Partner Solutions

NIS2: Enhancing Cybersecurity for Pulp & Paper Companies

Andritz and OTORIO’s solution for OT cyber risk management supports your efforts for compliance with the NIS2 Directive. Our automation and cybersecurity experts can help you take the next steps toward OT security and compliance wherever you are in your journey. OTORIO’s industrial native platform empowers OT security practitioners to proactively mitigate risks and collaborate with stakeholders from different disciplines for maximum efficiency.

What is the NIS2 Directive?

The NIS2 Directive is a legislative framework established by the EU to enhance the cybersecurity and resilience of critical infrastructure sectors. It replaces and extends the first NIS Directive from 2016, which was established to ensure a high level of security across the Member States. The NIS2 Directive addresses the following objectives:

• Strengthen the security requirements

• Secure the supply chains

• Streamline reporting obligations

• More stringent supervisory measures

• Stricter enforcement requirements

• Harmonized sanctions across the EU

EU Member States will have to transpose NIS2 into their national legislation by October 17, 2024.

Who is affected by NIS2

The NIS2 Directive distinguishes between Essential and Important entities:

Essential entities - include several sectors such as Energy, Transport, Water, and more, or any enterprise with a headcount over 250 or more than 50 million in revenue.

Important entities - include Manufacturing, Chemicals, Gas, Food, and more, or enterprises with a headcount over 50 or more than 10 million in revenue.

How to prepare for NIS2

To ensure operational resilience based on the NIS2 guidelines and avoid significant financial impact due to lack of compliance, it is important to start implementing the needed measures before the NIS2 Directive takes effect on your business. Pulp & Paper mill operators should adhere to compliance with the NIS2 Directive requirements by implementing a cybersecurity strategy that addresses the following areas:

• Asset and network visibility

• Operational risk management

• Supply chain security and access management

• Protection against cyber-attack

• Incident and crisis management

• Response and recovery planning

Implementing the needed security controls and processes can be highly challenging in complex, multi-vendor, multi-generation, geographically spread Mills, where accelerated digitization, connectivity, and third party access are essential for efficiency and competitiveness. Pulp & Paper operations risk management leaders need to establish an integrated OT security strategy that involves establishing suitable processes, using technological tools that support the security strategy, and collaboration between cross-domain stakeholders.

Read the solution brief to understand how OTORIO and Andritz help you turn strategy into actions.