Emil Bisgaard is a Partner in Poul Schmith/Kammeradvokaten and together with Andreas Estrup Ippolito, Partner in Poul Schmith/Kammeradvokaten, they will give a presentation at the Industrial Security Conference on November 13-15 on the first day of the conference in Danish. Among others, they will talk about NIS2 and give a status and share experiences in the area. In the presentation, the NIS2 rules are summarized, and they will give an idea of how the task can be approached in the light of what we know and what we don’t know about the future of the rules.
Read an interview with Emil prior the conference here.
What is your background? And how do you work with industrial security on a daily basis?
I have a master’s degree in business law, and have been working as a commercial law consultant at Poul Schmit/Kammeradvokaten for 12 years with IT and infrastructure projects. My work with industrial security is related to critical infrastructure projects where I assist clients with matters within cybersecurity, regulation, and contracts.
What do you see as the biggest opportunities and challenges in connection with cyber- and industrial security?
One of the biggest challenges from my point of view is probably the historic and technical (and organizational) gap between OT and IT and the fact that legislation such as NIS2 doesn’t really distinguish between OT and IT. From a legal standpoint the two domains are subject to the same overall legal requirements, but many organizations have very different approaches to security in IT and OT – and for good reasons!
Nevertheless, at this point we need to build some bridges and take great care of the communication when we talk about the legal requirements for cyber security in the industry. Another challenge is the diversity of the “industry” and the utilities sector where the extent of digitalization and maturity of cyber security has great variations. This means that many organizations have very different starting points when it comes to cyber security and the work with compliance with regulation in the cyber security domain.
When looking forward just 5-10 years, what do you think will be different within security?
I expect exponentially higher complexity among other things as a result of much, much more application of cloud services, IoT and an almost completely digitalized industry.
What are your own expectations for the conference? And which keynotes are you looking forward to hearing?
I expect great networking opportunities and exchange of experiences. If I must choose just one keynote it must be The Danish Energy Agency’s presentation on the creation of a safety forum for OT.
What will your keynote be about, and which learnings are you hoping the participants take with them?
The keynote is about NIS2 and the implications for the industry and the critical infrastructure in Denmark. It’s a very special time because we know the NIS2-directive (most of) the application area of the rules, the minimum-security requirements, the sanctions and not least the deadline for compliance with the Danish NIS2-rules on 18 October 2014 – but we don’t know the actual Danish NIS2-rules yet. Regardless, as time is running out, we must find appropriate ways of moving forward with the work on NIS2-compliance based on what we know at this point.
Do you want to hear more from Emil Bisgaard on NIS2-directive?
Join the international Industrial Security Conference 13-15 November to hear an interesting presentation with Emil Bisgaard on the NIS2-directive and the implications. Read more and sign up for the conference here.