Meer weten over veilige IT/OT-integratie in kritieke infrastructuur? Meld je nu aan voor de Round Table op 17 april 2025

How DataDiodes strengthen your critical assets and comply with NIS2

How DataDiodes strengthen your critical assets and comply with NIS2 cover

The NIS2 directive offers vital guidance for organizations aiming to secure their networks. This legislation will equip critical and highly critical sectors with enhanced tools to improve their security, strengthen their defenses, and refine their response strategies, all aimed at stopping potential attackers. Marck van Haren, Sales Engineer at Fox Crypto and an expert in pre-sales engineering, provides valuable insights on how NIS2 and DataDiodes can improve the protection of sensitive information. With his deep knowledge of network segmentation and security solutions, Marck offers practical advice for achieving NIS2 compliance.

Why network segmentation is essential for NIS2

Marck explains why segmentation is so crucial: “Organizations are required by NIS2 to consider how they protect confidential information and critical assets. One effective measure is network segmentation. Without segmentation, if a hacker breaches your flat network, they potentially access the entire network. Segmenting the network limits the hacker’s access to just one part, preventing total exposure. By dividing the network into separate segments, you reduce the risk of a full-scale breach, making it harder for attackers to access sensitive areas.”

Leveraging DataDiodes for enhanced security

How can you achieve segmentation and therefore comply with NIS2? You can do this by using VLANs, which are virtual networks, or by creating a segment that is air-gapped, meaning there is no network connection between segments. But, you can also use DataDiodes. These are the benefits:

  • DataDiodes ensure one-way communication, a significant advantage in network security which prevents sensitive information from leaving the secure segment.
  • A DataDiode creates a secure segment for storing confidential information.
  • Even if a segment is compromised, the one-way data flow ensures sensitive information remains protected.
  • DataDiodes are also useful for protecting critical assets, such as production plants or environments with robots or PLCs, particularly in the OT market.
  • Securing critical assets with a DataDiode can prevent hackers from disrupting production processes.
  • According to NIS2, organizations should identify and protect their critical assets to ensure maximum security–which can be done by adding a DataDiode.

Challenges in the implementation of NIS2

Implementing NIS2 presents several challenges, and Marck provides insight into them: “One of the main challenges is assessing the risks to your organization. You need to evaluate what would happen if a hacker gained access to certain information. Based on this risk assessment, you can determine the appropriate measures to put in place. DataDiodes are extremely secure, but they are not a one-size-fits-all solution. DataDiodes are excellent for high-security needs, but may not be suitable for scenarios requiring two-way communication. In such cases, other solutions like firewalls may be more appropriate.”

Practical examples

Marck provides practical examples of how DataDiodes can be utilized to meet NIS2 requirements. “Another aspect of NIS2 is business continuity. If you’re hacked, how can you recover as quickly as possible? You can achieve this through backups. The assumption here is that your backups are secure. How can you ensure their security? By placing them behind a DataDiode. This means having backups of your backups placed behind the DataDiode, making them inaccessible to hackers. Another example is that if you are hacked, there are usually symptoms. We see that many clients log all their information—what’s happening, who’s logging in, which processes are running, and there are various tools for this. But all these tools want to send their log information to a central point. You don’t want a hacker to have access to that central point. So, what our clients do, is place all log information behind a DataDiode. This way, the confidentiality of the log information is guaranteed, and no one else can access it.”

Conclusion

To wrap up, Marck shares some tips for organizations seeking to comply with NIS2. He advises: “Identify where your sensitive information is located and implement measures to protect it. Segment your network and ensure that there are adequate safeguards between these segments. Don’t opt for convenience over security; prioritize safeguarding your systems. It’s not a question if hackers will attack your defenses, but when. Be proactive in your security measures to stay ahead of potential breaches.”

Want to learn more? Join us for an insightful webinar on the new NIS2 Directive and the crucial role of network segmentation on November 7th at 15:00. Together with member of the European Parliament Bart Groothuis, we will discuss:

  • What does the NIS2 Directive mean for your organization, and why is it important?
  • How does network segmentation enhance your security in line with NIS2 requirements?
  • What are the risks if your organization fails to comply with the NIS2 Directive?
  • What benefits does implementing the NIS2 Directive bring to your organization?
  • What initial steps should your organization take to comply with NIS2 and effectively implement segmentation?

To register, click here.