CONNECT meets Alf Moens, Security Lead for GÉANT to talk about the European Commission’s revised Directive on Security of Network and Information Systems (NIS2 Directive).
Alf, tell us about this new EC security directive.
The NIS2 Directive defines the protection of critical infrastructure in all EU member states. This version, originally seen as a much-wanted extension and improvement to the first directive, focuses on what a critical infrastructure represents and how Information Systems should be protected. The directive includes the following examples of critical infrastructure: internet exchanges, national CSIRTs, cloud computing services and Domain Name Services (DNS).
How will the NIS2 Directive affect all DNS services in particular?
As a consequence of this directive’s quite broad definition of DNS, every organisation or individual running their own DNS will have to comply by registering their DNS service with ENISA, the EU agency for Cyber Security. This applies not only to top level domain DNS, but also to universities, companies of all sizes and ICT-enthusiasts who run their own DNS service at home. We believe that this was not the intention of the directive which is mainly aimed at the DNS management of critical infrastructures rather than the myriads of “local” networks which are vital to local businesses but would not impact the national economy. To modify this directive would now require some complex steps as it’s at the formal negotiation stage of the proposal process.
What will GÉANT do next?
At GÉANT we will be analysing the broader impact of NIS2 on research and education. We will work with the European NRENs to highlight the consequences of this proposal and, in particular, bring them to the attention of relevant authorities with the objective to reduce the limiting effects on DNS management.
To find out more about the impact of the proposed NIS2 Directive on your DNS system, we encourage you to read an excellent and informative paper by David Groep from Nikhef:
If you are an NREN representative and would like some clarifications about the necessary practical steps to take, please contact Alf Moens at GÉANT
Special thanks to Andrew Cormack, Jisc and David Groep, Nikhef for their input and support.