3rd Party Risk Management
,
Critical Infrastructure Security
,
Governance & Risk Management
ENISA’s Marnix Dekker on Supply Chain Attacks, Harmonizing the New NIS2 Regulations
The European Union Agency for Cybersecurity is at the center of rolling out new cybersecurity frameworks for critical infrastructure providers across Europe. But a major priority, according to Marnix Dekker, deputy head of the resilience of critical sectors unit at ENISA, is helping smaller vendors withstand supply chain attacks.
See Also: OnDemand | Secure Your Vendor’s Access from Attacks on Third-party Vulnerabilities
Supply chain vulnerabilities not only disrupt operational resilience but also create systemic risks for organizations relying on less-secure suppliers. Dekker says large critical infrastructure companies must take a more active role in supporting smaller suppliers to ensure compliance with the new security standards.
“If those companies don’t take up some of the burden of supporting smaller ones, the legislation will just stay on paper,” Dekker said.
ENISA is playing a pivotal role in the implementation of the EU’s Network and Information Security Directive, or NIS2, by creating frameworks for member states to adopt to help minimize divergent approaches to security.
“We’re supporting a large group of member states, building a community for harmonization,” he said. “Disjointed national implementations could pose risks to the EU’s collective cybersecurity posture. The risk, of course, is that we get 27 divergent approaches, which is bad for business and not easy for anyone.”
In this video interview with Information Security Media Group, Dekker also discussed:
- The role of ENISA in mitigating supply chain risks in critical infrastructure;
- Efforts to ensure harmonized cybersecurity implementation across EU member states under NIS2;
- How ENISA fosters collaboration to improve incident reporting and supervision in less-mature sectors.
Dekker leads a team focused on implementing the NIS Directive, enhancing cybersecurity and bolstering resilience of the EU’s critical sectors, including telecoms, energy, finance, transport and healthcare. His team oversees policies such as NIS2 and DORA, conducts EU-wide risk evaluations supporting initiatives such as the EU 5G Toolbox and Nevers process, and drives NIS2 adoption across member states.