Enhancing Cybersecurity across Vital Business Sectors – EnCaViBS

Today’s economy, and by this, citizens of the EU, depend on reliable network and information services. Despite a wide selection of technical protection measures being available, attacks on NIS are on the rise in number and impact. The EU’s response under its Cybersecurity Strategy has been the NIS Directive as a legal instrument aiming to ensure that critical IT systems in central sectors of the economy are secure. The analysis whether and how the legal requirements under the new framework match software requirements and vice versa, calls for a joint effort of legal and technical experts. The abstract notions of the NIS Directive requirements are in need of clarification so that compliant products can to be derived and developers can be equipped with guidelines how to meet the legal requirements with the currently available technologies. However, as technology and the law evolve with different speeds, these interpretations and guidelines need to be dynamic. The objective of the EnCaViBS project is the creation of a living commentary to the NIS Directive that is accompanied with a methodology to select the appropriate technological and organisational measures for NIS Directive compliant IT products.

The project structure:

During the initial evidence gathering phase, we analysed to what extent the NIS Directive fits into the wider EU cybersecurity policy. In particular, we evaluated the internal and external coherence of definitions and concepts of the NIS Directive with further EU legal interventions. This analysis resulted in the identification of potential conflicts.

Our interim results in form of papers, presentations and brief summaries will be published on a regular basis on this website along with a living commentary as work in progress.