The year 2024 will see several cybersecurity regulations and laws coming into effect – some of them are completely new (e.g. DORA), and some of them are new versions of older regulations (e.g. NIS2 or NIST 2.0). All of them placing new demands on private as well as public organizations, which will seriously affect the cybersecurity landscape.
Let’s look at the impact of new and updated cybersecurity regulations in 2024.
Contents
Network and Information Security Directive 2.0 (NIS2)
Digital Operational Resilience Act (DORA)
NIST Cyber Security Framework 2.0 (NIST 2.0)
The US government memorandums on PQC and Zero Trust cybersecurity
How to tackle cybersecurity regulations
Network and Information Security Directive 2.0 (NIS2)
The original NIS Directive came into force in 2016. In 2024, it’s getting a major update that will be in effect starting October 17, 2024. After that date, your organization can be sanctioned for non-compliance.
The expanded NIS2 Directive is the EU’s response to the COVID-19 pandemic and the newly evolved cyberattack landscape. It affects primarily EU organizations tagged as “sectors of high criticality” and “essential services”, including:
- Governmental organizations
- Non-profits
- Banking and financial institutions
- Healthcare organizations
- Critical infrastructure (e.g. transportation, energy, water supply)
- Manufacturing (e.g. food production and manufacturing, critical products like medical devices, computers, or machinery)
- Digital infrastructure and digital service providers
Browse the full list of affected industries here >>>
Note that the NIS2 Directive also affects non-EU organizations that operate in the EU.
Digital Operational Resilience Act (DORA)
DORA is an EU regulation that won’t be in effect during 2024, but organizations still need to prepare for it as it will be applied from January 17, 2025.
DORA aims to improve the operational resilience and cybersecurity of financial institutions, including banks, insurance companies, investment firms, payment service providers, and other entities engaged in financial services.
The focus is on areas such as risk management, third-party risk management, incident management and reporting, testing of resilience and security setups, and information sharing between institutions.
Read more about the focus areas here >>>
NIST Cyber Security Framework 2.0 (NIST 2.0)
This is an update to the original NIST Framework which was published in 2014 and focused only on critical infrastructure. The NIST 2.0 Framework has a much wider audience – in fact, it aims to help all organizations improve their cybersecurity posture and reduce related risks.
Even though the Framework is a voluntary regulation, it is widely used as it provides companies with concrete guidance and step-by-step instructions on how to better their security.
NIST 2.0 was published on February 26, 2024, and you can find the full document here >>>
The US government memorandums on PQC and Zero Trust cybersecurity
The US government is also making crucial moves in the cybersecurity field. In 2022, the Executive Office of the President published two memorandums, outlining the migration to Post-Quantum Cryptography (PQC) and Zero Trust cybersecurity principles.
This year, federal agencies face the first important deadline – September 30, 2024. By that date, they must have Zero Trust architecture in place.
The migration to PQC is primarily informed by the NIST PQC standardization process, which started in 2016. And the National Institute of Standards and Technology (NIST) currently aims to release the first standards during 2024, which means that US governmental and federal agencies are kept on their toes, waiting for the latest updates and deadlines.
Tackle cybersecurity regulations with the help of experts from SSH Communications Security
Cybersecurity regulations and laws are nothing new to the experts at SSH Communications Security. In fact, we helped to develop several of them – as the inventors of the Secure Shell protocol, we stood at the forefront of inventing secure internet as we know it today.
We offer a comprehensive risk assessment and professional services that will help you achieve compliance and stay compliant.
Learn more about our SSH Risk Assessment >>>
Browse the variety of professional services we offer >>>