|
On the identification of OES and DSP, Lorenzo Pupillo (CEPS) explained that small companies would still be covered if they are critical (e.g. small clinics) so the company size would not be the only criterion.
Some participants questioned the idea of putting OES and DSP on an equal footing as this could lead to a race to the bottom in terms of security requirements with DSP lobbying to lower the requirements. Lorenzo Pupillo answered that the objective was on the contrary to have a race to the top.
On the ISACs, a Eurocontrol representative underlined that mixing industry and public authorities was not always the best option, depending on the purpose of the ISAC. In addition, he pointed out that he might be difficult to find the right legal framework for this.
During the live polls, most participants indicated that security measures and incident reporting should be priority number one for the revision of the NIS Directive. In second place came OES identification and DSP coverage, and in third place the need to enlarge the sectors.
Overall, the consultants evaluated that major changes of the NIS Directive (amending the directive or adopting a regulation) would have the highest positive impact for all policy objectives. This seemed to be the preferred option compared to statu quo or slight changes.
Next steps:
15 December: the European Commission will present its new Cybersecurity Strategy, the review of the NIS Directive and a proposal for additional measures for critical infrastructures.
If you have any questions on these issues, do not hesitate to contact Camille Dornier, Policy Manager: camille.dornier@eurosmart.com
|
