hello everyone and welcome to rock studios I'm Lucy Kon the brand lead for Europe middle eastn Africa at Rockwell Automation and I'm joined here today by Maria El senior Global product manager at Rockwell Automation Maria welcome hey Lucy thank you and Andrew cortiella Andrew is the life cycle Services commercial manager for Europe middle Easter and Africa at Rockwell Automation Andrew welcome to the welcome to the studio thank you for having me here Lucy it's great to have you both so today we're going to talk about everything that you need to know about the new nis2 directive so this is a really important topic absolutely let's get right into it thank you so my first question Maria um why has the European Parliament adopted this new directive to improve cyber resilience and incident responses now sure as we've seen over the last 15 OD years cyber security incidents in the world are increasing since the pandemic the increase has been significant um we've seen that there's a major increase in the amount of attacks focused a lot on critical infrastructure as well as the the change um in attack and more and more intelligence behind that so the threat is growing so the EU has looked to introduce regulation directive to help try and mitigate that and impose some controls on many different Industries to help them become more um effective at beating cyber security and to have some forms of um regulation and potential impact to those companies so in improving cyber hygiene as a whole across the the EU is important factor that sounds really critical to continue business operations absolutely so um Andrea if I could ask you then um how will NIS two directly impact manufacturers and why has manufacturing been included in this directive in your opinion yeah if we look at the it sector cyber security is always that has been always present because even if it was about storing data or doing transactions there was a need to do it in a secure way in the OT side the main concern is about production having the plan running uh overall equipment effect iess uh no shoot down no and scheduled down time and cyber security has become an uh issue that the plant need to solve as uh we uh as we um have the connected factories uh in networks sure and so if I could ask you to to take that a little bit further so what are the consequences of non-compliance are they limited to fines or will they also affect senior leadership teams no definitively there are fines in the N to regulations and this is a a new point and they are relevant uh we are talking about up to 10 million EUR or up to 2% of the annual revenue worldwide for the company but more important is that management could be held legally accountable in case of non-compliance to the day active and and that's obviously going to be you know really important for businesses to take into consideration because of that legal compliance for sure so Maria my final question to you sure what strategies can manufacturers employ to make themselves compliant before this deadline arrives sure so there's many many different strategies that can be taken one thing that we often talk about is understanding and what you have so know what infrastructure you have know what assets that you have understand your risk and your vulnerabilities and start to plan plan you know what you need to do today understand what your plan is for the future know what you have and think about those considerations on how to protect what you have there are many of the steps that people can start to take to understand how they can secure now and what they need to do for the future cyber security is changing all of the time it's evolving it's becoming more of a um an industry in itself so let's take those steps now plan and secure environment to help protect you today and in the future that's great context and it sounds like it's very key to to have a strategy absolutely absolutely we see today that people don't know necessarily where to start so think about what your current cyber security posture is and develop that strategy have um governance in place have policies and procedures in place and think about the cyber security posture think about training your staff to become more cyber aware in what they're doing in their General actions on a daily basis that's great just to add to these manufacturing companies in just to name a few uh life science or chemical food water sector could be classified in the need to as essential or important and they need to make sure that they are working towards a cyber security for OTS strategy and if not if they don't have the policies the procedures the process in place if they they are not running a cyber program they need to speed up and act quickly in light of the new new n to directively because it's just around the corner I mean we are talking mid October 2024 it will be enforce compliance absolutely and I think this deadline then adds adds that additional need and urgency for a strategy to put in place so Maria Andrew thank you so much for joining me in the studio today it's been great to hear your perspective on this and obviously you know this is uh it's a really key topic to talk about as this n two directive approaches absolutely thank you for joining me thank you for having us thank you and thank you for watching if you'd like to learn more about industrial security visit Rockwell automation.com