Show simple item record

The Dutch Critical Infrastructure under NIS2 Directive: A Cybersecurity Risk-management Approach.

dc.rights.licenseCC-BY-NC-ND
dc.contributorDr. Zlatina Georgieva and Dr. Tobias Theiler
dc.contributor.advisorGeorgieva, Z.R.
dc.contributor.authorGonzalez Pouso, Virginia
dc.date.accessioned2023-08-23T14:00:47Z
dc.date.available2023-08-23T14:00:47Z
dc.date.issued2023
dc.identifier.urihttps://studenttheses.uu.nl/handle/20.500.12932/44733
dc.description.abstractDigitalisation is currently a hot topic in the EU and the Netherlands specifically, as EU- level NIS and NIS2 Directives have arisen to achieve a high level of cybersecurity. However, these directives and the speed at which they must be met are a double-edged sword. Though it allows for better connections and eases in monitoring the daily online activity of Member States that share a common interest in cybersecurity, the regulations are rather slow to adapt to the quickly changing nature of ICT systems. Further, every Member State has different levels of digitalisation and different resources at its disposal to reach and maintain a high common level of digitalisation. To ensure the uninterrupted provision of vital services such as transportation and digital infrastructure, it is imperative that the critical infrastructure of EU Member States is prepared to confront cyber-attacks, system vulnerabilities, and risks in the digital domain. The implementation of a robust and actively enforced risk-management framework plays a crucial role in this regard. When essential processes like electricity or water supply, management of shipping traffic, or payment transactions become targets, society can be brought to a standstill for an unknown period of time. In light of this, the EU legislative framework tries to be updated to present times after different digital proposals such as NIS (1&2), CER, CRA, or DORA, but there is often a misunderstanding of what these laws mean in practice and what extent national entities are responsible for implementing them. This research work explores the extent to which cybersecurity risk-management measures in light of the NIS2 Directive are effectively monitored, developed, and practiced by Dutch governmental entities, as well as private organisations’ effect on the public enforcement of the measures, and the extent to which these measures are complied with in practice. Lastly, this research work comes up with policy recommendations to address the challenges encountered in practice.
dc.description.sponsorshipUtrecht University
dc.language.isoEN
dc.subjectThis is a qualitative study based on the cybersecurity risk-management framework in light of the NIS2 Directive. The aim is to analyse the process followed by the Dutch industry and government to comply with the cybersecurity risk-management measures. The study is based on a literature review and semi-structured interviews with governmental institutions, public and private entities, as well as EU institutions and bodies. This study comes up with policy recommendations for these institutions.
dc.titleThe Dutch Critical Infrastructure under NIS2 Directive: A Cybersecurity Risk-management Approach.
dc.type.contentMaster Thesis
dc.rights.accessrightsOpen Access
dc.subject.keywordsCybersecurity risk-management; implementation; NIS2 Directive; critical infrastructure; transportation; digital infrastructure
dc.subject.courseuuEuropean Governance
dc.thesis.id22472


Files in this item

Thumbnail
Name:
Thesis_VirginiaGonzález.pdf
Size:
1.274Mb
Format:
PDF
View/Open

This item appears in the following Collection(s)

Show simple item record