are as follows.

  • How CSIRT tasks are carried out varies widely between countries, as does good practice. This good practice is explained in detail in the attached report.
  • For most CSIRTs, the main challenges with the new NIB2 directive are the scalability of their operations, ensuring access to CSIRT services for new sectors and organisations, and coordinating different tasks within the national system.
  • The main differences between each country are whether they have a centralized or a more decentralized approach to organizing CSIRT tasks in the country, the use of risk-based or sectoral approaches to threats, different practices in terms of automating information sharing portals, sharing knowledge and tools for proactive scanning of vulnerable networks and organizations. :
  • Finding and maintaining the necessary capacity and resources through the expansion of sectors and organizations covered by the NIS2 Directive is a challenge for most CSIRTs. This applies to both HR and finance.
  • Establishing and building an ecosystem of trusted CSIRTs and organizations can help scale up the national CSIRT by ensuring that all sectors and organizations affected by the NIB2 Directive have access to CSIRT services.

Behind

The NIS2 directive will receive formal approval this autumn after a vote by the European Parliament and the European Council of Heads of Government. Member States then have 21 months to transpose the directive into new or existing laws and regulations. In the Netherlands, the Network and Information Systems Security Act (Wbni) will be amended for this purpose. The Ministry of Justice and Security will be involved in this case under the leadership of the Ministry of Justice and Security. During this period, choices will be made about how the directive will be interpreted and incorporated into our legislation. The results of this research will be incorporated into this process. During this process, the SCCC communicates with its current and potential future target groups on relevant issues.

Source link

Leave a Comment

Your email address will not be published. Required fields are marked *