What’s next for the NIS Directive? Extending the community of interest to better understand the “Indicators of Good Practice”

Project Details


Project Vision: Since 2018, the European Union member states and the UK have been working on implementing the Network and Information Systems Security (NIS) Directive. The literature analysing the framing of NIS (Michels and Walden, 2018, Wallis and Johnson, 2020) points at two main policy concerns: (i) the operators will fail to share or disclose information about cybersecurity measures and breaches and, as a result, (ii) we will lack the understanding of co-dependencies (i.e. how security issues impact other areas of business). Our recent work through RITICS on NIS implementation (Michalec et al, 2020 and 2021) confirms that both the goals of NIS and OT security issues are poorly understood outside of the narrow circle of experts. In particular, the Indicators of Good Practice (IGP) need further refining to better illustrate the progress in maturity (ibid.). We, therefore, need to build a community of both cyber experts and non-technical business leaders to enable translation between security and operational concerns and, as a result, make better decisions about cyber security in its broader organisational context. Our community of interest (COI) will work together to draw a roadmap for an improved version of IGPs and cyber maturity assessments, suggesting a range of approaches inspired from ‘agile’ (NCSC, 2017) and ‘anticipatory’ (Carr and Lesniewska, 2020) regulation paradigms. COI will test them in the future iterations of NIS and communicating training needs for the Operators of Essential Services. In addition to the policy roadmap, we will draw a NIS R&D strategy outlining a set of research questions and matching research institutions with industry needs.

Layman's description

This project aims to build a community of interest around practitioners working on the major cyber security directive in the critical infrastructure sectors.
Alternative titleWhat's next for the NIS Directive?
Effective start/end date1/10/211/03/22


Explore the research topics touched on by this project. These labels are generated based on the underlying awards/grants. Together they form a unique fingerprint.