NIS 2 Directive and Cybersecurity in Water Industry

This white paper discusses the NIS 2 Directive and its implications for cybersecurity in operational technology (OT) within the water industry. It outlines the increasing threat of cyber-attacks faced by water utilities, emphasizing the critical need for enhanced cybersecurity measures. The paper details the key components of the NIS 2 Directive, which aims to establish minimum standards for cybersecurity across the European Union, requiring member states to transpose the directive into national law by October 2024. It highlights significant changes from the previous NIS Directive, including the inclusion of wastewater utilities as critical entities and the introduction of stricter risk management and reporting obligations. The document also addresses the accountability of company leadership and the importance of proactive risk management practices. Additionally, it provides technical recommendations for system integrators and product vendors, emphasizing the necessity for compliance with recognized cybersecurity standards. The paper concludes with a call for immediate preparations by water utilities to meet the new legislative requirements.