Government Introduces Measures to Protect Essential Services From Cyber Attack

The Department for Digital, Culture, Media and Sport (DCMS) has released its response to the Consultation on the Security of Network and Information Systems Directive.

The full response to the consultation can be viewed here. Guidance from the National Cyber Security Centre (NCSC) can also be viewed here.

There have been a number of minor changes made to the proposed framework for implementing the Directive, including:

  • The maximum fines for breaches have been capped at £17million;
  • The role of the NCSC is highlighted more clearly, with a clear technical advisory and support role with a separate role to competent authorities;
  • Confirmation of an approach with multiple Competent Authorities overseeing relevant sectors they are familiar with. The ICO will remain the Competent Authority for the digital sector;
  • Further clarity on the definitions of Digital Service Providers (DSPs), particularly in terms of cloud services; and
  • A clearer and more realistic approach to timescales for compliance, with guidance from Government that Competent Authorities should take into account organisations transitioning in the first year.

Talal Rajab, Head of Programme, Cyber and National Security, techUK comments:

‘“It is important that the UK’s critical infrastructure remains resilient to the growing cyber threat. That is why we welcome the robust plan put forward by the Government for the implementation of the Network and Information Systems Directive (NIS Directive).

“More work still needs to be done, particularly with the 10 May deadline looming large, including the need for further details on the resources being made available to the various Competent Authorities and their respective legislative powers. However, we are particularly pleased to see that detailed guidance has already been published by the NCSC on the security measures that organisations’ need to adopt in order to comply.

“Operators of essential services must act now and take heed of this guidance, ensuring that the essential services that we rely on are cyber resilient and secure.”

techUK will be providing a more detailed analysis in the coming days and will be engaging with its members and Government in the months leading up to May.

FROM SOCIAL MEDIA

Sadly, we've come to the end of techUK Data Protection Week - Thank you so much to everyone who provided content, a… https://t.co/2qE8syAJT1
In our closing post for techUK Data Protection Week, Policy Manager for Data Protection @JeremyLilley1 outlines a p… https://t.co/JTEdgM2pM2
If you're still not confident about the ins and outs of GDPR and are too afraid to ask, @CiscoUKI has got you cover… https://t.co/93qlaDtQxy
With 300 speakers and 5000 attendees, CogX 2018 is Europe's premier AI festival including debates, chats, panels an… https://t.co/WMS5gDE3wL
For techUK Data Protection week, @maevewa1sh from @Corsham_Inst @ConnectedObs outlines the preparations that busine… https://t.co/GiaUZsyCKf
For users to entrust businesses with their data, they need to see companies approaching data ethically and transpar… https://t.co/nsm1RDXphn
The day has arrived - GDPR is here! To celebrate, read Emma Butler from @getyoti's piece on the right to be informe… https://t.co/NwaCJQ9TU5
Today is #GDPR day and to mark it, @techUKCEO writes in @ComputerWeekly. He highlights the need for the UK to conti… https://t.co/umv1Zfe89C
Its a big day! #GDPR takes affect across the EU today. There are some big changes for all organisations that proces… https://t.co/NCcXzgoDBe