‘Up your game!’ Government tells essential services to toughen their cyber defences or face stiff fines
The British Government is urging critical industries to do more to protect themselves from the growing threat of cyber attacks.
It is appointing sector-specific regulators to ensure that essential services are protected, and has warned organisations that they risk fines of up to £17 million if they do not have effective cyber security measures in place.
Protect, Or Else
The government warning to critical industries to bolster their cyber defences comes as the National Cyber Security Centre publishes new guidance for industry. And the management of critical industries have to take note, as the Government announced its intention to implement hefty fines for those that leave themselves vulnerable to attack.
Indeed, energy, transport, water and health firms could be fined up to £17million if they fail to have the most robust safeguards in place against cyber attack. And new regulators will assess critical industries to make sure plans are as robust as possible.
There will also be a “simple, straightforward reporting system” to make it easy to report cyber breaches and IT failures so they can be quickly identified and acted upon.
The government said that under the new measures recent cyber breaches, such as WannaCry and high profile systems failures, would be covered by the NIS Directive.
“Today we are setting out new and robust cyber security measures to help ensure the UK is the safest place in the world to live and be online,” explained Margot James, Minister for Digital and the Creative Industries.
“We want our essential services and infrastructure to be primed and ready to tackle cyber attacks and be resilient against major disruption to services. I encourage all public and private operators in these essential sectors to take action now and consult NCSC’s advice on how they can improve their cyber security.”
The NCSC has published its detailed guidance on the security measures to help organisations comply here.
“Our new guidance will give clear advice on what organisations need to do to implement essential cyber security measures”, said National Cyber Security Centre CEO Ciaran Martin.
“Network and information systems give critical support to everyday activities, so it is absolutely vital that they are as secure as possible.”
The government intends to implement the Network and Information Systems (NIS) Directive from 10 May 2018.
Last July the NCSC acknowledged it was investigating a broad wave of attacks on companies in the British energy and manufacturing sectors which were “likely” to have compromised some industrial control systems.
Do you know all about security in 2017? Try our quiz!