From KRITIS to NIS-2: A New Standard

ByChristopher Stengel

The digital world is evolving at breakneck speed, and cybercriminals are becoming increasingly sophisticated. It is high time we equipped our systems with state-of-the-art protective mechanisms: NIS-2, the new cybersecurity framework. This framework is designed to better meet the challenges of today and provides comprehensive protection.

At first glance, NIS-2 may seem similar to KRITIS, as both aim to prepare companies against cyberattacks. However, NIS-2 offers broader and more detailed security measures.

Differences Between KRITIS and NIS-2

Broader Scope: While KRITIS covers specific sectors such as energy or transport, NIS-2 is targeted at all companies and organizations looking to enhance their IT security.

Zero Trust Principle: NIS-2 is based on the Zero Trust approach, which relies on continuous verification and control to prevent unauthorized access.

Enhanced Requirements: NIS-2 defines clear measures for risk assessment, incident response, and supply chain security, going beyond the requirements of KRITIS.

NIS-2 in Action: Preventing the SolarWinds Hack

The SolarWinds hack of 2020 is a striking example of the devastating consequences of inadequate cybersecurity. Cybercriminals compromised the software updates of the IT management company SolarWinds and used them to deploy malware into thousands of networks worldwide. US government agencies and major companies were among those affected. The attackers remained undetected for months, gaining extensive access to sensitive data and systems, highlighting the need for modern and robust security measures like NIS-2. With NIS-2, the following measures might have prevented the damage:

  • Proactive Risk Assessment: Regular assessments would have identified vulnerabilities early.
  • Zero Trust: Strict access controls would have prevented attackers from accessing sensitive data.
  • Rapid Incident Response: Well-defined processes would have enabled a more effective response to the incident.

Benefits of NIS-2

  • Increased Security: Reduces the risk of cyberattacks and data theft.
  • Better Resilience: Faster recovery from IT incidents.
  • Trust Building: Higher security levels for customers and partners.
  • Competitive Advantage: Security-conscious companies attract customers and investors.

Legal Framework

  • EU NIS Directive: NIS-2 helps meet the requirements of the EU NIS Directive.
  • KRITIS Regulation: Companies covered by the KRITIS regulation can use NIS-2 to meet the requirements.

Identity and Access Management (IAM) and NIS-2

Although not explicitly mentioned, IAM is essential for meeting the requirements of NIS-2. An effective IAM system ensures that only authorized users have access to critical data and systems.

Conclusion

NIS-2 sets a new standard in cybersecurity. With comprehensive security measures and clear guidelines, it offers companies the opportunity to significantly improve their IT security and protect themselves against the growing threats of the digital world.

Avatar photo

My professional journey began as a mechanical engineer, where I consistently employed a risk-based approach to develop safety-compliant solutions. This deep engagement with security and risk management gradually led me into the IT field. Today, I specialize in data security and identity & access management, with a particular focus on Microsoft Azure and SAP environments. This blend of engineering expertise and IT proficiency enables me to create and implement customized, secure solutions for a wide range of industries. Discover more about my expertise and how I can support your business.