- UK to be better protected than ever to face down cyber criminals and state-backed actors – delivering strong foundations for the government’s Plan for Change.
- Bolstered protections for the UK economy – with new research showing the annual cost of cyber attacks is almost £15 billion per year.
Hospitals, energy and water supplies and transport networks will be better protected from the threat of cyber-attacks under new laws being introduced in Parliament today (12th November).
Supporting the Plan for Change, the Cyber Security and Resilience Bill strengthens national security and protects growth by boosting cyber protections for the services that people and businesses rely on every day.
In the face of increasing cyber threats, it will prevent disruption – keeping the taps running, the lights on and the UK’s transport services moving – while making sure those who supply our vital services have tougher cyber protections.
These proposed laws would cover certain digital and essential services including healthcare, transport, energy and water. Under the proposals:
- medium and large companies providing services like IT management, IT help desk support and cyber security to private and public sector organisations like the NHS, will also be regulated for the first time. Because they hold trusted access across government, critical national infrastructure and business networks, they will need to meet clear security duties. This includes reporting significant or potentially significant cyber incidents promptly to government and their customers as well as having robust plans in place to deal with the consequences
- regulators (DWI) will be Given new powers to designate critical suppliers to the UK’s essential services such as those providing healthcare diagnostics to the NHS or chemicals to a water firm, where they meet the criteria. This would mean they’d have to meet minimum security requirements – shutting down gaps in supply chains criminals could exploit which could cause wider disruption
- enforcement will be modernised, including tougher turnover-based penalties for serious breaches so cutting corners is no longer cheaper than doing the right thing. That’s because companies providing taxpayer services should make sure they have tough protections in place to keep their systems up and running
- the Technology Secretary gets new powers to instruct regulators and the organisations they oversee, like NHS trusts and Thames Water, to take specific, proportionate steps to prevent cyber attacks where there is a threat to UK national security. This includes requiring that they beef up their monitoring or isolate high-risk systems to protect and secure essential services (Including Operational Technology systems?)
These are areas which could pose huge negative implications for the British economy and public services if targeted. The Office for Budget Responsibility (OBR) estimates that a cyber-attack on critical national infrastructure could temporarily increase borrowing by over £30 billion – equivalent to 1.1% of GDP.