Reference Projects

NIS2 Compliance - Security Classification

for PannErgy Nyrt.

Our client, PannErgy, a leader in geothermal energy production and district heating services in Hungary, required full compliance with the European Union’s NIS2 Directive. As a critical infrastructure provider, PannErgy needed to ensure that its IT systems were classified according to the new cybersecurity regulations to protect essential services from potential cyber threats.

Classify all IT systems and services into appropriate security categories to align with NIS2 requirements. This foundational step supports the development of a comprehensive cybersecurity strategy.

KEY STEPS UNDERTAKEN

1. Initial Assessment and Scope Definition

We conducted a preliminary assessment to map PannErgy’s operational structure and identified all business-critical services, focusing on geothermal energy production and distribution systems in Miskolc, Győr, and Szentlőrinc.

2. Regulatory Framework Application

Leveraging the 2023 Cybersecurity Act and the NIS2 Directive, we developed a tailored classification methodology based on the impact of service disruption on society and the economy.

3. Service and System Inventory Compilation

Comprehensive identification of services and IT systems supporting:

District heating for residential, institutional, and industrial clients.
Real-time control systems (Siemens and Allen Bradley).
Financial and ERP systems for administrative operations.

4. Classification of Information Systems

Data Sensitivity: Evaluated personal, operational, and financial data managed.
Access Control and Authorization: Assessed user roles and permissions.
Technology Safeguards: Reviewed firewalls, encryption, and monitoring.
System Criticality and Downtime Impact: Analised business and societal consequences.

5. Risk-Based Categorization

Basic Security Requirements for systems with minimal societal impact.
Enhanced Security Requirements for significant impact systems.
Critical Security Requirements for core systems where service loss would have severe implication.

Outcome

Deliverables

The project established a robust foundation for Pannergy’s compliance with NIS2, enabling:

Security Classification Report: Documented system roles, risk levels, and assigned security categories.
Impact and Compliance Summary: Provided clear guidance on required technical and procedural upgrades.

Enhanced resilience of critical energy infrastructure.
A clear action roadmap for security gap remediation.

Lessons and Expertise demonstrated

T his reference project highlights Kosa Consult’s expertise in:

A pplying regulatory frameworks (NIS2) to practical business needs.
Conducting detailed risk assessments tailored to client operations.
Providing actionable recommendations for enhanced IT security.

By focusing on both societal and operational impacts, we ensure that clients like PannErgy align seamlessly with evolving cybersecurity standards while maintaining operational continuity.