By Nazeer Baig, Privasec’s Managing Consultant
Cyber security of critical infrastructure and essential services nationwide has been an area of concern for a long time. In that aspect, adopting the Network and Information Systems Directive or the NIS Directive formulated by the European Union in August 2016 appears to be an excellent decision by Australia to elevate the security level of critical infrastructure networks and information systems.
Cyber security is paramount in today’s digital world. The recent geopolitical events have seen more foreign involvement in Australia’s critical information infrastructure development and essential service operations. The scenario, in turn, paves the way for more cyber threats in the various public and private sectors. Adopting the NIS Directive by Australia will therefore lead to several benefits for different industry sectors. The Network and Information Systems Directive is a vital step in ensuring the security and continuity of critical infrastructure and essential services. Besides, it will significantly aid the industries that heavily rely on online activities for their day-to-day operations.
Its aim is to reduce cyber threats to both public and private players. As a result, both national governments and law enforcement authorities have continuously been implementing numerous legislation to curb the menace of online fraud and cybercrimes.
What Sectors Does The NIS Cover?
The NIS focuses on two categories:
- Operators of critical infrastructure and essential services are indispensable for the day-to-day functions of a nation. Thus, areas such as energy, transport, banking, financial services, health, water, defence, and digital infrastructure fall under the NIS Directive’s ambit.
- The second category is those who provide digital platforms to organisations to run their businesses. This category contains domains such as online marketplaces, cloud-computing services, and search engines that have to be liable for any security breach under their watch.
The above graph is indicative of the challenges faced by the Australian authorities. Online crime has seen an increase in all major sectors, especially in government, and with advancements in technology, there will only be a further increase in the sophistication of attacks.
In a similar trend, Australian authorities saw investment scams alone generating total losses of AUD61.81 million. The figures are shocking.
NIS Directive And Its Effect On Australian Businesses
As Australia gradually integrates its critical infrastructure further with its global ambitions, it is expected to face an increasing number of cyber threats. Hence, Australia’s 2020 Cyber Security Strategy was conceived on the lines of the NIS Directive, which required both public and private businesses to adhere to stated guidelines. Although the Cyber Security Strategy is yet to be formally adopted, it is very much on the anvil. Consequently, critical service operators are keen to understand the nuances of the framework and undertake a gap analysis that will give them an idea of the areas of improvement and vulnerabilities in terms of cyber security strategies and will help them keep abreast of the latest guidelines.
Adopting the NIS Directive would also allow Australian businesses to leverage the best-in-class technology and training from more digitally advanced and technology-intensive geographies of the world.
The cyber security strategy initiative based on Network and Information System or NIS Directive for critical information infrastructure has increased importance in Australia. It entails operators from both the public and private sectors to adopt the best cyber security practices that the once European Commission legislation had envisaged. It would also mean that the standardisation of network security and a robust risk assessment ecosystem across various industry sectors would help build a resilient national critical information infrastructure. After all, cyber security is everyone’s responsibility.
About Privasec Cyber Security Services
Privasec is already assisting many stakeholders in the private and public sectors to enhance their cyber security posture and achieve compliance with relevant obligations (such as Australian ISM, SSAE 16 SOC2, GDPR, PCI etc.). Privasec’s comprehensive suite of solutions covers every aspect of cyber risk management—from advisory to implementation. We help clients perform better, solving complex problems so organisations can build secure futures.
Privasec cyber security consultants can conduct the NIS directive gap analysis, highlighting shortcomings in your overall security programme, helping you prioritise objectives and establish a roadmap for achieving full compliance with the NIS Regulations. This gap analysis service will enable you to develop your current level of compliance based on the requirements of the NIS Regulations.