What is the NIS2 standard?
Starting in summer 2024, the Network and Information Security (NIS2) standard will come into effect, bringing significant changes to strengthen the protection of critical infrastructure. As a reminder, the latter adds its share of constraints and sanctions for the industrial :
- Obligation to compliance : Companies will need to comply with the security measures set out in the NIS2 standard. They will have to put in place incident detection and response systems, manage vulnerabilities and protect sensitive data.
- Responsibility of its subcontractors : Increased vigilance will be exercised on subcontractors in terms of cybersecurity. They will need to meet the strict requirements of the NIS2 standard, ensuring a consistent level of security throughout the supply chain.
- Financial sanctions in the event of non-compliance - (approx. 2 to 4% of turnover): Companies that do not comply with the NIS2 standard will be subject to sanctions, including financial fines. It is essential to take proactive measures to ensure compliance and avoid such consequences.
- Holistic approach to cybersecurity 𝗜𝗧 𝗲𝘁 𝗢𝗧: Companies will need to adopt measures to prevent, detect, respond and recover from cyber incidents across IT and OT perimeters.
It is therefore necessary to think about your OT/IT convergence strategy now!
Why work for OT/IT convergence?
Today, the need for production data (OT) real time is done more and more urgent for operational staff. This is normal, this data makes it possible to serve the 𝗼𝗯𝗷𝗲𝗰𝘁𝗶𝗳𝘀 of 𝗽𝗿𝗼𝗱𝘂𝗰𝘁𝗶𝗼𝗻, 𝗾𝘂𝗮𝗹𝗶𝘁𝗲́ , 𝗺𝗮𝗶𝗻𝘁𝗲𝗻𝗮𝗻𝗰𝗲 or even 𝗲́𝗰𝗼-𝗲𝗳𝗳𝗶𝗰𝗶𝗲𝗻𝗰𝗲.
Meanwhile, the IT department tends to close the doors to the maximum for protect the integrity From the factory. This is normal, its role is to ensure the safety of the run.
So that multiple drivers come into being: they are simple and quick to be implemented, respond to a specific use case and report the data directly into the cloud, often without the knowledge of the IT department (via IoT 4G & VPN for example).
How can driver strategy pose a problem?
In general
- Prevents the work of contextualization and of formatting necessary to master production data before their use.
- Reproduced THE data silos And slows down the deployment of use cases who would need it.
- Slows down strongly scaling up.
- Compromises system integrity and production.
And if we add into the equation the 𝘀𝗽𝗲́𝗰𝗶𝗳𝗶𝗰𝗶𝘁𝗲́𝘀 𝗱𝗲 𝗹'𝗢𝗧
- Multiplicity of specific protocols, real time, determinism, no downtime
- Physical update potentially required
- Equipment often not recorded (on average 30% of the fleet unknown)
- Machines communicating via deprecated/exotic protocols that no longer run on up-to-date operating systems.
We understand that this further weakens the factory system which was already under tension.
It is therefore essential to take up these subjects and begin a real IT-OT convergence process by bringing teams who did not necessarily speak to each other before to build a secure and scalable infrastructure that meets business needs and to the challenges of the “factory of the future”.
And you, how do you prepare for this paradigm shift?
