This website uses cookies. By navigating around this site you consent to cookies being stored on your machine

Security of Network and Information Systems (NIS) Directive

Improving cyber resilience for UK critical infrastructure providers.
Security of Network and Information Systems DirectiveIf your organisation provides water, upstream or downstream energy, digital services, transport or healthcare in the EU, the NIS Directive1 affects you. Providers of the essential services that allow a country to function make highly attractive targets for cyber attack.
 
In May 2018 the UK and other EU nations will adopt the EU Network and Information Services Directive (NIS)2 for infrastructure providers to defend against and report attacks.
 
 
Ahead of the Directive becoming UK law in 2018, the UK government is encouraging providers3 of essential services and infrastructure to:
 
  • Adopt 14 high level security principles ranging from governance, through to supply chain and pro-active security monitoring
  • Maintain an incident response regime to separate reporting procedures to relevant authorities of breaches and incidents
  • Be aware of a penalty regime that can administer fines of up to £17m in the most serious cases
 
The UK Government has confirmed that any exit from the EU will not affect this legislation and regulatory regime.
 

How we help - Security of Network and Information Systems Directive:

 

Mobilising your NIS security programme

The NIS Cyber Assessment Framework will be released in Spring 2018, but the high level principles have been published.  Proactive organisations should review their current position against these new requirements.
 
Competent Authorities appointed as a result of the Directive will be able to issue penalties from May where significant compliance problems have been found and it is clear the organisation is not making active efforts to address the problem.
 
BAE Systems can help you understand where you are in relation to the Framework’s principles, and build a programme to ensure your organisation is in the best possible position to ensure compliance and demonstrate progress after the full framework is published in April 2018.
 

 

Security Monitoring

BAE Systems Managed Security Services (MSS) helps you meet the Security Monitoring and Proactive Security Event Discovery requirements of the new NIS Directive framework. We enhance and develop our customers’ security operations in line with their particular challenges and security objectives. Our security monitoring services include:
  • Intelligence led and threat focused detection and response
  • Proactive threat hunting for insider and external threats
  • Industry leading detection analytics
  • Accuracy and speed of response through machine accelerated human decisions
  • Complete infrastructure coverage from endpoint to cloud
  • Access to The latest technology techniques and processes, all supported by our experienced staff
 
All services are delivered by dedicated 24x7 UK-based Security Operations Centre. We’ve defended the networks, data and devices of governments and commercial customers for 40 years – find out how our Managed Security Services can bring that scale, knowledge and capability to your defence.
 
 


Incident Response

When a successful cyber attack hits your network and business processes, we are here to support you. Our cyber incident response teams will help you meet the requirements for Response and Recovery Planning, and has deep technical expertise so that root causes are identified and appropriate remediating action is taken. We help organisations with:
  • Board-level cyber exercises
  • Cyber incident response planning
  • Retained, service-level backed, Incident Response services
 
Find out more about our NCSC-certified Incident Response service.
 
 

 

Supply Chain Assurance

The legislation will require you to understand and manage security risks within your supply chain that may harm the essential services you provide.

Our Supply Chain Assurance services help you identify your critical suppliers, conduct a proportionate level of assessment, and manage and remedial activities on your behalf in an manner that focuses on outcomes. Understand your supply chain and risk exposure.
 
 

 

Ready to talk? Get in touch today to speak to our experts and discuss how we can help your organisation.

 
 
 
 
 
Further information on the NIS Directive:
1National Cyber Security Centre website: Introduction to the NIS Directive