October 17 is quickly approaching… this is when your organization is expected to comply with the European NIS2 Directive. You might feel you still have time, or that there will be additional delays, but in fact, it’s time to kick start your compliance journey into high gear and ensure your manufacturing organization is up to speed.

What is NIS2 directive?

Network and Information Security (NIS2) Directive, the new iteration of European Union’s NIS, elevates the stakes even higher with stricter cybersecurity requirements, incident reporting guidelines, and significant financial penalties for non-compliance. NIS2 makes compliance mandatory for all organizations with revenues over €10 million, so you’re probably impacted.

(Read this blog for more details: “NIS2 compliance for industrial networks: Are you ready?“)

Navigating NIS2 compliance can be challenging, but it serves the greater good as it helps enhance your organization’s digital security, and bolsters the EU’s collective cyber resilience, enabling a united front against potential cyber threats for the benefit of all.

According to IBM, the manufacturing industry saw the highest share of cyberattacks among any industry worldwide in 2023. Maybe you think your company is not a target of cyber attacks? Perhaps you think you will never be audited for NIS2 compliance? Make no mistake: any organization can be hit by malware, and your country’s cybersecurity agency will enforce NIS2 as a high priority.

NIS2 greatly improves your ability to protect against threats, cultivate trust within your organization and stakeholders, and safeguard operations to protect your business. Most NIS2 measures are quite straightforward and considered as mandatory best practices regardless of any regulation. They are key to improving your organization’s resilience and ensuring the success of your manufacturing operations.

What should you do to get started?

Strengthen your factory security and drive NIS2 compliance with the following 3 steps.

1. NIS2 recommends a risk-based approach to cybersecurity which requires comprehensive visibility into the OT environment.

You need a detailed inventory of all assets connected to your factory network, their vulnerabilities, their communication patterns, and more to effectively assess OT cyber risks.

Cisco Cyber Vision automatically detects and profiles connected assets and monitors communications activities to detect malicious traffic and anomalous behaviors. It scores risks to help teams prioritize what changes and mitigations will be most impactful for improving the OT security posture. It’s built into switches and routers so it’s easy to deploy at scale without additional appliances or network resources. Cyber Vision helps to assess OT cyber risks and provides a strong foundation for getting started with NIS2. Learn more in this solution overview.

2. NIS2 requires implementing advanced capabilities such as zero-trust access control policies.

This means restricting network communications within the factory and from outside the factory unless they are specifically authorized to run the industrial process. This can be best achieved via two measures.

Segment the factory networks to avoid malicious traffic to easily spread and compromise your operation. Instead of deploying costly zone-based firewalls throughout your factories, use Cyber Vision to logically group assets into zones of trust. Cisco Identity Services Engine (ISE) or Cisco Secure Firewall can leverage this information to enforce policies restricting communications between zones, hence segmenting the industrial network without complex hardware and cabling modifications.

Take control over remote access to OT assets. Vendors and contractors need to remotely access industrial assets for maintenance and troubleshooting. But how do you make it simple to control who can access what, when, and how? Cisco Secure Equipment Access (SEA) is specifically designed for OT workflows, enabling highly granular zero-trust network access (ZTNA) policies such as which assets can be accessed, by whom, at what times, and using which protocols. It’s simpler to deploy than legacy VPNs and makes it easy for OT team to manage their remote access needs while complying with security policies.

3. NIS2 makes it a legal obligation to report cyber incidents within 72 hours.

Not only does this mean you need tools to detect them, you also need a platform to manage them. Cyber Vision combines protocol analysis, intrusion detection, and behavior analysis to detect malicious activities on your factory network. Events are aggregated into Cisco XDR and/or the Cisco Splunk security platform, making detection, investigation, and remediation simpler and more powerful by unifying cyber security across IT and OT.

Benefiting from ISA/IEC 62443 to comply with NIS2

NIS2 emphasizes the use of international standards to ensure that entities within its scope implement effective cyber risk-management measures. Implementing the ISA/IEC-62443 industrial cybersecurity framework goes a long way towards NIS2 compliance, as it includes most requirements such as risk analysis, access control, strong authentication, use of cryptography, continuous monitoring, business continuity and disaster recovery, and more. So, if your organization is already implementing the ISA/IEC-62443 cybersecurity framework (especially parts 2-1, 3-2, and 3-3), you will be well on your way to addressing most of NIS2 requirements.

NIS2 compliance is a journey and change doesn’t happen overnight. Let Cisco guide you step-by-step with an infographic that has all the resources you need to get your compliance journey started: 4 Steps to Prepare Your OT for NIS2


Watch this webinar on how Cisco and Splunk can help with NIS2 compliance:

A Sense of Urgency: Industrial Cybersecurity and Compliance Under the NIS2 Directive


Additional resources



Emily Kasman

Product Marketing Specialist