- Critical services and infrastructure around the world are under attack
- New bill introduced with greater protections for UK organizations
- Regulators will have stronger powers to sanction serious violations
The UK Government has introduced its new Cybersecurity and Resilience Bill to Parliament as part of its efforts to rethink UK cyber defenses for critical infrastructure and services.
The UK, like many other countries, has been the target of disruptive attacks on vital health services as well as energy and water suppliers, and the Bill aims to extend Network and Information Systems (NIS) regulation to cover more of the supply chain, including suppliers and digital infrastructure.
This is a critical consideration because the vast majority of recent high-profile and damaging attacks come from third-party breaches.
A responsibility for businesses
Another aspect of the legislation is mandatory incident reporting to provide better data to the government, helping to build a better picture of the cyber landscape and therefore better understand the protections needed.
Regulators will also have additional powers to ensure providers impose minimum security requirements and close any loopholes that could be exploited by cybercriminals. They can also impose harsher sanctions in cases of serious violations;
“It is therefore no longer cheaper to save money than to do the right thing. Indeed, companies providing services to taxpayers must ensure that they have strong protections in place to keep their systems operational,” said the Secretary of State for Science, Innovation and Technology.
The new bill requires mid-sized and large businesses that provide cybersecurity, IT management, and IT support services to private and public organizations to vigilantly report potentially significant cyber incidents to the government and customers for better transparency – giving businesses greater responsibility for protection and recovery.
But, as with any new legislation, this could pose a compliance burden for affected organizations, as it requires a real collective effort to protect public services from threat actors.
“The Cybersecurity and Resilience Bill will motivate companies to transform the way they secure access to critical infrastructure,” explains Ev Kontsevoy, CEO of Teleport.
“Compliance will require navigating the accumulated audit work, making sense of the patchworks of VPNs, shared credentials and SSH keys that never expire. »
The best identity theft protection for every budget
