The European Union introduced legislation (the NIS directive) that became active on November 9, 2018. The goal of the Network and Information Security (NIS) directive 2016/1148 is to boost the overall security in the EU, with a focus on increasing the security level of organisations involved in critical infrastructure.
Based on the NIS directive 2016/1148, each EU member state has introduced local legislation that implements the directive into local law. This implies that organisations that must adhere to the legislation, must implement cyber security measures within their organisation. The international cyber security standard IEC 62443 can provide the framework to implement cyber security within the Industrial Automation and Control Systems (IACS) domain.
Framework for development and implementation
Within the IEC 62443, the standard IEC 62443 2-1 provides the framework for the development and implementation of a Cyber Security Management System (CSMS) in order to integrate cyber security within a tank terminal organisation. Hudson Cybertec has thorough experience supporting organisations with the development and implementation of a CSMS. The management system is tailored to each organisation’s specific requirements.
In order to implement a CSMS it is important to know where the organisation stands at this moment regarding cyber security. Therefore, we advise to start with a zero-measurement security assessment. This gives the organisation a clear view of what its weaknesses are and allows it to define and focus on those aspects of cyber security that need to be remediated first. In addition, it allows the organisation to identify so called ‘quick wins’ that can be easily implemented without too much effort.
The development and implementation of a CSMS can take several years depending on different factors. Such an implementation requires a structured approach. To ensure the success of the development and implementation of the CSMS, organisations often ask Hudson Cybertec for help. We provide everything from ad-hoc support to an organization on one end to a full-service package where we provide a COSO who will manage the development and implementation of a CSMS. Once a CSMS is established, it needs to be maintained in order to be effective.
The implementation of a CSMS helps tank terminal organisations to manage, integrate and maintain cyber security and as such comply with current and future regulations and the organisation’s vision.