Ask any security professional what recent legislation is going to have the biggest impact on cybersecurity in short term future and the likely answer will be GDPR.

GDPR foreshadows a sea change in our approach to data protection and privacy. But another major EU directive is incoming – the Security of Network and Information Systems (NIS).

While GDPR concerns the protection of personal information, NIS focuses on the security and cyber resilience of critical national infrastructure operators. 

The NIS directive is expected to carry a similar penalty regime to the GDPR, which perhaps makes it surprising there hasn't been more focus on it until now.

The government has opened a consultation on the plans for implementation of the NIS directive in the UK and seeks views from interested parties. 

The consultation document itself makes an interesting read, and among other things calls out the ongoing need for both security monitoring and anomaly detection as a key part of ensuring that defences remain effective.