AWS Partner Network (APN) Blog

How Netop can help customers meet NIS2 Directive requirements in the EU

By: Paul Herda, Corporate Sales Director EMEA & APAC – Netop
By: Camelia Filip, Product Manager & VP of Engineering – Netop
By: Arseni Yustus, Solutions Architect – AWS
By: Svyatoslav Redko, Senior Solutions Architect – AWS

Netop logo
Connect with Netop

In today’s rapidly evolving digital landscape, cybersecurity is essential. Some countries have additional security standards and requirements to address security issues in different areas. The new European Union (EU) NIS2 Directive raises cybersecurity standards, requiring enhanced risk management, incident reporting, and governance practices.

Discover how Netop helps address the challenges of NIS2, supporting cybersecurity resilience across critical sectors within the EU. This blog explores how Netop provides an integrated solution, run on Amazon Web Services (AWS), that helps customers align with NIS2 Directive goals. It is important to note that while this post highlights Netop’s solutions and recommendations, it does not include NIS2 Considerations for AWS.

What is NIS2?

The NIS2 Directive is an EU legislative framework designed to establish common security standards for network and information systems across vital sectors. Figure 1 shows that NIS2 extends the original NIS Directive’s scope to encompass new sectors such as healthcare, energy, transportation, and digital infrastructure, in addition to essential industries like pharmaceuticals, food production, and public administration. The directive introduces stricter requirements in risk management, incident reporting, and supply chain security to protect these essential services.

A key aspect of NIS2 is a focus on harmonizing cybersecurity standards across the EU, aiming to create a consistent approach to protecting critical infrastructure. With NIS2, organizations are accountable not only for their cybersecurity but also for the security of their suppliers and third-party vendors. This directive underscores the EU’s commitment to strengthening cybersecurity frameworks and reducing vulnerabilities within interconnected networks across vital sectors.ENISA Infographic showing high and other critical industries and sectors impacted by NIS2

Figure 1. ENISA Infographic showing high and other critical industries and sectors impacted by NIS

Solution overview

Netop delivers secure remote access software through an integrated enterprise system for large private and public organisations in business-critical industries around the world. Various users, such as employees, experts, engineers, contractors, and subcontractors, can start remote control sessions from a distance towards both generic IT devices and industry-specific equipment, for troubleshooting sessions or day to day remote working purposes. Leading security focus, real-time operations, broad systems support, and global coverage are key attributes for the Netop secure remote control software.

NIS2 regulation includes cybersecurity resilience of the supply chain as one of its key focus areas. This focus is related to secure remote access for any employees or third-party individuals as shown in Figure 2. These individuals perform remote-access interventions within the organization environment. They work from any device, whether corporate-managed or external. NIS2 defined supply chain that translates to all the organization’s suppliers and employees that provide digital services remotely.

Secure Netop remote access to intelligent devices: ATMs, turbines, transport, industry.

Figure 2. Secure Netop remote access to intelligent devices: ATMs, turbines, transport, industry.

Some examples of IT supply-chain resilience scenarios that fall under NIS2 directive include a support technician needing to remotely access a PC or laptop for troubleshooting, an outsourced service provider needing to access internal finance systems for data entry operations, and an engineer needing to access a production robot to change its settings and configuration.

Netop recommendations towards NIS2 regulation

To address these stringent requirements, Netop is introducing the secure remote access solution applicable to organisations impacted by NIS2 regulation. This approach also fortifies their security posture in the face of growing external cyber threats, optimizes their IT infrastructure, and reduces response time for remote troubleshooting and connectivity tasks.

The subset of NIS2 measures related to secure remote access practices of the organisation, addressed by Netop, can help customers meet these requirements.

NIS2 Article 11 – Requirements, technical capabilities and tasks of CSIRTs, Paragraph 3.a.

Netop recommendations:

  • Use Netop for a real-time remote access dashboard with information on all online/offline endpoints, running remote sessions and connections and active permissions deployed in the environment.
  • Use Netop kill-switch mechanisms for suspicious or rogue sessions as well as mechanisms to deactivate permissions.
  • Run a regular secure remote access permissions management assessment

NIS2 Article 21 – Cybersecurity risk-management measures

Netop recommendations:

  • Paragraph 2.d.
    • Netop can limit system access by grouping service provider equipment and staff according to criticality, geography, residence, certifications, and need-to-know/perform principles.
    • Use Netop mechanisms to restrict actions and activities permitted to the supplier, based on criteria such as time-window, work certification, supervision (four-eyes principle).
    •  Provide remote access permissions at application level for Netop sessions performed by suppliers or service providers, on a need-to-know or need-to-perform basis.
    • Provide human quality control mechanisms on remote access sessions, with Netop session acceptance tools delegated to the security control responsible or supervisor responsible persons. Best practices for acceptance tools are screen pop-up acceptance or email acceptance for incoming remote sessions from supply chain personnel.
    • Provide IP-fencing (IP range selection) mechanisms for remote access sessions to designated whitelisted supply chain geographies, individual suppliers or personnel contractors.
  • Paragraph 2.e.
    • Make the organisation remote access practice, with focus on the supply chain remote access use-cases, a top priority in the organisation’s cybersecurity policies and framework.
    • Reduce the exposed surface of potential threats by minimizing point-to-network access (VPN-like or assimilated) and provide alternative point-to-point remote access for remote personnel of the supply chain and entity suppliers.
    • Implement Netop remote session recording mechanisms, capable to record audio-video evidence (full keyboard, video and mouse events) of the remote access activity of the supplier personnel;
    • Block open remote session protocols in the network, including RDP, VNC, Telnet or SSH, to reduce the threat surface and also remove a potential threat’s persistence and lateral movement layer;
  • Paragraph 2.h.
    • Implement recognised and high-level Netop encryption standards in cloud communication and remote session protocols.
    • Encrypt with strong Netop mechanisms remote access sessions data, both for in-transit real-time sessions and at-rest stored data.
  • Paragraph 2.i.
    • Provide federated user management directories integration and multi-factor authentication methods for access and sessions.
    • Find and eliminate unrestricted remote access; also, eliminate just-in-time or remote session invitations without identifying and authorizing each invitee beforehand, including view-only sessions.
    • Anonymous access for both employees and external suppliers, even for view-only type of remote sessions, should be restricted.

NIS2 Article 22 – Union level coordinated security risk assessments of critical supply chains

Netop recommendations:

  • Conduct regular penetration testing certifications on remote access tools, including Netop, mitigate vulnerabilities and remove the non-secure remote connection alternatives.

NIS2 Article 23 – Reporting obligations

Netop recommendations:

  • Implement remote access auditability, as they can help in preventing exploits and aid forensic investigations for legal authorities.
  • Combine AWS CloudTrail user activity and API usage logging that will register remote access events for connection, session, action, security and configuration. Centralise secure logging services to monitoring remote access activities of the digital supply chain.
  • Enable Netop mechanisms to encrypt all logging data, cloud-trail activities.
  • Log Netop remote access sessions at entity level.
  • Activate Netop remote session recording mechanisms of the remote access activity of the supply chain personnel.
  • Use Netop tamper-proof mechanisms for the audio-video recordings.

NIS2 Article 24 – Use of European cybersecurity certification schemes

Netop recommendations:

  • For supply chain security resilience, prefer industry-proof, certified remote access software like Netop on cloud services, offering certified mechanisms: ISO27001, SOC2, PCI-DSS, FIPS, HIPAA, NIS2, and various industry/manufacturer certifications.
  • Provide certified deployments using a single Netop secure remote access system that integrates on-premise, cloud-based, or hybrid/multi-cloud architectures.

Project guidelines for IT supply chain secure remote access from Netop

Step 1: Determine the supply chain for the organisation: Collect an extensive suppliers list with active contracts in the last 12 – 36 months: accounting, purchasing, supplier relationship management, contracting and legal.

Step 2: Determine the list of digital equipment, including IT devices: Include any equipment with a chip, microcontroller, or artificial intelligence. Sources fothis data include IT&C Assets, Automation projects, and Industry-specific equipment.

Step 3: Map digital services of the supply chain towards digital equipment

  • Supplier Focus: Identify which suppliers remotely access your equipment for digital services.
  • Device Focus: Document who accesses each piece of equipment and how (company network, home, or worldwide web).
  • The secure remote access map: Define the set of users that access remotely to organisation devices that will become the scope of NIS2 certification project.

Step 4: Netop is ready to implement your NIS2 secure remote access project: Documentation resulting from the previous phases becomes the source for the Netop secure remote access system implementation project and for NIS2 future audits.

Conclusion

The NIS2 Directive represents an advancement in improving cybersecurity across critical infrastructure sectors within the European Union. However, compliance can seem daunting without the right tools. By adopting Netop for company-wide enterprise remote access practices, organizations can effectively meet their needs related to the NIS2 standard while enhancing their overall digital security.

As next step, contact Netop or start a test project through AWS Marketplace listing below.

Connect with Netop
.

Netop – AWS Partner Spotlight

Netop is the global secure remote access software leader, supplying trusted remote access software for thousands of customers and millions of users in business-critical industries across the world.
Most Fortune Global 500 companies are using Netop secure remote access software to allow technicians, employees, experts, engineers and contractors to remote control critical devices for day-to-day remote operations or troubleshooting purposes, while tackling regulatory compliance standards, strengthening their zero-trust network practice and improving their IT and OT security posture.

Contact Netop | Partner Overview | AWS Marketplace