In today’s digital landscape, staying informed about key cybersecurity regulations and frameworks is essential. In this Q&A, we’ll break down some commonly referenced cybersecurity terms, explaining their significance and relevance to companies in Europe, including the NIS2 Directive, CVE (Common Vulnerabilities and Exposures), and the NDAA (National Defense Authorization Act).
What is the NIS2 Directive?
The NIS2 Directive is a new cybersecurity framework introduced by the European Union, replacing the 2016 NIS1 Directive. Its primary goal is to strengthen the collective cybersecurity across EU Member States. This updated regulation focuses on enhancing cybersecurity enforcement, fostering cooperation among cybersecurity authorities, securing supply chains, and streamlining reporting processes.
What are the key changes introduced by NIS2?
NIS2 introduces several significant changes aimed at improving cybersecurity resilience across critical infrastructure sectors in the EU:
- Stricter enforcement: NIS2 increases cybersecurity enforcement requirements and sets higher standards for compliance across sectors.
- Improved collaboration: It strengthens cooperation between cybersecurity authorities within and between EU Member States, ensuring a more coordinated approach to combating cyber threats.
- Supply chain security: A new emphasis is placed on ensuring the cybersecurity of supply chains, as vulnerabilities in this area can have far-reaching consequences.
- Reporting requirements: The directive aims to simplify and harmonize reporting obligations, making it easier for organizations to manage incidents and comply with the law.
How is Hikvision responding to NIS2?
As a global leader in the security industry, Hikvision is committed to maintaining high cybersecurity standards. Hikvision has released a quick guide to the NIS2 Directive, providing insights into the main changes introduced by the framework. Hikvision is also adapting to ensure compliance with NIS2 and sharing best practices to help others in the industry navigate these new requirements.
What is CVE and why is it important?
CVE, which stands for Common Vulnerabilities and Exposures, is a globally recognized database for tracking publicly disclosed cybersecurity vulnerabilities. Managed by the CVE Program, this system standardizes the identification of vulnerabilities, making it easier for cybersecurity professionals to track and address weaknesses in software and hardware systems.
How does CVE benefit cybersecurity efforts?
CVE is crucial in enhancing cybersecurity by:
- Standardizing vulnerability identification: This ensures that vulnerabilities are named consistently across different tools and platforms, which simplifies the tracking and management process.
- Enabling faster response: By identifying vulnerabilities early, cybersecurity tools such as vulnerability scanners and intrusion detection systems can alert professionals before attackers exploit weaknesses.
- Promoting transparency: Publicly disclosing vulnerabilities ensures that organizations are aware of potential risks and can take action to protect their systems.
How is Hikvision actively contributing to the CVE Program?
In February 2018, Hikvision was announced as a CVE Numbering Authority (CNA), along with Facebook. This means Hikvision is now part of the network of partners that can identify and assign CVE numbers to cybersecurity vulnerabilities. CNAs play an essential role in managing the CVE database by ensuring that vulnerabilities are accurately tracked and publicly disclosed.
What is the NDAA, and why is it mostly NOT relevant to companies in Europe?
The National Defense Authorization Act (NDAA) is a U.S. federal law that, among other things, prohibits federal agencies from purchasing products from certain companies identified by the U.S. Department of Defense. The scope of the NDAA is limited to federal procurement, contracts, and projects using U.S. federal grant or loan funds.
Does the NDAA apply to businesses in Europe?
No, the NDAA primarily impacts businesses that sell products directly to U.S. federal government agencies. It does not apply to state or local governments or companies outside the U.S. unless they are directly contracting with federal agencies. While you may often see claims about "NDAA-compliant" products, this is more of a marketing term and can be misleading in terms of relevance to companies in Europe. The scope of the NDAA is limited to U.S. federal procurement only.
How does Hikvision navigate NDAA regulations?
Hikvision remains focused on delivering high-quality products and services to its global partners, including those in over 150 countries and regions. While the NDAA does not affect Hikvision’s business outside the U.S. federal government sector, we are committed to keeping our partners informed about relevant regulations and ensuring that our operations comply with local and international laws.
Over the past several years, Hikvision has prioritized and invested significant resources into expanding its cybersecurity efforts. Hikvision products meet internationally recognized industry standards for safety and security and was one of the first in the industry to establish a more secure activation process by requiring users to set password at the time of first use. Adding another layer of security.
What is Hikvision’s long-term commitment to Cybersecurity?
In an era where cyber threats are becoming increasingly sophisticated, Hikvision understands the critical importance of cybersecurity in safeguarding the whole AIoT systems. As a global leader in security solutions, Hikvision is fully committed to ensuring that its products and solutions incorporate advanced security measures to help users minimize the risk of cyber-attacks.
With cybersecurity at the forefront of our mission, Hikvision continuously designs, develops, and manufactures products that are not only cybersafely protecting users’ sensitive information, but also ensuring compliance with international data protection regulations and standards. Learn more in our newly released Cybersecurity whitepaper.