Machine Data and the NIS-Directive: Thinking Bigger and Wider | Splunk

I recently presented at Cyber Tech Europe and took part in a thought-provoking panel discussion, chaired by Professor Michele Colajanni, on the Network Information Security Directive (NIS-D) and how to protect essential services. We talked through many areas and ideas, but one point I was keen to share was how investment in GDPR compliance could be reused.

Now I’m confident that everyone is familiar with GDPR, however, another piece of significant EU legislation that has had less attention, but is equally important, is the Directive on Security of Network and Information Systems (“NIS Directive” or “NIS-D”). The NIS-D was transposed into EU member states law on May 10th 2018. While GDPR focuses on the rights and obligations associated with the use of personal data, the NIS-D focuses on the security of networks and systems. Fundamentally, it looks to boost the overall level of cybersecurity in the EU for operators of essential services (OES).

Machine data is one of the most underused and undervalued assets of any organization. If you are an OES or DSP then you are probably generating a lot of it and have invested heavily in GDPR compliance already. However, wouldn’t it be ideal if you could re-use your machine data related GDPR compliance work, or event use machine data to transform your service?

Whilst NIS-D and GDPR focus on different risks, there are many overlapping requirements which allow you to repurpose the GDPR investments for NIS-D. Here are some areas where your GDPR investments may aid NIS-D compliance:

Prepare for ‘that’ event: Incident notification (Article 14) for operators of essential services

Like the GDPR, under NIS-D, organisations that qualify as essential service providers are required to notify the relevant national CSIRT “without undue delay” of incidents that have a significant impact on the continuity of the essential services they provide. This means outages, not just security incidents, are in scope. To determine the impact of an incident (outage or security) you need to consider:

●      the number of users affected by the disruption of the essential services

●      the duration of the incident

●      the geographical spread with regard to the area affected by the incident

Machine data contains key insights that when sent to Splunk can help you answer these questions in real time, help you rapidly troubleshoot the root cause of an outage or a security incident, and scope its impact.

Be Proactive: Security requirements (Article 16) for operators of essential services

Similar to the GDPR, NIS-D needs “digital service providers to identify and take appropriate and proportionate technical and organisational measures”, to manage and limit security risks. Proper incident handling and security monitoring is specifically called out. This means that you can re-use the machine data you collect, and store for security investigations and troubleshooting to add a monitoring layer to your IT network and systems.

You can split your machine data into two views. First, a view that provides end-to-end operational visibility of your IT networks and systems performance, helping ensure your service is running optimally and no outages occur. Second, a view into your IT security monitoring, helping ensure your service is secure, and vulnerabilities are detected quickly.

Utilise that GDPR investment and harness your machine data!

Splunk can help ­­­­you be GDPR compliant and also help with the risks NIS-D has been created to address. We can also help make your organisation more efficient and perhaps find new ways to utilise the vast amount of unharnessed machine data that typical Operators of Essential Services create. Here are some examples of how we have aided clients in OES related sectors:

So, a GDPR related investment in Splunk may address some of your NIS-D requirements as well. Better utilising your machine data may also improve physical security, customer satisfaction and safety. Reuse of investment is key but, let’s also think bigger and wider when it comes to security legislation compliance.

Thanks for reading, 


Gordon Morrison
Posted by

Gordon Morrison

I've tallied up 25+ years experience in the UK public sector and spent the early part of my career as an engineer and scientist in the Ministry of Defence, but subsequently worked in technical and senior management roles in the UK tech industry, mainly on National Security, Cyber and Defence programmes.