-
Featured services
Think beyond the robots
The successful integration of AI and IoT in manufacturing will depend on effective change management, upskilling and rethinking business models.
Read the blog -
Services
Leverage our capabilities to accelerate your business transformation.
-
Services
Network Services
Popular Products
-
Private 5G
Our turnkey private 5G network enables custom-built solutions that are designed around unique use cases and strategies, and deployed, run and optimized through a full network-as-a-service model.
-
Managed Campus Networks
Our Managed Campus Networks services transform campus networks, corporate area networks and interconnected local area networks, and connect smart places and industries.
-
-
Services
Cloud
Popular Products
-
Cloud Architecture and Modernization
Discover how to achieve your business goals through cloud modernization practices, that deliver improved agility, reusability and scalability.
-
Cloud Optimization
Discover how to maximize operational excellence, business continuity and financial sustainability through our cloud-advanced optimization services.
-
-
Services
Consulting
-
-
Services
Data and Artificial intelligence
-
Services
Technology Solutions
Client stories
-
Services
Data Center Services
-
Services
CX and Design
-
Services
Application Services
-
Services
Sustainability Services
-
Services
Digital Workplace
-
Services
Business Process Services
Master your GenAI destiny
We’ll help you navigate the complexities and opportunities of GenAI.
Explore GenAI -
-
-
Insights
Recent Insights
-
The Future of Networking in 2025 and Beyond
-
Using the cloud to cut costs needs the right approach
When organizations focus on transformation, a move to the cloud can deliver cost savings – but they often need expert advice to help them along their journey
-
Make zero trust security work for your organization
Make zero trust security work for your organization across hybrid work environments.
-
-
Master your GenAI destiny
We’ll help you navigate the complexities and opportunities of GenAI.
Explore GenAI -
-
Master your GenAI destiny
We’ll help you navigate the complexities and opportunities of GenAI.
Explore GenAI -
Discover how we accelerate your business transformation
-
About us
CLIENT STORIES
-
Liantis
Over time, Liantis – an established HR company in Belgium – had built up data islands and isolated solutions as part of their legacy system.
-
Randstad
We ensured that Randstad’s migration to Genesys Cloud CX had no impact on availability, ensuring an exceptional user experience for clients and talent.
-
-
CLIENT STORIES
-
Liantis
Over time, Liantis – an established HR company in Belgium – had built up data islands and isolated solutions as part of their legacy system.
-
Randstad
We ensured that Randstad’s migration to Genesys Cloud CX had no impact on availability, ensuring an exceptional user experience for clients and talent.
-
-
CLIENT STORIES
-
Liantis
Over time, Liantis – an established HR company in Belgium – had built up data islands and isolated solutions as part of their legacy system.
-
Randstad
We ensured that Randstad’s migration to Genesys Cloud CX had no impact on availability, ensuring an exceptional user experience for clients and talent.
-
Everest Group PEAK Matrix® Assessment
NTT DATA is a Leader and Star Performer in the Everest Group Sustainability Enablement Technology Services PEAK Matrix® Assessment 2024.
Get the Everest report -
- Careers
Topics in this article
As the 17 October deadline for the Network and Information Systems Directive 2 (NIS2) looms, many organizations – including those in industries that rely on operational technology (OT) to carry out critically important tasks – still have work to do to comply with this new cybersecurity regulation.
The directive aims to improve the cybersecurity of critical infrastructure and essential service providers across the European Union.
Its scope extends to large and medium-sized organizations operating in “very critical” sectors (including energy, transportation, banking, drinking water and government) and “critical” sectors (such as postal and courier services, waste management, chemicals, food and manufacturing). “Direct suppliers” of affected sectors are also affected.
Some of these sectors, like financial services, were not typically included in OT conversations in the past. Organizations in these sectors may therefore be even less prepared than others for the new regulations.
Under NIS2, some organizations are deemed “essential”, regardless of their size, if a security breach affecting their digital infrastructure would have serious consequences. These entities face the highest level of scrutiny, and noncompliance can result in fines of up to €10 million or 2% of their annual revenue.
OT is a weak link in the security chain
OT systems and networks often present major security risks. Some were designed and implemented years ago and may lack the capability to be updated or patched against the latest threats.
When there was a clearer divide between OT and IT, OT was less exposed to cyberthreats. Now, as systems have become more interconnected, outdated and vulnerable OT systems are exposed new risks.
Take an electricity grid, for example. The utility will have a conventional, secure IT network serving the needs of their office workers alongside a massive OT network, which may be poorly secured.
OT systems and networks also tend to be customized or tailored to specific industrial tasks, leading to a lack of standard security practices and protocols across installations.
Why OT system issues are difficult to address
A broader challenge in addressing OT system or network issues is the need for business continuity. In OT environments, the main focus is on maintaining uptime. The cost of shutting down a factory for any length of time to implement OT upgrades may simply be too high.
This can leave organizations reluctant to apply updates or changes that might disrupt their operations – even if these changes are necessary for security.
There’s also often a gap in OT-specific cybersecurity expertise in organizations. At the operational level, traditional IT security skills do not always translate directly to the OT environment. And, in the C-suite, executives need a better understanding of NIS2 and its associated risks so that they can budget for and coordinate an organization-wide implementation.
Business leaders should understand that NIS2 compliance is not a one-off exercise. Once the regulations are in place, organizations will have to assess their security measures regularly to remain compliant.
The requirements of NIS2 compliance
NIS2 introduces rigorous security measures into the OT ecosystem. These include:
- Conducting annual supply-chain risk assessments, defining clear roles and responsibilities, maintaining a risk register, and integrating a threat intelligence feed into an organization’s cybersecurity strategy
- Documenting all assets and network endpoints, implementing robust business continuity and disaster-recovery measures, and putting in place effective crisis management
- Bolstering security measures through awareness and training, well-defined policies and mandatory incident reporting within 24 hours for significant incidents
Securing OT networks also involves implementing multifactor authentication and adopting a zero trust approach to user identities and credentials.
That’s a tall order for just about any organization, made even more daunting by the level of skill required to put all of these measures in place by the NIS2 deadline.
Ask for expert help
The quickest and most reliable way of dealing with NIS2 compliance in your organization is to access the expertise of a managed service provider (MSP) like NTT DATA.
We start by conducting a comprehensive NIS2 readiness assessment to evaluate your current level of compliance and identify gaps. For instance, some OT networks still rely on now-defunct operating systems like Windows 3.1 or Windows 95, which creates serious vulnerabilities – but these need to be identified in a nonintrusive way to minimize business interruptions.
Next, we develop a compliance strategy using frameworks specifically designed for NIS2 compliance.
We can also help you design, implement and integrate your updated security equipment and controls – with minimal interruptions to your operations – and implement continuous monitoring to help you remain compliant over time.
Global expertise for local implementation
Our comprehensive NIS2 compliance assessment is designed to check a range of NIS2-related parameters in your organization and produce a heat map of your level of compliance. This leads to a scoping workshop and a strategic roadmap for moving your organization to full compliance.
Because of our close relationships with cybersecurity solution providers like Fortinet, we can then apply a carefully designed blend of expertise and new technology to secure your OT environment transparently and nonintrusively.
This end-to-end approach is a key benefit of working with NTT DATA. Many other MSPs cannot handle both the consulting and implementation phases of an NIS2 compliance project along with the continuous monitoring of security compliance that should follow implementation.
NTT DATA is also at the forefront of using AI-enabled technologies in cybersecurity – for example, using AI to detect, diagnose and report potential security breaches faster than any human operator can.
Our global reach – we’re in more than 50 countries – makes it easy for us to meet the needs of, say, a large, South America-based manufacturer whose products are made in Asia, assembled in Africa and sold worldwide. We draw on our global expertise and roll out security on the ground, wherever our client needs us.
To ensure proper implementation from the top down, we educate C-level executives and other stakeholders about the implications of NIS2 noncompliance.
This approach not only addresses your immediate NIS2 compliance needs but also lays a foundation for long-term cyber resilience across your OT and IT stacks.
- ALSO READ → Securing success: why cyber resilience is crucial to business resilience and performance
It’s time for decisive action
There is little time left to comply with the NIS2 Directive’s stringent requirements.
We have the expertise you need to meet the directive’s demands, secure your operations and avoid potential fines. Get in touch to see how we can help.
This article includes contributions by Shaun Bergset, Consulting Systems Engineer: Global Alliances and Operational Technology at Fortinet.