ETSI publishes cybersecurity advice on the NIS Directive

Sophia Antipolis, 24 October 2017

Today, ETSI announces the publication of ETSI TR 103 456, a technical report released by ETSI’s technical committee on Cybersecurity (TC CYBER). The report provides advice on implementing the NIS Directive which lays down measures for a high common level of security of network and information systems across the European Union.

ETSI TR 103 456 provides guidance on the available technical specifications and those in development by major cybersecurity communities in the world which are designed to meet the legal measures and technical requirements of the NIS Directive.

The report covers several cybersecurity issues and requirements:

• Methods for structured sharing and exchange of information
• Incident notification
• Technical and organizational information system risk management
• Challenges and solutions
• Technical recommendations

Cybersecurity risk management involves assessing a range of risks in the context of an organization’s environment, understanding assets, resources and processes that are fundamental to the organization, and taking steps to ensure that the organization continuously improves how it protects, detects threats and responds to incidents involving those assets, resources and processes.

“ This new ETSI report provides a broader cybersecurity context building on the NIS Directive or the ENISA Standardization Gaps Report ”, declares Charles Brookson, chairman of ETSI TC CYBER. “ ETSI has a long expertise in security matters, including the work developed in our cyber group. This report should help those striving to meet the requirements of the NIS Directive, and guide them on how to meet them. ”

ETSI’s Technical Report is intended to be used by all who need to consider the effects, use or perform the legal transposition of the NIS Directive into national legislation, whether they be regulators, operators of essential services or digital service providers.

As ETSI is working on new technologies such as NFV, 5G or quantum computing which bring new security challenges, various ETSI groups work closely with TC CYBER and make sure security by design is included in all specifications from the beginning. TC CYBER have published 17 specifications and reports on Cybersecurity over the last 3 years.