Netnod comments on the NIS Directive

On 8 August 2017, Netnod sent a response to the Swedish Government related to the proposed implementation of the EU Directive on Security of Network and Information Systems (NIS) in Sweden.

Details of the proposed implementation including a link to Netnod's response in Swedish can be found below. The following is a summary of Netnod’s main comments:

  • Organisations that provide Internet Exchange Points (IXPs) in Sweden are already subject to existing laws on Electronic Communications and processes for incident reporting and operational safety. These organisations should thus be exempt from the NIS directive. In addition, the boundaries between the proposed implementation of the NIS directive and existing laws, such as those related to secrecy, security and reporting, need to be more clearly defined.
  • The Swedish Post and Telecom Authority (PTS) should be responsible for the operational function and activities of the Computer Security Incident Response Team (CSIRT). The PTS should report to the Swedish Civil Contingencies Agency (MSB), with the MSB taking the role of contact point for managing, planning and coordination. The CSIRT must have the resources and competence to deliver high-quality reports.
  • There needs to be more clarity over key definitions in the text. Definitions of “DNS services” need to be more specific as do the specified boundaries between Top-Level Domain registries and registrars.

Netnod full answer available below in pdf-format.

Tags
News
Policy
Internet Governance
Cybersecurity
Netnod comments
NIS-directive
Full comments in pdf-format