Supporting The NIS Directive Implementation And National Cybersecurity Strategies

Outcomes and deliverables

Proposals are expected to deliver on at least two of the following results:

• Enable the Member States to limit the damage of cybersecurity incidents, including economic, social, environmental, or political damage, while reducing the overall costs of cybersecurity for individual Member States and for the EU as a whole;
• Improve compliance with the NIS Directive, higher levels of situational awareness and crisis response in Member States;
• Contribute to enhanced cooperation, preparedness and cybersecurity resilience of the EU.

The action will also lead to the interconnection of the centres in charge of guaranteeing the cybersecurity of the operator of important service.

The action focuses on Member States and European capacity building and the enhancement of cross-border cooperation on cybersecurity at technical, operational and strategic levels. It is a continuation of work currently supported under the CEF Telecom programme. Proposals should contribute to achieving these objectives:

• Development of trust and confidence between Member States.
• Effective operational cooperation of organisations entrusted with EU or Member State’s national level Cybersecurity, in particular cooperation of CSIRTs (including in relation to the CSIRT Network) or cooperation of Operators of Essential Services including public authorities.
• Better security and notification processes and means for Operators of Essential Services and for digital service providers in the EU.
• Improved security of network and information systems in the EU.
• More alignment and harmonisation of Member States’ implementations of the NIS Directive.

The action will focus on the support of at least one of the following priorities:

• User-centred implementation, validation, piloting and deployment of technologies, tools and IT-based solutions, processes and methods for monitoring, preventing, detecting and handling cybersecurity incidents (including in the context of cross-border cybersecurity threats and cross sector context) in EU Member States.
• Collaboration, communication, awareness-raising activities, knowledge exchange and training, including through the use of cybersecurity ranges, of public and private organisations working on the implementation of the NIS Directive.
• Twinning schemes involving originator and adopter organisations from at least 2 different Member States to facilitate the deployment and uptake of technologies, tools, processes and methods for effective cross-border collaboration preventing, detecting and countering Cybersecurity incidents.
• Robustness and resilience building measures in the cybersecurity area that strengthen suppliers’ ability to work systematically with cybersecurity relevant information or supplying actionable data to CSIRTs.

The support will target relevant Member State competent authorities, which play a central role in the implementation of the NIS Directive, Computer Security Incident Response Teams (CSIRTs) including sectorial CSIRTs, Security Operation Centres (SOC), Operators of Essential Services (OES), digital service providers (DSP), industry stakeholders (including Information Sharing and Analysis Centres- ISACs), and any other actors within the scope of the NIS Directive.

Furthermore, Member States can define additional critical sectors, including public administrations, and identify operators for their countries.

In addition, the NIS Directive applies to providers of the following types of digital services (DSP):

• Online marketplace;
• Online search engine;
• Cloud computing service.

The action may support amongst other the continuation of the kind of cybersecurity activities funded through the CEF Telecom programme, building where relevant on the results from the CEF projects. Furthermore, synergies with actions such as the European “cyber-shield”, should be explored.

Support will be provided amongst other for the on boarding to the CEF Cybersecurity Core Service Platforms of public and private organisations working on the implementation of the NIS Directive and are potential users of the CEF Cybersecurity Core Service Platforms.