Netnod comments on the NIS Directive

On 8 August 2017, Netnod sent a response to the Swedish Government related to the proposed implementation of the EU Directive on Security of Network and Information Systems (NIS) in Sweden.

Details of the proposed implementation including a link to Netnod's response in Swedish can be found below. The following is a summary of Netnod’s main comments:

1. Organisations that provide Internet Exchange Points (IXPs) in Sweden are already subject to existing laws on Electronic Communications and processes for incident reporting and operational safety. These organisations should thus be exempt from the NIS directive. In addition, the boundaries between the proposed implementation of the NIS directive and existing laws, such as those related to secrecy, security and reporting, need to be more clearly defined.

2. The Swedish Post and Telecom Authority (PTS) should be responsible for the operational function and activities of the Computer Security Incident Response Team (CSIRT). The PTS should report to the Swedish Civil Contingencies Agency (MSB), with the MSB taking the role of contact point for managing, planning and coordination. The CSIRT must have the resources and competence to deliver high-quality reports.

3. There needs to be more clarity over key definitions in the text. Definitions of “DNS services” need to be more specific as do the specified boundaries between Top-Level Domain registries and registrars.

------

Netnod har den 8 augusti 2017 skickat in remissvar gällande NIS-direktivet till Sveriges regering.

Netnod har skickat in synpunkter på Betänkandet Informationssäkerhet för samhällsviktiga och digitala tjänster (SOU 2017:36), dvs förslaget på implementation av det s.k. NIS-Direktivet (2016/1148) i Sverige.

Läs Netnods remissvar här.