Operators of Essential Services

Security solutions for critical infrastructure run by OESs, EEs, IEs

Because their information systems are extremely sensitive in the European Union, Stormshield assists Operators of Essential Services (OESs) and the future essential entities (EEs) & important entities (IEs) in securing their information systems and achieving cyber compliance.

What does cybersecurity compliance for Operators of Essential Services entail?

In addition to the cybersecurity measures for operators of vital importance (OIVs), introduced by the French military planning law (LPM) in 2013, the European Union has defined Operators of Essential Services (OESs) and established recommendations to ensure their compliance.

The NIS Directive will be followed by the NIS2 Directive, adopted in January 2023 and due to come into force in Europe by October 2024 at the latest.

Why secure OESs’ critical infrastructure?

OESs, EEs and IEs are defined by the European Union as actors providing an “essential” service, the disruption of which would have a significant impact on the functioning of the economy or society of any EU country. They therefore have sensitive and critical infrastructures that require protection at all costs.

What does the NIS2 Directive say?

The European Union and the European Network and Information Security Agency (ENISA) defined the concept of an OES in the Network and Information Security (NIS) Directive of 2016. Having entered into force in France in 2018, it aims to ensure the same high level of security of networks and information systems throughout the EU. With NIS2, the scope of these regulated operators will be divided into two types of players: essential entities (EEs) and important entities (IEs).

The second version of the directive defines 18 sectors affected, divided into critical and highly critical sectors. There are 11 highly critical sectors: energy (electricity, heat and cooling networks, oil, gas, hydrogen), transport (air, rail, water and road transport), the banking sector, financial market infrastructures, health, drinking water, wastewater, digital infrastructure, ICT service management, public administration and space. Meanwhile, there are nine critical sectors: postal and shipping services, waste management, manufacture, production and distribution of chemical products, production, processing and distribution of foodstuff, manufacture (manufacture of medical devices, IT, electronic and optical products, electrical equipment, machines and equipment, automotive vehicles and other transport equipment), digital suppliers and research.

Delving further into the description, a list of entities is stipulated in the European directive, corresponding to business activities. The size of the entity is also one aspect to take into account with the NIS2 directive, as the number of employees (greater than or equal to 50) or the revenue (or annual balance sheet, greater than or equal to €10 million) are also selection criteria.

Make the European choice with Stormshield

Stormshield supports OSEs, EEs and EIs in the deployment of a protection system for their critical and sensitive infrastructures via several complementary and reliable solutions. Stormshield Network Security (SNS) firewalls are regularly qualified by the ANSSI, attesting to both the robustness of these products and their trustworthiness. The Stormshield Endpoint Security (SES) endpoint protection solution has been developed to the highest standards on the market. Stormshield Data Security (SDS) data encryption solutions are based on technology certified to the highest European standards.

The Stormshield Network Security (SNS) range of firewalls is based on trust, transparency, robustness and compliance with European legislation. For the protection of sensitive IoT networks, use the only industrial firewalls qualified by the French agency ANSSI: the SNi40 and SNi20. A guarantee of robustness and confidence.

The Stormshield Endpoint Security (SES) solution is developed in accordance with the highest levels of certification in the market (Common Criteria, ANSSI qualification). With the application control and endpoint hardening offered by the solution, you can comply with the most stringent security measures.

Finally, the Stormshield Data Security (SDS) encryption solution is based on technology certified at the highest European level. It guarantees appropriate protection for all your organisation's strategic, sensitive and critical data.

Products qualified by France and Spain

The SNS range of firewalls, developed in France, guarantees the security of OSEs’ networks, in compliance with the highest level of European cybersecurity requirements. In France, it forms part of a continuous qualification and certification process with the ANSSI. In Spain, it also enjoys the twofold recognition of the certification body of the National Cryptology Centre (Centro Criptológico Nacional, CCN) in Spain, as qualified and approved products.

With Stormshield, you’re working with a European player with a reputation for creating trusted cyber security.

A decision to choose Stormshield means a vote for the image we reflect in terms of European, human and technical values, but also what we reflect in terms of legitimacy and trust.

Pierre-Yves Hentzen
CEO Stormshield

Contact Stormshield teams

Do you have any other needs, or questions about your company’s compliance with ENISA’s European standards?