Britain’s most critical industries are being warned to boost cyber security or face hefty fines, as the government acts to protect essential services from cyber attacks.
"We want our essential services and infrastructure to be primed and ready to tackle cyber-attacks and be resilient against major disruption to services," said the current Minister for Digital, Margot James.
In August last year, it was mentioned by the former Minister of Digital Matt Hancock, that a new government directive is being considered, that will allow regulators to inspect the Cyber Security status of companies.
More specifically, it was said that companies in the Energy, Transport, Water and Health sectors, are expected to have "the most robust safeguards".
The new regulations come less than a week after UK defence secretary Gavin Williamson warned that a successful Russian attack on Britain's energy network would cause "total chaos" and "thousands of deaths".
More specifically, it was said that companies in the Energy, Transport, Water and Health sectors, are expected to have "the most robust safeguards".
The new regulations come less than a week after UK defence secretary Gavin Williamson warned that a successful Russian attack on Britain's energy network would cause "total chaos" and "thousands of deaths".
It was also announced by the government that companies that fail to protect themselves effectively from cyber-attacks will face fines of up to £17 million. The consultation for these penalties has now been completed and guidance for companies working in the relevant sectors has been published by the National Cyber Security Centre (NCSC) under the title "The NIS Guidance Collection".
The detailed guidance on the security measures will help organisations comply and are based around 14 key principles (based on the consultation and government responses), and are aligned with existing cyber security standards.
More specifically, National Cyber Security Centre CEO Ciaran Martin said:
- Our new guidance will give clear advice on what organisations need to do to implement essential cyber security measures.
- Network and information systems give critical support to everyday activities, so it is absolutely vital that they are as secure as possible.
Additionally, Martin warned in an interview with the Guardian that such an attack on the UK's vital infrastructure is inevitable, stating that "it is a matter of when, not if".
The government said the new rules would be effective from 10 May and cover breaches including disruptive ransomware outbreaks, such as the WannaCry attack that hit many NHS facilities in May 2017.
A cyber attack can affect systems that are part of the critical national infrastructure which the UK government and its citizens rely on, like the power grid, the water supply, and last but not least, healthcare.
As it was clearly stated in the press release: "The NIS Directive is an important part of the Government’s five-year £1.9 billion National Cyber Security Strategy to protect the nation from cyber threats and make the UK the safest place to live and work online. It will ensure essential service operators are taking the necessary action to protect their IT systems".
On personal note, this is a significant step forward, that will bring the discussion of Cyber Security and Cyber Risk exposure on the table, especially among decision makers. After all these years working towards protecting mission-critical infrastructures and securing/defending high-value assets of high-profile clients, this directive will finally set the stepping stone for Cyber Security to be taken seriously, and not to be treated as an added risk that can be simply ignored.
Do not hesitate to reach out if you want to share your concerns that possibly apply to a particular industry you are in or across multiple industries, or simply you want to discuss this further.
Follow on Twitter: @drgfragkos
As published on Linkedin here: https://www.linkedin.com/pulse/uk-minister-digital-cybersecurity-grigorios-fragkos/
No comments:
Post a Comment