AIOTI Feedback on revised Network and Information Security Directive
Security of and related to IoT ecosystems is one of the main trust components that AIOTI is and has been focussing on since it was founded. A substantial part of IoT ecosystems are already, or will become part of critical infrastructure, vital systems and essential services.
IoT is one of the main areas where physical and digital realities meet. Thus, the relationship between IoT and cybersecurity is crucial from the security point of view where a holistic perspective that includes a joint approach to physical, cyber-physical and digital security is required.
On 16 December 2020 the Commission adopted the proposal for a revised Directive on Security of Network and Information Systems (NIS2 Directive). The rationale behind the revision is to address deficiencies and limitations in its predecessor, the NIS Directive, both as per the dynamic pace of digital transformation which has broadened the take up of cloud, edge and IoT capabilities, the related expansion of the attack surface for adversaries and increasingly complex threat landscape, which requires more adaptive and innovative responses as well as without limitation that despite progress under EU rules, cybersecurity capabilities across the EU remain unequal and otherwise result in insufficient protection against cyber threats.
AIOTI therefor supports the intended objectives a revised draft NIS2 Directive, welcomes the possibility to provide feedback, and in the following paragraphs will expand on areas of the proposals that would require further clarification and that can otherwise further improve the current proposals in order to be able to achieve and continuously sustain the appropriate level of security in critical infrastructure, vital systems and essential services in general, and IoT security in particular.
Regarding IoT Security, in 2016 and 2017 AIOTI together with the Commission, ENISA and other relevant AIOTI members and other stakeholders has organised two workshops in which these and related topics has been extensively discussed and resulted in outcomes as published in two reports, which are encouraged to be taken good notice of and form the basis of the observations made.
The full document could be found here.