Anne Klebsch
ICS Security Consultant
Applied Risk

Anne Klebsch is a Senior Security Consultant for Applied Risk; An established leader in Industrial Control Systems security protecting operations technology globally. As a certified Global Industrial Cyber Security Professional and Information Systems Auditor holding a MSc degree in Computer Security – Anne has over 9 years experience in Industrial IT and OT security from a range of major service providers in Oil & Gas, Tank Storage, FMCG, Pharmaceutical and Manufacturing. Her expertise revolves around risk management, incident response and regulatory compliance with standards such as the newly implemented NIS Directive and the ISA99/IEC 62443.

Presentation: NIS Directive – the “first EU-wide legislation on cyber security” and what CI have to expect

This year the European Directive on security of network and information systems (NIS Directive) was to be transposed into local legislation by all EU member states. Objective of the Directive is to improve cyber security capabilities on national level to protect essential services such as healthcare, transport, energy, water, financial and digital infrastructure. Private or public companies that operate the essential services will have to take security measures as defined by the country and notify serious cyber incidents to the relevant national authority.

While the due date for member states to transpose the directive into local legislation was in May, the majority of member states missed this deadline. This leaves organizations in a limbo of what they will have to comply with in terms of security measures and incident reporting. Meanwhile, November sees the next milestone dictated by the directive approaching fast. By then member states will have to have nominated all operators of essential services. It is uncertain how much time organizations will have to become compliant.

For CI it will be important to identify what can and should be done already now. Applied Risk will discuss in this presentation current status of the NIS Directive, giving key insights on what can be expected based on the countries which have already completed transposition. Finally, Applied Risk will cover key actions, organizations should start now to prepare for compliance including a case study based on the implementation in Germany.