The impact of NIS 2 on the Swedish energy sector: A qualitative interview study about the greatest changes and challenges faced when implementing NIS 2
2024 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE credits
Student thesis
Abstract [en]
Society is becoming increasingly digitalized and interconnected. This includes the infrastructure and systems that help operate society’s functions. One of the most integral services in our societyis the distribution of power and electricity. Power distribution is confined within the energy sector and is one of several sectors deemed essential for society by the EU. The EU is therefore actively trying to increase the level of cybersecurity within these sectors. The NIS-directive was tried in 2016 but failed to meet expectations. Trying again, the EU released the NIS 2 directive which comes into power at the start of the next year. This study aims to get an early look at the impacts NIS 2 is having on the Swedish energy sector.
The aim of the study is being pursued using a qualitative approach where experiences and perceptions from security professionals are being gathered through semi-structured interviews. In total, 10 informants from different energy companies were interviewed, and their views have been analyzed and presented as the result of this work.
The results found that the biggest organizational change when implementing NIS 2 seems to bean increased focus and involvement from management in information security questions. And the biggest challenge seems to be ensuring supply chain compliance towards NIS 2. Additionally, it seems like small organizations are lacking the resources necessary to address the new requirements under NIS 2.
It is concluded that NIS 2 is having a positive impact on information security work in the Swedish energy sector. Organizations are allocating more resources towards information security management and the level of security seems to be increasing. While NIS 2 seems to be positively received, organizations working with NIS 2 are facing several previously known hurdles of information security management work.
Place, publisher, year, edition, pages
2024. , p. 41, ii
Keywords [en]
NIS 2, information security, energy sector
National Category
Information Systems, Social aspects
Identifiers
URN: urn:nbn:se:his:diva-23964OAI: oai:DiVA.org:his-23964DiVA, id: diva2:1871670
Subject / course
Informationsteknologi
Educational program
Privacy, Information and Cyber Security - Master's Programme 120 ECTS
Supervisors
Examiners
2024-06-172024-06-172024-06-17Bibliographically approved