Article   November 09 2023

The transport sector - what’s new with NIS2?

With a wider coverage of sectors, stricter requirements for risk management and incident reporting and more hard-hitting penalties for non-compliance, the new NIS2 directive is the most comprehensive European cybersecurity directive yet. The transport sector is considered an essential sector under the coming NIS2 directive because any major interruption in it could cause destructive ripple effects throughout society.

Information security
Lorry cargo

Image: (royalty free)

Covering everything from urban public transportation systems to rural roads and inter-regional air travel, the transport sector is one of the cornerstones of modern society and the economy.
Europe’s transport sector is responsible for delivering the infrastructure and services that bring people and businesses together. The transport sector as a key component to the European economy is also acknowledged by threat actors. The sector is facing a wide range of cybersecurity challenges, such as ransomware attacks leading to a tangible supply chain vulnerability, through threats to safety systems and the vast use of connected devices. Due to historically limited security investments and insufficient employee training, the sector is now facing a skills gap and an increased risk of human error, such as falling for phishing scams or not following best practices.
The transportation sector will likely be severely affected by the NIS2 Directive. As a sector that uses a large amount of operational technology, just safeguarding supply chains will be a huge implication as well as protecting real-time data exchange and delivering on a higher level on the operational technology security. All of this will lead to a greater need for higher investments in a shorter perspective, but the increased investment is meant to result in a more secure and resilient industry in the long run, with competitive advantages for companies that are able to invest.

Awareness training – one of 10 key cyberhygiene measures

The NIS2 directive requires that the transport sector and other essential and important entities implement 10 baseline security measures to address specific forms of likely cyberthreats.
  • Risk assessments and security policies for information systems. 
  • Policies and procedures for evaluating the effectiveness of security measures. 
  • Policies and procedures for the use of cryptography . 
  • A plan for handling security incidents. 
  • Security around the procurement of systems and the development and operation of systems.  
  • Security procedures for employees with access to sensitive or important data.  
  • A plan for managing business operations during and after a security incident. 
  • The use of multi-factor authentication. 
  • Security around supply chains and the relationship between the company and direct supplier.  
  • Cybersecurity training and a practice for basic computer hygiene. 
Cybersecurity training is not only ‘on the list’. It’s a well-known fact that awareness training is an essential part in creating the organisational security culture needed for organisations to be compliant with many of the other security measures mandated by NIS2. Without awareness training all year round, many of the operational procedures will eventually fail – due to human errors.
Our new updated 2024 editions of Information Security Awareness training is targeting all employees, managers, executives and boards and is one part of being NIS2 compliant.  
Or why not kickstart with our NIS2 Introdution course? This will give your management a better understanding of what your organisation need to be NIS2 compliant.
Article   November 09 2023