The Department for Digital, Culture, Media and Sport (DCMS) has published proposals for new legislation and incentives and regulations to improve the UK’s cyber resilience.
Minister for Media, Data and Digital Infrastructure Julia Lopez MP announced two consultations, citing the need to respond to the increasing frequency and sophistication of cyber attacks, along with the fast pace of digitisation in the national economy.
She said they incorporate three pillars aimed at addressing the various challenges. The first consultation covers the first and second pillars through a focus on legislation for all of the UK.
For the first pillar the document proposes that providers of critical managed services should be brought under the National Information Systems (NIS) Regulations of 2018. The regulations establish legal requirements for relevant organisations to boost the cyber and physical security of their networks and information systems, and are aimed at strengthening security around essential services such as digital infrastructure, healthcare, transport, water and energy.
The change would require the managed service providers to register with the Information Commissioner’s Office and ensure proportionate security measures are in place.
Future proofing
Proposals within the second pillar are aimed at future proofing the NIS Regulations by allowing changes to be implemented so the UK can adapt to evolving threats and technological developments. This will involve the provision of powers for important updates to the framework and provisions to secure the most critical organisations.
In addition, there would be changes in the cost recovery system and the incident reporting framework.
The second consultation covers the third pillar, aimed at further quality assurance of the cyber profession and applies only to England. It sets out a proposed direction of travel for four key policy areas – foundations, capabilities, market incentives and accountability – and looks to the UK Cyber Security Council to be the professional authority to ensure the supply of a high quality cyber workforce is consistent and sustainable.
The council will develop professional standards and a career pathways framework, and provide a structure for the existing market in qualifications and certification.
The consultation is aimed at gathering views on a possible legislative underpinning for the cyber profession, and on non-legislative measures such as requirements within government procurement.
Strengthen oversight
“Sharing views will help improve the UK’s cyber security regulations,” Lopez said in a statement to the House of Commons.
“By strengthening the oversight of critical digital suppliers, existing cyber regulation and improving the UK’s cyber security profession, we can solidify the UK’s position as a democratic and responsible cyber power and protect our essential services (such as the NHS, transport services, digital services and energy supplies). This will, ultimately, defend the interests, livelihoods, and economic prosperity of our people and businesses.”
The consultations have been launched soon after the Government published a new National Cyber Strategy that emphasises a ‘whole of society’ effort and providing a more resilient critical national infrastructure.
Image from iStock, benoitb
