Is Your Physical Access Control System Ready for NIS2? Here’s What You Need to Know
Europe’s NIS2 — Addressing the Interconnection of Physical and Digital Security — Is Now in Effect
Our physical and digital worlds are increasingly blurred and the systems supporting them are increasingly intertwined. As cyberattacks continue to rise, companies and governments are realizing that cybersecurity must be addressed on both the physical and digital fronts.
In order to strengthen cybersecurity and protect critical infrastructure, the European Union passed the Network and Information Security 2 (NIS2) Directive. October 17, 2024 marked its implementation date, when EU member states were required to transpose its requirements into law.
An update to the original 2016 NIS Directive, NIS2 requires higher security and reporting obligations than its predecessor, along with higher fines and a widened set of affected industries, including energy, transport, finance, healthcare, utilities, digital infrastructure and public administration. But perhaps the biggest change is the inclusion of supply chains into its scope.
Build Cybersecurity Resilience Into the Entire Chain
In an effort to build effective and lasting cybersecurity resistance, NIS2 emphasizes company-specific assessments and processes rather than a “one-size-fits-all” approach. Because of this, the first step towards compliance for any in-scope organization is to perform and document an operational risk assessment in order to gain a comprehensive understanding of all relevant threats — in particular those that could disrupt their ability to provide essential services.
A critical part of this risk assessment is a focus on any suppliers and service providers, including requesting evidence that they have their own cybersecurity measures in place, which may include copies of their own corporate policies and/or certifications like SOC2 Type 2, ISO 27001 or ISO 27018.
Understanding and accommodating NIS2 may seem like a daunting task, but ultimately, addressing its requirements will make your organization, your customers and all of our shared infrastructure safer and less vulnerable to cyberattack. Start with the risk assessment, document your suppliers’ security readiness, and ensure that your own processes are in place to identify and eliminate any possible vulnerabilities within your organization.
Getting Compliant: Fortify Your PACS Using a Good > Better > Best Framework
Fortifying the cybersecurity of your organization’s physical access control systems involves more than simply evaluating the integrity of the individual components. Part of your NIS2 risk assessment needs to examine how information travels from component to component — and where risk might be introduced. But where to start?
Our new eBook (Is Your Physical Access Control System Ready for NIS2?) outlines specific recommendations for readers, credentials, controllers and access control servers/clients so that your organization can establish a baseline of security and then make further improvements in each of these four main PACS areas of focus.