The Impact of the NIS2 Directive on the Cybersecurity of Finland's Transportation Sector

Abstract

Sharing threat intelligence among stakeholders is crucial for a coordinated response to cyber threats. The updated cybersecurity directive of the European Union (NIS2) promotes collaboration and information sharing to strengthen cybersecurity across critical sectors, including transportation. This paper aims to examine how the NIS2 Directive has influenced the cybersecurity of Finland’s transportation sector. Qualitative methods, including a literature review, semi-structured interviews, and thematic and comparative analyses, were employed. The study focuses on the perspectives of key Finnish railway cybersecurity actors regarding the impact of the NIS2 directive and current practices. The results reveal variations in the implementation challenges and strengths among organizations, with a unanimous emphasis on risk management. Development suggestions include standardizing incident reporting processes, creating uniform guidelines, increasing cybersecurity expertise, and enhancing collaboration among national actors.