-
Featured services
Think beyond the robots
The successful integration of AI and IoT in manufacturing will depend on effective change management, upskilling and rethinking business models.
Read the blog -
Services
Nutzen Sie unsere Fähigkeiten, um die Transformation Ihres Unternehmens zu beschleunigen.
-
Services
Network-Services
Beliebte Produkte
-
Private 5G
Unser Cloud-nativer Secure-by-Design-Ansatz gewährleistet eine 24/7-Überwachung durch unsere Global Operations Centers, die Ihre Netzwerke und Geräte auf einer „As-a-Service“-Basis verwalten.
-
Verwaltete Campus-Netzwerke
Unsere Managed Campus Networks Services transformieren Campusnetzwerke, Unternehmensnetzwerke sowie miteinander verbundene lokale Netzwerke und vernetzen intelligente Orte und Branchen.
-
-
Services
Cloud
Beliebte Produkte
-
Services
Consulting
-
Edge as a Service
-
Services
Data und Artificial Intelligence
-
-
Services
Data Center Services
-
Services
Digital Collaboration und CX
-
Services
Application Services
-
Services
Sustainability Services
-
Services
Digital Workplace
-
Services
Business Process Services
IDC MarketScape: Anbieterbewertung für Rechenzentrumsservices weltweit 2023
Wir glauben, dass Marktführer zu sein eine weitere Bestätigung unseres umfassenden Angebotes im Bereich Rechenzentren ist.
Holen Sie sich den IDC MarketScape -
-
Erkenntnisse
Erfahren Sie, wie die Technologie Unternehmen, die Industrie und die Gesellschaft prägt.
-
Erkenntnisse
Ausgewählte Einblicke
-
Die Zukunft des Networking
-
Using the cloud to cut costs needs the right approach
When organizations focus on transformation, a move to the cloud can deliver cost savings – but they often need expert advice to help them along their journey
-
So funktioniert Zero-Trust-Sicherheit für Ihr Unternehmen
Sorgen Sie dafür, dass Zero-Trust-Sicherheit für Ihr Unternehmen in hybriden Arbeitsumgebungen funktioniert.
-
-
Erkenntnisse
Copilot für Microsoft 365
Jeder kann mit einem leistungsstarken KI-Tool für die tägliche Arbeit intelligenter arbeiten.
Copilot noch heute entdecken -
-
Lösungen
Wir helfen Ihnen dabei, den Anforderungen an kontinuierliche Innovation und Transformation gerecht zu werden
Global Employee Experience Trends Report
Excel in EX mit Forschung basierend auf Interviews mit über 1.400 Entscheidungsträger:innen auf der ganzen Welt.
Besorgen Sie sich den EX-Report -
Erfahren Sie, wie wir Ihre Geschäftstransformation beschleunigen können
-
Über uns
Neueste Kundenberichte
-
Liantis
Im Laufe der Zeit hatte Liantis, ein etabliertes HR-Unternehmen in Belgien, Dateninseln und isolierte Lösungen als Teil seines Legacysystems aufgebaut.
-
Randstad
We ensured that Randstad’s migration to Genesys Cloud CX had no impact on availability, ensuring an exceptional user experience for clients and talent.
-
-
-
NTT DATA und HEINEKEN
HEINEKEN revolutioniert die Mitarbeitererfahrung und die Zusammenarbeit mit einem hybriden Arbeitsplatzmodell.
Lesen Sie die Geschichte von HEINEKEN -
- Karriere
Topics in this article
As the 17 October deadline for the Network and Information Systems Directive 2 (NIS2) looms, many organizations – including those in industries that rely on operational technology (OT) to carry out critically important tasks – still have work to do to comply with this new cybersecurity regulation.
The directive aims to improve the cybersecurity of critical infrastructure and essential service providers across the European Union.
Its scope extends to large and medium-sized organizations operating in “very critical” sectors (including energy, transportation, banking, drinking water and government) and “critical” sectors (such as postal and courier services, waste management, chemicals, food and manufacturing). “Direct suppliers” of affected sectors are also affected.
Some of these sectors, like financial services, were not typically included in OT conversations in the past. Organizations in these sectors may therefore be even less prepared than others for the new regulations.
Under NIS2, some organizations are deemed “essential”, regardless of their size, if a security breach affecting their digital infrastructure would have serious consequences. These entities face the highest level of scrutiny, and noncompliance can result in fines of up to €10 million or 2% of their annual revenue.
OT is a weak link in the security chain
OT systems and networks often present major security risks. Some were designed and implemented years ago and may lack the capability to be updated or patched against the latest threats.
When there was a clearer divide between OT and IT, OT was less exposed to cyberthreats. Now, as systems have become more interconnected, outdated and vulnerable OT systems are exposed new risks.
Take an electricity grid, for example. The utility will have a conventional, secure IT network serving the needs of their office workers alongside a massive OT network, which may be poorly secured.
OT systems and networks also tend to be customized or tailored to specific industrial tasks, leading to a lack of standard security practices and protocols across installations.
Why OT system issues are difficult to address
A broader challenge in addressing OT system or network issues is the need for business continuity. In OT environments, the main focus is on maintaining uptime. The cost of shutting down a factory for any length of time to implement OT upgrades may simply be too high.
This can leave organizations reluctant to apply updates or changes that might disrupt their operations – even if these changes are necessary for security.
There’s also often a gap in OT-specific cybersecurity expertise in organizations. At the operational level, traditional IT security skills do not always translate directly to the OT environment. And, in the C-suite, executives need a better understanding of NIS2 and its associated risks so that they can budget for and coordinate an organization-wide implementation.
Business leaders should understand that NIS2 compliance is not a one-off exercise. Once the regulations are in place, organizations will have to assess their security measures regularly to remain compliant.
The requirements of NIS2 compliance
NIS2 introduces rigorous security measures into the OT ecosystem. These include:
- Conducting annual supply-chain risk assessments, defining clear roles and responsibilities, maintaining a risk register, and integrating a threat intelligence feed into an organization’s cybersecurity strategy
- Documenting all assets and network endpoints, implementing robust business continuity and disaster-recovery measures, and putting in place effective crisis management
- Bolstering security measures through awareness and training, well-defined policies and mandatory incident reporting within 24 hours for significant incidents
Securing OT networks also involves implementing multifactor authentication and adopting a zero trust approach to user identities and credentials.
That’s a tall order for just about any organization, made even more daunting by the level of skill required to put all of these measures in place by the NIS2 deadline.
Ask for expert help
The quickest and most reliable way of dealing with NIS2 compliance in your organization is to access the expertise of a managed service provider (MSP) like NTT DATA.
We start by conducting a comprehensive NIS2 readiness assessment to evaluate your current level of compliance and identify gaps. For instance, some OT networks still rely on now-defunct operating systems like Windows 3.1 or Windows 95, which creates serious vulnerabilities – but these need to be identified in a nonintrusive way to minimize business interruptions.
Next, we develop a compliance strategy using frameworks specifically designed for NIS2 compliance.
We can also help you design, implement and integrate your updated security equipment and controls – with minimal interruptions to your operations – and implement continuous monitoring to help you remain compliant over time.
Global expertise for local implementation
Our comprehensive NIS2 compliance assessment is designed to check a range of NIS2-related parameters in your organization and produce a heat map of your level of compliance. This leads to a scoping workshop and a strategic roadmap for moving your organization to full compliance.
Because of our close relationships with cybersecurity solution providers like Fortinet, we can then apply a carefully designed blend of expertise and new technology to secure your OT environment transparently and nonintrusively.
This end-to-end approach is a key benefit of working with NTT DATA. Many other MSPs cannot handle both the consulting and implementation phases of an NIS2 compliance project along with the continuous monitoring of security compliance that should follow implementation.
NTT DATA is also at the forefront of using AI-enabled technologies in cybersecurity – for example, using AI to detect, diagnose and report potential security breaches faster than any human operator can.
Our global reach – we’re in more than 50 countries – makes it easy for us to meet the needs of, say, a large, South America-based manufacturer whose products are made in Asia, assembled in Africa and sold worldwide. We draw on our global expertise and roll out security on the ground, wherever our client needs us.
To ensure proper implementation from the top down, we educate C-level executives and other stakeholders about the implications of NIS2 noncompliance.
This approach not only addresses your immediate NIS2 compliance needs but also lays a foundation for long-term cyber resilience across your OT and IT stacks.
- ALSO READ → Securing success: why cyber resilience is crucial to business resilience and performance
It’s time for decisive action
There is little time left to comply with the NIS2 Directive’s stringent requirements.
We have the expertise you need to meet the directive’s demands, secure your operations and avoid potential fines. Get in touch to see how we can help.
This article includes contributions by Shaun Bergset, Consulting Systems Engineer: Global Alliances and Operational Technology at Fortinet.