The NIS2 Directive is reaching out and pulling in; unlike its predecessor, it extends cybersecurity mandates to more than just critical sectors, and puts a heavy emphasis on reaching across business borders and working together.

This begs a cultural shift in cybersecurity thinking across the EU. Whereas threat intelligence was once highly guarded proprietary information, NIS2 asks organizations (even competitors) to lay aside their differences. Instead of a “glad it wasn’t me” mentality, NIS2 encourages a shift towards “it could just as well be next,” and encourages EU teams to share what they know. 

Moving forward, collective defense will play an increasingly large role in combating modern cyber threats. We might have to take a page out of cybercriminals’ books; they, after all, pilfer lists of names and addresses and share them indiscriminately on the dark web (for a price, of course). Omitting the cost, NIS2 captures the zeitgeist that if we are to survive against such a united opponent, we have to be united ourselves.  

Understanding Risk Management in NIS2 

NIS2 not only calls for increased sharing, but increased security in key areas. Risk management is one of them. 

Article 21 of NIS2 mandates that organizations establish a risk management framework, if they haven’t one already. Explicitly, essential and ‘important’ (that means non-critical infrastructure) entities are required to create “appropriate and proportionate technical, operational and organisational measures to manage the risks posed to the security of network and information systems...”

It sounds pretty straightforward, and ENISA (the European Network and Information Security Agency) offers some guidance to make it even more so. Though still in draft form, the ENISA Implementation Guidelines outline that a compliant risk management plan should include (at least):

• “the risk identified;
• the assets associated with the risk;
• the objective associated with the risk;
• the measures associated with the objective which are mitigating the risk; 
• procedure for assessing the effectiveness of implementation of the measure(s);
• detailed implementation timelines;
• responsible roles; and
• implementation costs for the measures.”

This underscores the importance of adopting proactive measures over reactive approaches. The point is less surprises. The more companies know about their risks and the factors increasing them ahead of time, the less chance they’ll have of being introduced to them the hard way by attackers.

Why Collaboration is Essential for NIS2 Compliance 

Digital infrastructure is largely interconnected across industries and borders. Remote devices draw from the same cell towers, use the same internet service providers, and share the same supply chains, cloud service vendors, email platforms, and SaaS applications. What affects one can quickly affect all (and cybercriminals are counting on it). The CrowdStrike Linux outage, SolarWinds compromise, and MOVEit Transfer tool attack are just a few examples.

NIS2 essentially argues that the rising rates of cyberattacks on ‘critical and important’ entities is more than enough reason ‘why’ and that it will actually keep sectors - and the organizations that make them up - healthier, safer, and more competitive.

Seeing the potential for catastrophic chain reactions – and the current climate of “fragmentation in scopes, tiering, and implementation approaches,” the European Cyber Security Organization (ECSO) issued the following call to action: 

• Establish consistent EU-wide implementation approaches
• Create standardized templates and reporting mechanisms
• Develop harmonized risk management frameworks
• Provide targeted support for disadvantaged entities

Why should the strong help the weak in a global digital economy? Because as far-reaching supply chain attacks have shown us, attackers often target the weak to get to the strong. 

Prepare for NIS2 with Cyware Collaborate 

An all-in-one threat intelligence platform like Cyware Collaborate is a powerful enabler of collective defense. You can only (responsibly) share threat information that you know and understand, but with so many sources of threat information coming in (logs, alerts, global feeds, proprietary feeds, SIEMs, etc.), companies can be hard-pressed to keep up. 

NIS2 Information Sharing Requirements

Many organizations are still using manual threat intelligence processes for collecting data, sifting through intel, compiling it all together, and creating reports. This is often a full-time job for several people, and many companies don’t have the cycles to dedicate to that. So, how will they comply with the NIS2 mandate (yes, mandate – complete with penalties) to engage in threat intelligence sharing? 

First, let’s look at what NIS2 requires: 

• Article 90, paragraph 2 states, “Member States shall ensure that the exchange of information takes place within communities of essential and important entities, and where relevant, their suppliers or service providers.” 
• Paragraph 3 of the same Article drives home that “Member States shall facilitate the establishment of cybersecurity information-sharing arrangements referred to in paragraph 2 of this Article.”

Comply With NIS2 Using Cyware Collaborate

Cyware Collaborate is an all-inclusive threat intelligence platform that ingests data from a myriad of (practically all available) threat sources and combines them into a package that is easy to use. The result is actionable, well-informed, human-readable threat intelligence that companies in the EU (or anywhere) can use or share. 

Collaborate takes in the following threat feeds (and these are just the big buckets):

• Commercial threat intelligence advisories
• ISAC/ISAO threat alerts
• CERT, OSINT, CISA threat advisories
• Malware, vulnerability, threat actor, threat research advisories
• SIEM rules, YARA rules, Suricata rules, Sigma rules

Once Collaborate has ingested the above threat intelligence sources, it not only produces summarized, context-rich real-time threat intelligence but does so in standardized formats and templates that align with European Cyber Security Organization recommendations. Now, NIS2-compliant information sharing is easier than ever. 

With Collaborate, you get:

• Seamless integration with existing systems to support compliance and enhance efficiency.
• Reduced operational silos and enhanced situational awareness.
• Proactive mitigation of risks through shared intelligence.

And the peace of mind that comes from knowing you’re well aware of what’s out there – and that when cybercriminals come knocking, you’ll be ready. 

Collective Defense is the Future: And the Future is Now

Following the encouragement of NIS2 to build a more collaborative cybersecurity culture will require a cultural shift from an individualistic mindset to a cultural one. However, the two are not mutually exclusive; individual companies benefit from the collective safety of their digital ecosystem. As NIS2 not-so-subtly points out, keeping the EU’s digital ecosystem safe against today’s highly organized cybercriminals is going to take a wave of new cybersecurity improvements – and a big team effort. 

Find out how to simplify NIS2 threat intelligence sharing mandates with Cyware Collaborate.