read
Implementing NIS 2 to Secure Europe’s Green Energy Future
From regulatory compliance to operational resilience – protecting the infrastructure that powers our future.
About the client
One of the world’s largest offshore wind power companies faced a rapidly escalating threat landscape, with incidents like the Baltic Sea cable attacks underscoring the urgent need to enhance their security posture.
Challenge
One of the world's largest offshore wind power companies faced an escalating global threat landscape with Baltic Sea cable attacks demonstrating an increased need of improving security posture. Combining this with the approaching NIS2 directive, as well as CER, the client also needed to improve, align and unify security processes and controls throughout the organisation.
Solution
Netlight participated as Information security experts in a project that began with gap assessments across all business units and resulted in a security baseline solution that was also rolled out to all business units. As a second phase the project did deep dives into each different business units: from trading and engineering to HR and IT, understanding how security challenges manifested differently across the different parts of the organisation.
The assessment covered controls and evaluated effectiveness of practices against NIS2, ISO-27001 and IEC-62443 requirements whilst identifying the gaps that could expose the company to both cyber threats and regulatory penalties.
Working closely with the CISO and a cross-business steering committee, the project developed tailored recommendations for each business unit. Each solution was presented with a clear business case that connected security investments to operational outcome with proper controls. The controls were focused on reducing downtime, prevent costly breaches, minimize regulatory risk, and enable secure operations and provide reliable infrastructure to society.
Impact
Compliance assessment: Assessed conformance with ISO-27001, NIST 800, and IEC-62443 across all 11 business units, addressing hundreds of non-conformities and launching seven strategic projects to close organisation-wide security gaps.
Increased conformance: Increased conformance with ISO-27001, NIST 800, and IEC-62443 in prioritized business units implementing controls covering risk management, incident management, security awareness, 3rd party management, business continuity, physical security.
Regulatory Readiness: Established audit-ready security controls for energy production and trading operations, significantly reducing the risk of €10 million fines under emerging NIS2 and CER regulations.
Strategic Planning: Created plans and business cases for security and business functions that proactively address evolving threats, potentially preventing millions in annual losses from unplanned downtime and security breaches.
Contact
our Cybersecurity experts
What are your ambitions? We want to help you achieve them. Drop us an email and we will get back to you as soon as possible.
OUR STORIES
Explore more stories
Our culture is based on extensive knowledge sharing and the passion to learn from each other. The cross-boundary exchange is the source of our success. Clients profit not only from the skills of one consultant, but the input of 2000 professionals worldwide sharing their knowledge and experience. We call this Edge.
