eduzhai > Applied Sciences > Transportation >

How Safe is Safe Enough? Improving Cybersecurity in Europes Critical Infrastructure Under the NIS Directive

  • Save

... pages left unread,continue reading

Document pages: 47 pages

Abstract: This paper examines the safeguarding and information obligations the NIS Directive imposes on operators of essential services and digital service providers. The Directive aims to ensure that such services are protected from disruption which could impact key economic and societal activities. Under the Directive, organisations need to take ‘appropriate and proportionate’ security measures. In this paper, we look at what this means in practice. We argue that organisations need to identify, assess, and address the cyber risks they face, so as to prevent and minimise service disruptions. Such risk management inevitably entails a level of subjective judgement and difficult trade-offs; leading to a persistent level of legal uncertainty. At the same time, organisations should be accorded significant discretion when translating the Directive’s high-level principles into practice. The regulator’s role is primarily that of ensuring that such discretion is exercised appropriately, including by providing guidance and monitoring compliance. We illustrate these points by looking at cyber risks in the air transport sector and, in particular, the compliance implications of using cloud services.

Please select stars to rate!


0 comments Sign in to leave a comment.

    Data loading, please wait...