How does NIS2 effect Network Mapping?

The European Union adopted an update to the NIS cybersecurity directive to address current cybersecurity vulnerabilities and issues. The Network and Information Systems Directive (NIS2) was adopted on January 16th, 2023.

Even though it was adopted in January, member countries have until October 17th , 2024, to meet it’s requirements. In the network mapping aspect NIS2 changes requirements for organizations in the following ways:

1. Increased Security Requirements:

NIS2 require companies to improve their network infrastructure security by having up-to-date Layer 2 network maps. Regular audits and review of these maps are required.

2. Network Transparency:

Companies are required to be more transparent about their network structures, especially if they are in critical sectors. They are required to share network maps with government agencies.

3. Incident Reporting:

In the event of a security breach or incident, companies will need to provide detailed network maps to investigators to help trace the origin and impact of the attack.

4. Risk Assessment:

Companies will be required to conduct regular risk assessments of their networks. Network maps will play a fundamental role in these assessments.

5. Integration with Other Regulations:

With the introduction of NIS2, companies might find themselves juggling multiple regulatory requirements, including GDPR and HIPAA. Network maps will help ensure that the organization is compliant with all regulations.

6. Vendor and Third-party Partners:

Companies are required to confirm that their vendors and third-party partners comply with NIS2 requirements. This will require receiving network maps from these entities to ensure that the entire ecosystem is secure. Vendors and third-party partners can use a network map tool to create network maps.

7. Increased Costs:

The need for regular updates, audits, and potentially more detailed network maps will increase costs for companies. NIS2 recommends investing in more sophisticated network map software, network map designer or hiring experts to ensure compliance.

8. Training and Awareness:

With the introduction of NIS2, there will be a need for increased training and awareness among staff. Employees will need to be trained on creating a network map, the importance of network maps and their role in ensuring regulatory compliance.

Conclusion

NIS2 regulations, which went into effect on January 16, 2023, are focused on several cybersecurity issues, including how companies manage, maintain, and share their network maps. These network maps can be made by a network map tool, network map generator, free network map software or by a consultant. Companies will need to be proactive in adding/updating their current network map generator and ensure they meet the new legal requirements.