Government Introduces Measures to Protect Essential Services From Cyber Attack

The Department for Digital, Culture, Media and Sport (DCMS) has released its response to the Consultation on the Security of Network and Information Systems Directive.

The full response to the consultation can be viewed here. Guidance from the National Cyber Security Centre (NCSC) can also be viewed here.

There have been a number of minor changes made to the proposed framework for implementing the Directive, including:

  • The maximum fines for breaches have been capped at £17million;
  • The role of the NCSC is highlighted more clearly, with a clear technical advisory and support role with a separate role to competent authorities;
  • Confirmation of an approach with multiple Competent Authorities overseeing relevant sectors they are familiar with. The ICO will remain the Competent Authority for the digital sector;
  • Further clarity on the definitions of Digital Service Providers (DSPs), particularly in terms of cloud services; and
  • A clearer and more realistic approach to timescales for compliance, with guidance from Government that Competent Authorities should take into account organisations transitioning in the first year.

Talal Rajab, Head of Programme, Cyber and National Security, techUK comments:

‘“It is important that the UK’s critical infrastructure remains resilient to the growing cyber threat. That is why we welcome the robust plan put forward by the Government for the implementation of the Network and Information Systems Directive (NIS Directive).

“More work still needs to be done, particularly with the 10 May deadline looming large, including the need for further details on the resources being made available to the various Competent Authorities and their respective legislative powers. However, we are particularly pleased to see that detailed guidance has already been published by the NCSC on the security measures that organisations’ need to adopt in order to comply.

“Operators of essential services must act now and take heed of this guidance, ensuring that the essential services that we rely on are cyber resilient and secure.”

techUK will be providing a more detailed analysis in the coming days and will be engaging with its members and Government in the months leading up to May.

FROM SOCIAL MEDIA

Check out @techUKdepCEO's response to the Migration Watch paper claiming that IT companies exploit an immigration '… https://t.co/naqNrqxaBB
Are you a #govtech company with an innovative idea for tackling road traffic congestion? @gdsteam are looking for o… https://t.co/ZeUm7uEc2R
techUK would love for you to attend our Accelerating CAV Uptake on our Roads event in Oxford on 4 September to exam… https://t.co/WQuCVuTQbg
We are delighted to have @ICENorthWest and @the_brc as industry partners of #Supercharging18 You won't want to miss… https://t.co/lL1Z8HcKIy
Official media partners at #techUKSmarterState are @CSWnews and @PublicTech, with @trendallicious speaking! Don’t m… https://t.co/6AwC9MHWWs
This year @techUK will be hosting a panel at the #WTOPublicForum on how tech is changing how the world trades as we… https://t.co/S9dizbi8mI
Earlier this month @sageuk published its position paper, Building a Competitive, Ethical AI Economy. Check out the… https://t.co/6cfEjmUW8w
Have a read of this article in @psenews by @GeorginaMarath, programme manager for #localgov @techUK, where she make… https://t.co/VU1TdFsh7B