In chess, beginners often try to calculate every move, just like in movies: If I play this, my opponent will do that, then I’ll respond with this. But the board is too complex. You can’t anticipate every possibility. The winning approach is to take a step back and see the bigger picture: what strategy is my opponent unfolding? what do they want to achieve? how to move forward without exposing myself?
NIS2 bring the same philosophy in cybersecurity. It’s an obligation to consider information systems as complete, interconnected ecosystems that extend far beyond the walls of your organization. At the heart of this ecosystem lies sensitive information, whose disclosure to unauthorized parties, alteration, or unavailability could compromise the achievement of your organization’s objectives. In this article we’ll explore the different types of sensitive environments targeted by NIS2, and we’ll show why NIS2 compliance is not about reacting to every move but about mastering the whole board.
The King’s Crown: Restricted information and the Absolute Priority of Protection
In chess, the king is not the most agile piece, nor the most powerful, but it is the one that decides the game. Everything revolves around its survival. Restricted systems (or SI DR in French, where DR means “Diffusion Restreinte”) play the same role in cybersecurity. They are the crown jewels: projects tied to national security, defense, or highly sensitive operations where compromise would have consequences far beyond financial loss. If these systems fall, the impact is existential, affecting sovereignty, strategic assets, and public trust.
Unlike other systems, Restricted environments demand a fortress-like approach. They are often isolated and governed by strict access controls. But isolation alone is not enough. The complexity of modern supply chains means that even the most protected systems can be exposed through weak links: contractors, temporary access, or overlooked dependencies. Under NIS2, these projects require not only technical hardening but also contractual rigor, continuous monitoring, and a culture of discretion. In chess, the king moves slowly, but every piece on the board exists to shield it. In cybersecurity, the same principle applies: every policy, every control, every audit should serve one purpose: to keep the king standing.
The Queen’s Power: Sysadmins and the Reach of Privilege
The queen is the most powerful piece on the board, able to move in any direction and dominate vast spaces. Sysadmins hold a similar position in the digital realm. With broad privileges and access to critical systems, they can configure, create, and destroy. This power is essential for keeping infrastructures running, but it also makes sysadmin accounts the ultimate prize for attackers. A single compromised credential can open the entire chessboard: servers, networks, cloud environments, identity systems, and backups.
The danger lies in the queen’s freedom. Without strict controls, a sysadmin can become an accidental vulnerability or a deliberate attack vector. NIS2 raises the stakes by imposing obligations on identity management, privileged access, and accountability. Protecting the queen means enforcing multi-factor authentication, using privileged access workstations, and monitoring every move with precision. In chess, the queen wins games when used wisely; in cybersecurity, the same is true. Power without control is chaos and in a world of escalating threats, chaos is what attackers count on.
The Rook’s March: Industrial Operators and the Straight Path to Disruption
The rook moves in straight lines, advancing relentlessly across the board. In the world of industrial operations, this mirrors the logic of production chains: linear, interconnected, and highly dependent on continuity. When a rook is blocked, its progress halts completely. The same is true for factories, assembly lines, and critical infrastructures. A single interruption can ripple through an entire ecosystem, stopping not only the flagship manufacturer but also the network of suppliers and subcontractors that depend on it.
Recent attacks have shown how devastating this can be. When Jaguar Land Rover was hit by a cyberattack, production stopped for weeks, shaking the UK economy and disrupting countless smaller businesses. Similarly, Asahi’s ransomware incident forced the company to revert to paper and fax for months, illustrating how fragile digitalized processes have become. These events underline a simple truth: attackers know that breaking the chain is the fastest way to destabilize an industry or extract ransom.
Under NIS2, the obligation is clear: protect the straight path. That means ensuring the integrity and availability of industrial control systems, segmenting networks to prevent lateral movement, and preparing for the worst with tested recovery plans. In chess, a rook dominates when its path is clear; in cybersecurity, the same principle applies. Visibility, resilience, and readiness are what keep the rook moving forward and prevent attackers from turning your strongest piece into your greatest vulnerability.
The Bishop’s Diagonal: Distributed Networks and the Hidden Angles of Risk
The bishop moves diagonally, cutting across the board in ways that are less obvious than the rook’s straight march. This diagonal movement reflects the complexity of distributed networks — water treatment plants, waste management systems, and other essential services spread across regions. These infrastructures operate through a web of interconnected sites, often managed remotely through remote control systems. At first glance, the path seems clear, but the angles hide vulnerabilities: isolated workstations, outdated software, and fragmented IT practices across multiple agencies.
When these weaknesses align, attackers can strike from unexpected directions. A single exposed interface in a remote station can become the entry point to disrupt water distribution, alter chemical treatment processes, or compromise billing systems. The consequences are immediate and tangible: public health risks, environmental damage, and economic paralysis. In a world where industrial systems are increasingly digitalized and data-driven, the fear of interruption is no longer hypothetical, it is a daily reality.
NIS2 brings these diagonal threats into focus. Compliance means more than ticking boxes; it requires securing remote-controlled systems, enforcing consistent patching even on isolated sites, and building resilience into every link of the network. Like a bishop, these infrastructures cover vast spaces with subtle moves. To protect them, organizations must anticipate the hidden angles, strengthen coordination between regional teams, and ensure that every node — no matter how remote — is part of a unified defense. In chess, a bishop dominates when the diagonals are clear; in cybersecurity, clarity comes from visibility, governance, and relentless attention to detail.
The Knight’s Move: Developer Workstations — Fast, Agile, and Risky
In chess, the knight moves in an L-shape, leaping over other pieces to reach unexpected positions. Developer workstations share this same disruptive potential in cybersecurity. Developers often enjoy a level of autonomy that allows them to move quickly and innovate, but this agility comes at a cost. Elevated privileges, custom tools, and access to multiple environments make these workstations a tempting target. When compromised, they can bypass traditional defenses just like a knight jumping over pawns, opening a direct path to source code repositories, CI/CD pipelines, and even production systems.
The strategic impact of such a breach is enormous. Developer environments frequently hold sensitive assets: intellectual property, API tokens, encryption keys, and sometimes credentials for critical infrastructure. A single intrusion can poison the software supply chain, inject malicious code, or expose confidential data. Under NIS2, these risks are not theoretical; they fall squarely under obligations for secure development practices and supply chain resilience. Protecting developer workstations means rethinking autonomy and speed, ensuring that flexibility does not become a shortcut for attackers. Strong identity controls, environment segregation, and vigilant monitoring are essential to keep the knight’s power on your side of the board.
Conclusion: Playing the Whole Board for NIS2 Compliance
In this article, the sequence of sections mirrors a winning chess strategy. You start by protecting the King: your systems marked with Restricted Distribution. Next, you control the sysadmins, whose power can dominate or destroy the board if compromised, just like the Queen. Then you secure the Rooks, representing industrial operators and the straight paths of production chains, before addressing the Bishops, those hidden angles in distributed networks. Finally, you anticipate the developers (the Knights) whose unpredictable moves can open unexpected risks. This progression reflects the essence of NIS2: prioritize what is critical, control privilege, ensure continuity, and then tackle complexity and agility.
Our solution is designed to help you achieve this strategy by combining compliance and usability. It enables full isolation of multiple environments on a single PC to separate, as recommended by NIS2, production, development, and administrative networks.
