- Critical services and infrastructure around the world are under attack
- A new bill has been introduced with greater protections for UK organisations
- Regulators will be given stronger powers to punish serious breaches
The UK Government has presented its new Cyber Security and Resilience Bill to Parliament as part of its efforts to overhaul UK cyber defenses for critical infrastructure and services.
The UK, like many other countries, has been on the receiving end of disruptive attacks on vital health services as well as energy and water providers, and the bill looks set to extend Network and Information Systems (NIS) regulations to cover more of the supply chain, including suppliers and digital infrastructure.
This is an important consideration, as the vast majority of recent high-profile and damaging attacks originate from third-party breaches.
A burden on companies
Another facet of the legislation is the mandatory incident reporting to provide better data to the government that helps build a better picture of the cyber landscape and therefore better understand the protections needed.
Regulators will also be given additional powers to ensure that suppliers meet minimum security requirements and close any loopholes that could be exploited by cybercriminals. They can also hand out harsher penalties for serious offences;
“So cutting corners is no longer cheaper than doing the right thing. That’s because businesses providing taxpayer services should ensure they have tough safeguards in place to keep their systems up and running,” the Secretary of State for Science, Innovation and Technology declared.
The new bill requires medium and large companies that provide cyber security, IT governance and IT help desk support to both private and public organizations to carefully report potentially significant cyber incidents to the government and to customers for better transparency – giving companies greater responsibility for protection and recovery.
However, as with any new legislation, this can be a compliance burden for the organizations affected, as it requires a real collective effort to protect public services from threat actors.
“The Cyber Security and Resilience Bill is going to motivate companies to transform how they secure access to critical infrastructure,” explains Ev Kontsevoy, CEO at Teleport.
“Compliance will mean navigating through accumulated audit work, making sense of patchworks of VPNs, shared credentials and SSH keys that never expire.”
The best protection against identity theft for all budgets
