NIS2 puts the software supply chain in the spotlight of security prevention

Affected companies can quickly protect their processes in compliance with NIS2 using asvin technology

Stuttgart, January 12, 2023 – In the future, companies will be able to counter hybrid threats with greater confidence. When cybersecurity is explicitly required by regulation and easily implemented by solutions from innovative providers such as asvin, companies will be able to focus entirely on their operations and no longer on their security. This will tend to make cybersecurity a relief rather than a burden for IT departments.

The facts: More critical sectors and a tighter timeframe

On January 16, 2023, the NIS2 regulation for EU-wide cybersecurity will come into force. All member states must have transposed the directive into national law by October 17, 2024. The scope will be expanded from the six traditional critical infrastructure sectors to seven, with the addition of eleven further sectors, such as postal and courier services, waste management and production, as well as medical devices, mechanical engineering, online marketplaces, and even research institutions. From October next year, all of these sectors will be subject to a uniform EU reporting obligation for incidents, particularly those affecting the software supply chain. Violations can then be punished with a fine of up to ten million euros or two percent of global annual turnover.

The challenge: harsh penalties and higher costs

Supervisory bodies will be given comprehensive powers, such as on-site inspections, spot checks, and regular security audits. Warnings, binding instructions, and fines can be used as leverage. In the event of serious violations, authorities can temporarily suspend managers of the affected institutions from their duties. There are also additional costs for NIS2 readiness. According to research by Dennis-Kenji Kipker, professor of IT security law in Bremen, institutions covered by the new directive can expect to see their cybersecurity budgets increase by around 22 percent. Companies that have already implemented compliance measures based on NIS-1 would only have to estimate a cost increase of around 12 percent.

The solution: check the software supply chain and implement SBOM

By focusing on the software supply chain, the number of devices or software components that need to be documented, kept updateable, and operated in a monitorable manner will increase enormously. We specialize in securely locating, identifying, assigning, and reliably securing an unlimited number of such items using distributed ledger technology (DLT). With our solutions for cybersecurity management (CSMS) and secure update management (SUMS), we can reliably implement cybersecurity as a service and thus NIS2-Compliance.

For technical details and background information, I would be happy to put you in touch with experts at asvin. For example, our founder and CEO Mirko Ross or our CTO and DLT expert Rohit Bohara. Mirko Ross.

About asvin:

Based in Stuttgart, asvin GmbH currently has 20 employees and develops comprehensive solutions for AI and software supply chain security. These solutions ensure the security and correct origin of software in IoT environments throughout its entire lifecycle. This creates a continuous layer of trust along data supply chains, which increases the resilience of the Internet of Things (IoT) against cyberattacks.