In the meantime, most people have understood that NIS legislation is not just an annoying piece of European government regulation. Utilities are too important to compete with security investments. The supply of neither gas, water, electricity and other basic necessities should be compromised, nor the security of the often highly confidential data.
In any case, compliance with existing laws and regulations is the absolute minimum. Energy companies and other utilities must comply with the obligations imposed by, inter alia, NIS.
But when do you take ‘sufficient’ measures, as NIS prescribes? And is being ‘compliant’ sufficient for your organisation?
This is where the cyber security framework comes into play. Such a framework fulfills the role of a step-by-step plan for cyber security. A good cyber security framework provides you with a structured overview of where you stand, where you need to go – taking into account the laws and regulations prevailing here – and where best to start. With the right framework, such a step-by-step plan can also help you translate the current level of vulnerability into financial risks. Always useful to attract the attention of senior management.
A framework is nothing more than a framework from which you can start, which gives you structure and a good view of what still needs to be done.
Interpreting it and elaborating each step for your specific environment remains an exercise that it is best not to start without experts. A good partner with experience in security and compliance, with years of experience in all facets of the utility sector and with the hands-on expertise to translate the step-by-step plan into a concrete implementation. In short: a partner like Toreon.