ETSI Sets Sights on Cybersecurity Risks in New Report

ETSI is lending its voice and technical acumen to cybersecurity risks with the release of a new report on Tuesday by its technical committee on cybersecurity (TC CYBER).

ETSI's TR 103 456 report provides guidance to enterprises, government agencies and services providers on how to implement the Directive on Security of Network Information Systems (NIS Directive) across the European Union for high-level security of network and information systems.

The report provides guidance on the available technical specifications -- as well as those in development -- by major cybersecurity communities in the world that were designed to meet the legal measures and technical requirements of the NIS Directive.

According to the European Commission, the NIS Directive was constructed to provide a framework to boost the overall level of cybersecurity across the EU membership. It was adopted by the European Parliament on July 6 of last year and entered into force in August of the same year. EU's Member States had 21 months to transpose the directive into their national laws and an additional six months to identify operators of essential services.

The report addresses various cybersecurity issues and requirements including sharing and exchanging information, incident notifications, technical and systems risk management, challenges and solutions and technical recommendations.

European Telecommunications Standards Institute (ETSI) said that cybersecurity risk management involves "assessing a range of risks in the context of an organization's environment, understanding assets, resources and processes that are fundamental to the organization, and taking steps to ensure that the organization continuously improves how it protects, detects threats and responds to incidents involving those assets, resources and processes."

"This new ETSI report provides a broader cybersecurity context building on the NIS Directive or the ENISA Standardization Gaps Report," said Charles Brookson, chairman of ETSI TC CYBER, in a prepared statement. "ETSI has a long expertise in security matters, including the work developed in our cyber group. This report should help those striving to meet the requirements of the NIS Directive, and guide them on how to meet it."

ETSI said the entities that would be able to tap into the report as part of their work for implementing the NIS Directive into legislation could include regulators, operators of essential services or digital service providers.

While ETSI plows ahead with its work across NFV, 5G and quantum computing, various ETSI groups work closely with TC CYBER to insure that security aspects are included in all of its specifications from the outset. TC CYBER have published 17 specifications and reports on cybersecurity over the past three years.

— Mike Robuck, Editor, Telco Transformation