Why NIS2 is set to become a ‘cornerstone’ of cybersecurity

21 Jun 2024

Andrew Lintell. Image: Claroty

Claroty’s Andrew Lintell discusses how he and his team are focusing on the EU’s NIS2 directive, and what impacts the legislation will have on the IT and OT landscapes.

Andrew Lintell is the general manager for the EMEA region at cybersecurity company Claroty. Lintell has extensive experience in the cybersecurity sector, including working in senior positions across companies such as Kaspersky Lab, HID Global, and LogPoint.

In his current role at Claroty, Lintell leads strategic initiatives and focuses on driving the adoption of the company’s operational technology (OT) solutions across industrial, healthcare, commercial and government sectors.

Click here to listen to Future Human: The Series.

One crucial focus for Lintell at the moment is the EU’s introduction of the NIS2 directive, a legislative act that aims to improve cybersecurity standards across the EU. First proposed by the European Commission in 2020, NIS2 seeks to ensure that EU member states employ appropriate measures to manage cyberthreats and to minimise the impact of cyberattacks.

“This directive increases the pressure on critical infrastructure entities to mitigate regulatory risks and enhance resilience,” explains Lintell.

What are some of the biggest challenges you’re facing in the current IT landscape and how are you addressing them?

One of the biggest challenges we face in the current IT/OT landscape is the complexity and ambiguity of regulation. Many businesses find recent, enhanced regulations difficult to interpret and prioritise, making compliance a daunting task. To address this, at Claroty we focus on breaking down the rules into manageable parts, helping our clients understand the aspects most critical to their specific operations. We provide continuous support through regular audits, training sessions and updates on the latest cybersecurity trends.

Additionally, we emphasise the importance of interorganisational partnerships, encourage sharing insights and best practices. This teamwork not only helps with compliance but also boosts overall security readiness. By walking our clients through the details of NIS2, we aim to turn what seems like a confusing mess into a clear and proactive security plan.

What are your thoughts on digital transformation in a broad sense within your industry?

Digital transformation is an intrinsic part of our focus on cyber-physical system (CPS) security. As industries increasingly integrate digital technologies into their operations, the need for robust cybersecurity measures becomes more important. As an example, the shift from traditional, centralised power generation to distributed renewable energy sources, such as solar and wind farms, exemplifies this transformation.

These assets, often in remote locations, need robust security measures due to their critical nature and potential vulnerabilities. While some sectors, like the electrical grid in the US, are mandated to be strictly air-gapped and use on-premise solutions, ensuring their protection against cyberthreats remains crucial.

At Claroty, we secure connected environments by providing solutions for the safe integration of digital technologies into industrial operations. Our approach includes comprehensive asset discovery, continuous monitoring and threat detection tailored to industrial control systems and OT environments.

We also emphasise ongoing education and awareness, offering regular training sessions to keep our clients updated on the latest cybersecurity trends and best practices. By combining advanced technological solutions with a proactive, educational approach, we help our clients navigate the complexities of digital transformation while maintaining robust security postures, ensuring they can fully leverage the benefits of digital technologies without compromising security.

‘NIS2 pushes organisations to prioritise cybersecurity at the highest levels’

Sustainability has become a key objective for businesses in recent years. What are your thoughts on how this can be addressed from an IT perspective?

Embracing digital transformation drives efficiency, which in turn supports sustainability efforts. By streamlining operations and improving resource management, digital technologies help organisations reduce waste and optimise performance. This is becoming a key board and investor metric.

In addition, fostering an open dialogue and collaboration within the industry is crucial. By sharing cybersecurity insights and best practices, organisations can strengthen their defences and ensure consistent security measures, promoting a resilient cybersecurity posture that supports both operational efficiency and sustainability.

What big tech trends do you believe are changing the world and your industry specifically?

As mentioned, the NIS2 is one of the biggest things on our horizon right now for our EMEA operations, and it represents a major shift in the approach to cybersecurity for critical infrastructure.

What interests me most about NIS2 is its potential to standardise and elevate OT cybersecurity practices across the industry. By setting clear, stringent requirements, NIS2 pushes organisations to prioritise cybersecurity at the highest levels. This directive promotes sharing intelligence and best practices, fostering a collaborative approach to tackling cyberthreats.

NIS2 not only strengthens the security of individual organisations but also enhances the overall resilience of critical infrastructure. By driving a unified, proactive approach to cybersecurity, NIS2 is set to become a cornerstone of our industry’s future.

What are your thoughts on how we can address the security challenges currently facing your industry?

Tackling the security challenges in our industry means following a solid OT cybersecurity plan built on recognised best practices and guidelines. These plans give organisations effective strategies to protect their CPS and ensure everyone, from employees to stakeholders, are on the same page by using a common language and validated measures.

Promoting open dialogue and collaboration is essential. Sharing cybersecurity insights within an organisation and with external partners fosters strong partnerships and helps identify vulnerabilities. This culture of openness allows companies to assess their security protocols and determine the best practices for their unique operational contexts.

Sharing information openly helps foster honest discussions about the best security measures, building trust and forming strategic partnerships within the industry. Following best practices, meeting regulatory requirements, and focusing on both cyber and operational resilience are essential for success.

Find out how emerging tech trends are transforming tomorrow with our new podcast, Future Human: The Series. Listen now on Spotify, on Apple or wherever you get your podcasts.