With the forthcoming application of the NIS 2 Directive in Europe, essential service operator (OES) and operator of vital importance (OIV) are preparing for new obligations to strengthen their cybersecurity.
A new name for essential service operator (OES)
The creation of essential entities (EE) and important entities (IE)
The main aim of this amendment to the NIS1 Directive is to maximise the security of the networks and information systems of sensitive European organisations. One of the changes is the end of the term OES (essential service operator). This used to refer to essential services whose cessation would have a major impact on the functioning of the French economy or society.
The NIS2 Directive does away with the term “essential service operator” in favour of two categories of entity:
- Essential Entities (EE), which would mainly include large companies in sectors classified as highly critical.
- Important Entities (IE), which would mainly concern medium-sized organisations in sectors classified as highly critical and organisations in critical sectors.
“Digital Service Providers” fall into these categories. It should be noted that there has been no change to the designation OIV (operator of vital importance). These are covered by NIS2.
Obligations for essential entities, important entities and OIV
Use ANSSI-certified security solutions
The security measures recommended by NIS2 include “the use of secure voice, video and text communications and secure emergency communication systems within the entity, as required”. For OIV, the use of security solutions certified by the ANSSI, thanks to its Security Visa, is even becoming compulsory. In the event of a crisis, operators of vital importance need to react quickly and demonstrate resilience. Secure communications solutions are therefore essential. They enable employees to carry on working. Various technologies, such as end-to-end encryption, guarantee data protection.
Security Visa from ANSSI: a guarantee of reliability
The ANSSI Security Visa makes it easy to identify the most reliable cybersecurity solutions. These solutions have been checked and assessed by approved laboratories.
For over 5 years, Tixeo has been the only French secure videoconferencing solution to be certified and qualified by ANSSI, thanks to its Secure By Design approach and end-to-end encryption technology.
Protecting network architecture
The NIS2 directive recommends partitioning networks and remote access. This is particularly the case when using on-premise security solutions. These must be able to function in an isolated network. The organisation will also need to be aware of all their impacts on its network architecture.
The benefits of secure on-premise videoconferencing
TixeoServer is Tixeo’s secure on-premise videoconferencing solution, certified and qualified by the ANSSI. Security is part of every step from its design to its deployment. For example, only one network port needs to be opened for installation, in order to limit the impact on the organisation’s information system security policy.
Use secure subcontractors and service providers
Actors in the supply chain, whether subcontractors or service providers, are subject to the NIS2 Directive. They generally have access to their customer’s infrastructure and therefore represent a security risk. In the event of security breaches within their infrastructure, the network security of the more or less critical entities for which they work would be impacted.
Find out all you need to know about the NIS2 directive :