Tighter cybersecurity legislation looms for logistics firms… but Simacan is ready for it
Later this year, the NIS2 directive will come into force, requiring companies in essential sectors to meet stricter requirements related to information security. So what does this mean for Simacan users? What action must they take themselves, and what can they expect from us? We provide an overview in this blog.
To protect society from severe disruptions, governments have put legislation in place requiring organisations to take care of cybersecurity. The existing laws relating to ‘digital resilience’ are set to be further tightened by the upcoming European Network and Information Security Directive 2 (NIS2).
From the end of this year, this will require large organisations within essential sectors – such as energy, healthcare and the food industry – to protect their data and IT systems even more effectively. They must register with the supervisory body and must subsequently report any cyber incidents that occur. Failure to comply can result in a fine of up to 2% of their annual turnover...
Supply chain vulnerability
NIS2 identifies transport as one of the essential sectors: “Any major interruption in it could cause destructive ripple effects throughout society”. The supply chain consists of numerous interconnected links. These include various processes from many different systems, ranging from older, poorly secured systems to new, state-of-the-art systems with robust security. This diversity of systems creates operational vulnerabilities to cybercrime. The saying ‘You are only as strong as the weakest link’ certainly holds true here, and the high number of links further increases the vulnerability. This is particularly critical in transport operations during which privacy-sensitive and competition-sensitive information is often exchanged that must not be allowed to fall into the wrong hands.
Companies must be able to trust that supply chain partners will handle their data carefully and that it will not be compromised – whether accidentally or on purpose. Consumers who order something online provide their address, contact details and bank details in good faith. Data availability, confidentiality and integrity are all important cornerstones for a healthy logistics business. At Simacan, we applaud the fact that NIS2 will intensify the focus on this. But what is our role, exactly?
Cybersecurity demands
Customers use Simacan’s SaaS platform to optimise their transport operations, manage daily trips and facilitate stakeholder communication. In that sense, Simacan plays a pivotal role in what the government regards as an essential sector. The data shared by our customers through our platform is often confidential, can be privacy-sensitive and must be available in real time. As Simacan, we therefore have a considerable responsibility. Needless to say, we meet the highest cybersecurity requirements expected from a cloud company like ours. Although Simacan is a medium-sized ICT company and therefore does not fall directly within the scope of the NIS2 directive, we nevertheless meet – and in fact go beyond – the requirements outlined in it.
International ISO standards
Simacan is certified in line with the ISO 27001 standard for cybersecurity & privacy. This means that we follow all procedures and take the necessary measures to meet global standards for information security, both for our internal systems and our platform. These measures relate not only to technology (e.g. identity management, encryption, firewalls, etc.), but also to our buildings, our people and our internal organisation. For example, we ensure that our employees receive regular training and updates, that they use access passes, and that they do not leave potentially sensitive information on their desks or on whiteboards.
Data centre redundancy
For our customers, whether carriers or retailers, on-time and reliable transport is a crucial part of the promise to their own customers. The systems used to control their processes and to keep customers informed may never go offline. We guarantee the availability of our platform and data to our customers based on high data centre redundancy, i.e. multiple, continuously synchronised data centres in different locations. As a result, if a calamity occurs at one of the data centres, customers never lose more than one second’s worth of data...
Cybersecurity is ongoing
Cybersecurity is an ongoing task. To maintain our ISO certification, we are audited annually by an authorised body. We also arrange for extensive penetration testing to be performed on our systems each year. Any detected weaknesses are addressed immediately.
In conclusion, large organisations in essential sectors will soon have to comply with a new cybersecurity law. To do so, they must fulfil their duty to register with the supervisory body, their duty to report, and their duty of care. In this context, you don’t need to worry about Simacan and the data entrusted to our platform by our users. When it comes to the availability, integrity, confidentiality and privacy of transport data, you are in good hands with us.