- Critical services and infrastructure around the world are under attack
- A new bill has been introduced with greater protection for UK organisations.
- Regulators will have greater powers to punish serious violations
The UK Government has introduced its new Cyber Security and Resilience Bill to Parliament as part of its efforts to review Britain’s cyber defenses for critical infrastructure and services.
The UK, like many other countries, has been the victim of disruptive attacks on vital health services, as well as energy and water suppliers, and the bill seeks to expand network and information systems (NIS) regulations to cover more of the supply chain, including suppliers and digital infrastructure.
This is a key consideration, as the vast majority of recent high-profile and damaging attacks stem from third-party breaches.
A burden for companies
Another facet of the legislation is mandatory incident reporting to provide better data to the government, helping to create a better picture of the cyber landscape and therefore better understand the necessary protections.
Regulators will also be given additional powers to ensure that providers meet minimum security requirements and close any loopholes that could be exploited by cybercriminals. They can also impose harsher penalties for serious violations;
“Therefore, taking shortcuts is no longer cheaper than doing the right thing. This is because companies providing services to taxpayers must ensure they have strong protections in place to keep their systems up and running,” stated the Secretary of State for Science, Innovation and Technology.
The new bill requires medium and large companies that provide cybersecurity, IT management, and IT help desk support to public and private organizations to carefully report potentially significant cyber incidents to the government and customers for greater transparency, giving companies greater responsibility for protection and recovery.
But, as with every new legislation, this could place a compliance burden on affected organizations as a real collective effort is needed to protect public services from threat actors.
“The Cybersecurity and Resilience Bill will motivate companies to transform the way they protect access to critical infrastructure,” explains Ev Kontsevoy, CEO of Teleport.
“Compliance will mean wading through the backlog of audit work, making sense of VPN tiles, shared credentials, and SSH keys that never expire.”
The best identity theft protection for every budget
