Industry Responses to the European Directive on Security of Network and Information Systems (NIS): Understanding policy implementation practices across critical infrastructures

Research output: Chapter in Book/Report/Conference proceedingConference Contribution (Conference Proceeding)

47 Downloads (Pure)

Abstract

As traditional legacy systems that run critical national infrastructures (CNI) are increasingly digitized for performance monitoring and efficiency, significant attention has been brought to improving their cyber security. Network and Information Systems Security (NIS) Directive is the first Europeanscale attempt to establish a high standard of cyber security among CNIs. NIS raises questions about defining scope, providing evidence or mobilizing funding. Most importantly, there is the fundamental question whether it would become a tick-box exercise or lead to long-term improvements in security practices. We interviewed 30 cyber security practitioners in the UK to gather an in-depth understanding of NIS implementation and its probable futures. Our analysis found that the emerging field of Operational Technology Security is yet to formulate norms, standards and career trajectories. We are, therefore, at a critical junction, where the scope of the profession is shaping together with the need for evidence-based policy advice. Our findings are twofold: (1) a number of security tropes (e.g., “security solutions are the same across the sectors”), which may drive implementation of regulations such as NIS; (2) a classification of cyber security practices mapping the diversity of policy interpretations. We conclude
with recommendations for policymakers and CNI operators.
Original languageEnglish
Title of host publicationProceedings of the Sixteenth Symposium on Usable Privacy and Security
PublisherUSENIX Association
Pages301-318
Number of pages17
ISBN (Print)978-1-939133-16-8
Publication statusPublished - 10 Aug 2020
EventSymposium on Usable Privacy and Security -
Duration: 9 Aug 202011 Aug 2020
Conference number: 16
https://www.usenix.org/conference/soups2020

Conference

ConferenceSymposium on Usable Privacy and Security
Abbreviated titleSOUPS 2020
Period9/08/2011/08/20
Internet address

Fingerprint Dive into the research topics of 'Industry Responses to the European Directive on Security of Network and Information Systems (NIS): Understanding policy implementation practices across critical infrastructures'. Together they form a unique fingerprint.

Cite this