NIS-2: it doesn’t have to be such a mess when one looks at the site

Sometimes it only takes a little to come to an understanding – like visiting the website of the National Cyber Security Authority (NUKIB), which describes the new cyber security law in great detail and from A to Z. In this article, we will very briefly and quickly present what can be uncovered from these public sources – from A to Z. 

Thus: the site greets us with a big slogan that the law comes into force on 1 January 2025 and immediately blocks us with “does the regulation impact your organisation”, and two blocks that ask practically the same thing, i.e. what to do. For the first block, a calculator will be very useful, where you can plug in your company’s exact industry in order to determine your market position. A similar feature has been introduced by Seyfor, so you can make your choice straight away. This is not just an informative feature, as the NUKIB will not personally identify schemes and companies, and so the analysis is left to the NUKIB to decide whether or not a company falls under regulation. For the second block, what to do, is mainly reporting the provision of a regulated service to the authority and reporting security incidents. However, according to lawyer Jiri Hradsky at CzechCrunch, these measures can increase the cost of running IT in companies by 22%, even though the directive is not as laborious in legal terms as the GDPR.

However, to return to the NUKIB website, the FAQ page answers almost all questions – although some of them are rather generic in nature (“Why should an organisation be concerned about cyber security and the new law?”). Other questions make sense, such as the information that the NUKIB provides basic courses for free on the training portal, or that it is not necessary for a lower-level regime to fill security roles such as cybersecurity manager or auditor. Unfortunately, the site does not yet include a ChatBot to speed up communication and searches.

In addition to NUKIB, Lupa.cz also provides a good overview of information in a regular series; large consulting firms also have something to say, of course, but they keep the main treasures for clients; however, Tomas Kudelka, director of technology consulting and cybersecurity at KPMG ČR, speaks at the O2 CyberCast (but one must take into account the older date). He highlights, for example, the problem of old back-ends of Czech banks, which are kept alive by various crutches.

Author:Oldrich Příklenk

Picture: https://chatgpt.com/