Industry Responses to the European Directive on Security of Network and Information Systems (NIS): Understanding policy implementation practices across critical infrastructures

Research output: Chapter in Book/Report/Conference proceedingConference Contribution (Conference Proceeding)

3 Citations (Scopus)
82 Downloads (Pure)

Abstract

As traditional legacy systems that run critical national infrastructures (CNI) are increasingly digitized for performance monitoring and efficiency, significant attention has been brought to improving their cyber security. Network and Information Systems Security (NIS) Directive is the first Europeanscale attempt to establish a high standard of cyber security among CNIs. NIS raises questions about defining scope, providing evidence or mobilizing funding. Most importantly, there is the fundamental question whether it would become a tick-box exercise or lead to long-term improvements in security practices. We interviewed 30 cyber security practitioners in the UK to gather an in-depth understanding of NIS implementation and its probable futures. Our analysis found that the emerging field of Operational Technology Security is yet to formulate norms, standards and career trajectories. We are, therefore, at a critical junction, where the scope of the profession is shaping together with the need for evidence-based policy advice. Our findings are twofold: (1) a number of security tropes (e.g., “security solutions are the same across the sectors”), which may drive implementation of regulations such as NIS; (2) a classification of cyber security practices mapping the diversity of policy interpretations. We conclude
with recommendations for policymakers and CNI operators.
Original languageEnglish
Title of host publicationProceedings of the Sixteenth Symposium on Usable Privacy and Security
PublisherUSENIX Association
Pages301-318
Number of pages18
ISBN (Electronic)9781939133168
ISBN (Print)978-1-939133-16-8
Publication statusPublished - 10 Aug 2020
Event16th Symposium on Usable Privacy and Security, SOUPS 2020 - Virtual, Online
Duration: 10 Aug 202011 Aug 2020

Publication series

NameProceedings of the 16th Symposium on Usable Privacy and Security, SOUPS 2020

Conference

Conference16th Symposium on Usable Privacy and Security, SOUPS 2020
CityVirtual, Online
Period10/08/2011/08/20

Bibliographical note

Funding Information:
This work was supported by RITICS grant “How many shades of NIS? Understanding Organizational Cybersecurity Cultures and Sectoral Differences”.

Publisher Copyright:
© 2020 by The USENIX Association.

Fingerprint

Dive into the research topics of 'Industry Responses to the European Directive on Security of Network and Information Systems (NIS): Understanding policy implementation practices across critical infrastructures'. Together they form a unique fingerprint.

Cite this