NIS2: Enhancing Cybersecurity for Pulp & Paper Companies
Andritz and OTORIO’s solution for OT cyber risk management supports your efforts for compliance with the NIS2 Directive. Our automation and cybersecurity experts can help you take the next steps toward OT security and compliance wherever you are in your journey. OTORIO’s industrial native platform empowers OT security practitioners to proactively mitigate risks and collaborate with stakeholders from different disciplines for maximum efficiency.
The NIS2 Directive is a legislative framework established by the EU to enhance the cybersecurity and resilience of critical infrastructure sectors. It replaces and extends the first NIS Directive from 2016, which was established to ensure a high level of security across the Member States. The NIS2 Directive addresses the following objectives:
• Strengthen the security requirements
• Secure the supply chains
• Streamline reporting obligations
• More stringent supervisory measures
• Stricter enforcement requirements
• Harmonized sanctions across the EU
EU Member States will have to transpose NIS2 into their national legislation by October 17, 2024.
The NIS2 Directive distinguishes between Essential and Important entities:
• Essential entities - include several sectors such as Energy, Transport, Water, and more, or any enterprise with a headcount over 250 or more than 50 million in revenue.
• Important entities - include Manufacturing, Chemicals, Gas, Food, and more, or enterprises with a headcount over 50 or more than 10 million in revenue.
To ensure operational resilience based on the NIS2 guidelines and avoid significant financial impact due to lack of compliance, it is important to start implementing the needed measures before the NIS2 Directive takes effect on your business. Pulp & Paper mill operators should adhere to compliance with the NIS2 Directive requirements by implementing a cybersecurity strategy that addresses the following areas:
• Asset and network visibility
• Operational risk management
• Supply chain security and access management
• Protection against cyber-attack
• Incident and crisis management
• Response and recovery planning
Implementing the needed security controls and processes can be highly challenging in complex, multi-vendor, multi-generation, geographically spread Mills, where accelerated digitization, connectivity, and third party access are essential for efficiency and competitiveness. Pulp & Paper operations risk management leaders need to establish an integrated OT security strategy that involves establishing suitable processes, using technological tools that support the security strategy, and collaboration between cross-domain stakeholders.