UK Government announces new legislation to strengthen UK’s cyber resilience
The UK government has announced three new proposals this week, which set out its intention to take a more proactive and interventionist approach to keep the UK safe from cyber attacks. This follows the launch of the UK National Cyber Strategy in December, which promised to make the UK a leading cyber power.
In three new policy documents, the government indicates that its previous market-led approach to cyber resilience is not delivering change quickly enough, and this is leaving UK industry and services vulnerable. It also concludes that the UK’s cyber industry needs its own identity, shape and form.
Specifically, the government set out plans to introduce new laws which will strengthen the regulatory framework governing critical national infrastructure, including:
- Bringing additional critical providers of digital services into the UK’s cyber security regulatory regime.
- Future-proofing the Network and Information Systems (NIS) Regulations by introducing new powers for the government to update and expand their scope.
In addition to strengthening the regulation overseeing critical infrastructure, the government has also announced that it is considering interventions to ensure that businesses manage their cyber posture more effectively, including mandating large companies to appropriately assess and address the cyber risks they face, providing government-developed impact information to inform investment decisions, and legislating to make new technologies “secure by design”.
Finally, the government is consulting on proposals to more proactively regulate the cyber security profession, for example through ‘regulation by title’ and the introduction of a Register of Practitioners led by the UK Cyber Security Council which is set to become the designated standard-setting body for the industry.
Commenting on these announcements, Ollie Whitehouse, Global CTO at NCC Group, said:
“Government intervention will no doubt fundamentally influence the future of cyber resilience and give businesses a clearer sense of direction. As ever, it is crucially important that on-the-ground expertise helps inform policy considerations - which is something that we’re committed to at NCC Group.
“As reliance on third parties increases, the scale of cyber and resilience risks facing businesses also rises. With this in mind, NCC Group welcomes this government initiative to bring the NIS framework up to date, and ensure that regulations stay flexible for the future. Organisations will need to understand how these changes – as well as planned reforms to corporate governance - will affect them in order to prepare.
“It’s also great to see the government recognising that people are key to the future success of cyber, as we do at NCC Group, where in the last few months we welcomed 61 Junior Security Consultants through our UK/APAC Next Generation Talent programme. It’s crucial that flexibility is built into future proposals as the global threat landscape continues to shift, and that regulation is kept up-to-date in line with changing requirements for skills and expertise.”