Thought Leadership

Preparing for NIS 2

By Spencer Acain

In a recent series of talks, host Michael Metzler, VP of Horizontal Management Cybersecurity for Digital Industries Siemens AG, sat down with Katrin Witte, Senior Legal Counsel for Siemens Digital Industries to discuss the impact of the EU’s impending NIS 2 directive. This directive is poised to have a huge impact on the way not just European companies, but any company that does business in Europe will need to prepare themselves to handle and respond to cyber threats. Check out the recording of Katrin and Michael’s talk here, or keep reading for some key insights on the effects of NIS 2.

NIS 2 is the latest cybersecurity directive from the European Union set to go into effect in October 2024 for all companies operating within the EU. Compared to the previous NIS directive, NIS 2 is set to impose stricter obligations on incident reporting, management, and preventative measures as well as spell out the powers of national supervisory authorities to a greater degree. While this set of directives intends to hold all companies to a high standard of readiness for cyberattacks, it also includes provisions to hold company management personally liable in the incidence of rule violations. Companies must now be more prepared than ever to handle cyberattacks under these regulations, making it vitally important to understand and mitigate risks at every level, especially for regulated industries like manufacturing.

Cyberattacks on industrial enterprises are on the rise. However, a major challenge in addressing them is the lack of visibility into the security status of industrial control systems leads to increased cyber risk. Late detection of industrial cybersecurity incidents results in plant downtime and additional recovery costs. In addition, regulated industries are required to report security incidents within a strict timeframe. To address this, smart software integrated from the factory floor up can monitor network traffic, create a baseline of normal operations, and detect anomalies deviating away from that baseline. This enables companies to react quickly and address threats at an early stage before they become a major problem and comply with NIS 2 directives when it comes to cybersecurity risk management.

Preparation and mitigation are key elements in dealing with cyberattacks, but being prepared to deal with the aftermath of a major incident is equally important, especially when it comes to restoring critical data and infrastructure. Industrial plants are typically distributed, sometimes across national boundaries. Maintenance and recovery from incidents in an operational distributed industrial plant must be performed without delay to avoid downtime for operations and services. By developing a secure, comprehensive network that spans multiple physical locations, critical data and systems can be restored remotely from secured backups even in the event of a catastrophic attack, insuring minimal down time and the security of company and customer information.

Cybersecurity doesn’t start and end with a single factory or office, building a robust supply chain is a key factor as well. This includes integrating cyber-secure components into finished products, ensuring that all applications involved in the process adhere to security standards, and being able to rely on service providers in times of crisis. As manufacturers are also part of the supply chain, it’s vital to establish a chain of trust through best practices that lead to cyber resilience. Incorporating robust supply chain and product security measures throughout the lifecycle can help meet new laws and regulations and set high standards to thrive in a competitive industrial landscape.

Digitalization is a vital next step in the evolution of industry, but it can also leave companies more exposed to cyberattacks and other digital threats. To address these challenges, companies must take a proactive approach not just to monitoring and prevention but also by being ready to respond to a cyberattack quickly and efficiently. With NIS 2 poised to bring harsher penalties and stricter requirements for all companies operating within the EU, it is more important than ever for companies to ensure they are ready to meet the challenges of cybersecurity and reap the benefits of digitalization.

Siemens Digital Industries Software helps organizations of all sizes digitally transform using software, hardware and services from the Siemens Xcelerator business platform. Siemens’ software and the comprehensive digital twin enable companies to optimize their design, engineering and manufacturing processes to turn today’s ideas into the sustainable products of the future. From chips to entire systems, from product to process, across all industries. Siemens Digital Industries Software – Accelerating transformation.

Leave a Reply

This article first appeared on the Siemens Digital Industries Software blog at