The new NIS directive: when a notion changes everything
A network and information security (NIS) directive is going to be voted at the end of the summer by the executive power of the E.U. But a point of this text rises a lot of objections: the equal treatment for all the digital platform.
The NIS Directive, which was originally proposed by the European commission 2 years ago, is part of an ambitious project of the E.U. about cybersecurity. The purpose is to reduce the threat and risk in the digital field in all the Union’s member states. To reach that goal, this text can be declined in a few elements.
In this directive, we can find the will to standardize the measures at the European level to fight against cyber-criminality.
Each members of the E.U. have to set an authority in charge of questions about network and information security. This administration will give to the country proper tools in order to prevent the activities of hackers. In France, this authority is named “Agence nationale de sécurité des système d’information” also called “ANSSI”.
The directive will increase the co-operation and the co-ordination of the member countries. When a threat is identified, it will be communicated to all the members in order to react quickly to prevent a massive infection of the information systems.
The NIS directives contains another feature which may be the most important one. In any case, this is the element the most spoken about: the security requirement.
In this chapter, the directive asks the national authorities to check the cyber-security systems of public actors and market operators. If everybody agree in the fact that the administrations’ systems has to be checked, a lot of people wonder which market operators will be controlled by a national agency.
Indeed, it can be astonishing to think a national authority could audit a private firm and access by this way to all the informations system of the enterprise.
Nevertheless, when the directive was spoken in 2014, the market operators in question were clearly identified: they were operators of vital importance (OVI). In this expression, you can find actors of transport, energy, banks… But during the 2015’s summer, the bell rang differently. During the negotiation between the European Commission and the Parliament, the notion of “Market Operator” has changed to include the actors of cloud computing, the online search motors, social networks and also the creators of connected objects.
The notion of Market Operator in its new definition is now including a lot of private actors such as Google, Amazon, Facebook… and many other. According to the NIS directive, these actors, but also SMEs, should communicate to the referent authorities every security concern in their systems. It could bring a lot of difficulties to the enterprises, at the reputation level but also at a financial level, as SMEs don’t have the material and human resources to comply with the legal standards.
Yet the text still hasn’t been voted. A new turn of the situation can still be expected…
Promotion 2015 du master 2 Commerce électronique de Strasbourg.
Suite à une licence AES à l’université de Montpellier, il s’est orienté vers une carrière tournée vers le commerce en intégrant le M1 Marketing/Vente de Montpellier
Afin de se donner toutes les chances de réussir et de concilier sa passion et son orientation professionnelle, il entre en 2014 en Master 2 commerce électronique, qui est pour lui le secteur porteur par excellence. Son but à terme étant de créer sa propre entreprise de e-commerce