Bill introduced to bolster cyber security

(by Karma Loveday)

The Government is to strengthen the cyber protections of essential industries via the Cyber Security and Resilience Bill, which the Department of Science, Innovation and Technology (DSIT) introduced to Parliament last week.

The Bill contains three pillars of reform to the existing Network and Information Systems (NIS) Regulations 2018, which cover drinking water, energy, transport, health and digital industries:

• Regulation – The Bill aims to drive a more consistent and effective regime between the 12 regulators in play, via expanded and more timely reporting of harmful cyber attacks; a stronger mechanism for Government to set priority outcomes for regulators to work to; and a fuller toolkit for sharing information, recovering costs and enforcement.

• Resilience – The Government will gain powers to make changes to the regime via secondary legislation to improve its agility, and will be able to direct regulators or regulated entities to take targeted and proportionate action in response to imminent threats that risk UK national security.

• Scope – The NIS Regulations will be expanded to also cover new areas such as data centres. 

DSIT said: “At their hardest edge, cyber attacks can lead to unsafe drinking water, no electricity, hospitals unable to access digital patient records, and businesses unable to access their systems. This is what we must defend against. This is not a hypothetical risk, but something playing out every day across our infrastructure and economy… Yet as the threat has grown more intense, frequent, and sophisticated, our defences have become comparatively weaker. The UK’s only cross-sector cyber legislation (the NIS Regulations) – which protects UK essential and digital services – is out of date and insufficient to tackle the threats we face.”