Vinçotte provides support to drinking water company to comply with the international cybersecurity standard for OT

Drinking water companies, like other vital companies, are preparing for IEC 62443, the international cybersecurity standard for Operational Technology.

The NIS2 Directive (Directive on security of networks and information systems) is an important step by the European Union to combat cyber threats and raise the level of cybersecurity within the EU. Organisations covered by this directive will have to comply with new cybersecurity requirements.

NIS2 (also known as EU directive 2022/2555), came into force on 16 January 2023 and replaces the previous EU directive 2016/1148. All EU member states must transpose the directive into national law by 17 October 2024 at the latest.

This directive focuses on:

  • Risk management: Organisations should regularly assess their IT infrastructure and systems for vulnerabilities and implement appropriate security measures to mitigate these risks.
  • Incident reporting: Organisations should report significant cyber incidents to the relevant authorities.
  • Supply chain security: Organisations should ensure the security of their supply chains.
  • Training and awareness: Organisations should train their employees on cyber security and raise awareness of the risks.

The NIS2 legislation is going to apply to many organisations and certainly to companies that are part of the various vital sectors.

Drinking water #

Drinking water companies and water boards are part of the vital infrastructure. To be prepared for NIS2 and to be demonstrably in control, drinking water companies and other vital companies need to comply to IEC 62443, the international cybersecurity standard for Operational Technology.

We were recently contacted by a drinking water company to assist them with compliance.

We did not know exactly where we stood with our digital resilience,’ says the company's CIO. With a baseline measurement, we helped them determine where they currently stand in order to create a plan to get in line with the NIS2 requirements.

After the baseline measurement, we not only know where we are,’ the CIO continued, ‘but also have a plan to take the right additional measures to further secure our OT environment.

Using the plan provided, we helped this drinking water company to:

  • Reduce cyber risks: Securing IT infrastructure and systems now reduces the likelihood of cyber attacks.
  • Avoid fines: Organisations that fail to comply with NIS2 requirements can face large fines.
  • Gain competitive advantage: Demonstrating compliance with strict NIS2 requirements wins the trust of customers and partners.

Confidentiality #

Vinçotte understands the crucial importance of cybersecurity. In our case studies, you will therefore not find any client names. This is because of:

  • Confidentiality: Our clients entrust us with their sensitive security information. By protecting their identity, we ensure that their business practices and vulnerabilities remain private.
  • Best security practices: Revealing a company's involvement in a cybersecurity case study could inadvertently provide a target for future attacks. Discretion is essential.

Contact us to learn more about NIS2 and how we can help you make your organisation compliant.