Become a Member

ECSO submits Member’s Feedback on ENISA’s technical guidance for the cybersecurity measures of the NIS2 Implementing Act

In response to ENISA’s open consultation process, The European Cybersecurity Organisation (ECSO) is providing feedback to enhance the Technical Guidance on NIS2 Implementation. The Technical Guidance represents a significant step forward in providing actionable recommendations for companies within the directive’s scope

ECSO’s Members recommend modifications to enhance effectiveness of the Technical Guidance and align with current security best practices. The introduction should be refined to better reflect the principles of proportionality, appropriateness, and feasibility.

The security framework would benefit from a more detailed enumeration of risk analysis and security objectives throughout its chapters. While the roles and responsibilities section is thorough, it could be strengthened by including practical organizational charts that demonstrate duty segregation, with the positive inclusion of ECSF references for role definition.

The risk management component needs expansion to address gross risk assessment, existing security measures’ impact, residual risk evaluation, risk appetite considerations, and resource allocation mechanisms, along with specific risk metrics.

The incident handling procedures require clearer distinction between security events and incidents, including severity level classifications and corresponding response protocols. For modern infrastructure considerations, the backup management strategy should incorporate cloud-specific provisions, including cross-zone replication and encryption protocols.

Additional recommendations include requiring CSIRT contact point certifications, developing comprehensive supply chain risk mitigation strategies, leveraging the Cyber Skills Academy resources, integrating cybersecurity frameworks and maturity models into human resources security, and implementing device attestation for enhanced access control measures.

Read the feedback

Read the newly released ECSO White Paper on NIS2 Implementation

The European Cyber Security Organisation (ECSO) has published a White Paper titled ”NIS2 Implementation: challenges and priorities”This White Paper aims to provide a comprehensive analysis on the current state of NIS2 implementation across member states and affected organisations, providing insights into adoption progress and readiness levels.

The contents of this white paper:

This White Paper arrives at a critical juncture, as the majority of EU member states have yet to transpose the NIS2 Directive, despite the October 17, 2024 deadline. Our research provides a comprehensive analysis of:

  • The varying approaches to implementation across EU countries in key cybersecurity areas
  • Results from our Europe-wide survey of cybersecurity practitioners on organizational preparedness
  • Detailed case studies of sectoral implementation

The findings emphasise the critical need for countries to harmonise their approaches across Europe to address the current fragmentation. The document includes key takeaways from our analysis of national and companies implementation approaches, along with actionable recommendations for institutional stakeholders to enhance the implementation process.

Read the white paper

Webinar: deep dive into NIS2 Implementation: Challenges and Priorities

The European Cyber Security Organisation (ECSO) is proud to host an exclusive Webinar on to the presentation of the NIS2 Implementation White Paper, taking place on 22 January at 13:00 CEST. 

At the webinar we will showcase a comprehensive analysis of:

  • The varying approaches to implementation across EU countries in key cybersecurity areas
  • Results from our Europe-wide survey of cybersecurity practitioners on organisational preparedness
  • Case studies of sectoral implementation

The White Paper includes actionable takeaways from our analysis of national and companies implementation approaches, along with actionable recommendations for institutional stakeholders to streamline the implementation process.

We invite you to participate in our webinar, which will feature a Q/A session and open discussion following the presentation. This will provide an opportunity to share your NIS2 implementation challenges and contribute to shaping future initiatives.

Discover the details

About the ECSO Working Group 3

The author of this paper is the ECSO Working Group 3 – Cyber Threat Management. The mission of this group is to provide support to organizations in tackling cyber threats in collaboration with industry leaders in areas of strategic importance like the CTI and implementation of the EU cybersecurity policies.

Find out more about Working Group 3
Sebastijan Cutura ECSO

Sebastijan Čutura

Senior Manager, Industry Cybersecurity

sebastijan.cutura[at]ecs-org.eu

Tomasz Michałowski

Junior Manager for European Cyber Security Community

tomasz.michalowski[at]ecs-org.eu

Share this article on social media

Search

Recent Posts

ECSO Statement on Healthcare Cybersecurity Action Plan by European Commission

Read More
X-twitter Linkedin

secretariat[at]ecs-org.eu

Avenue des Arts 46 Kunstlaan, 1000 Brussels, Belgium

Subscribe to our newsletter

Subscription form

Subscribe to our newsletter

© ECSO All rights reserved

Data Privacy Policy

EU Transparency Registry 684434822646-91