The government said it will strengthen its cybersecurity laws to better protect essential services like water, energy and transport, from online attacks.
In response to a public consultation earlier this year, the government has confirmed the Network and Information Systems (NIS) Regulations will be strengthened to protect essential and digital services against increasingly sophisticated and frequent cyber attacks both now and in the future.
The UK NIS Regulations came into force in 2018 to improve the cyber security of firms providing critical services. Organisations which fail to put in place effective cyber security measures can be fined as much as £17m for non-compliance.
But high profile attacks such as Operation CloudHopper, which targeted managed service providers and compromised thousands of organisations at the same time, show the UK’s cyber laws need to be strengthened to continue to protect vital services and the supply chains they rely on.
“The services we rely on for healthcare, water, energy and computing must not be brought to a standstill by criminals and hostile states,” Cyber minister Julia Lopez said.
The new changes will also require greater cyber incident reporting to regulators such as Ofcom, Ofgem and the ICO.
These changes to legislation are part of the government’s £2.6 billion National Cyber Strategy which is taking a stronger approach to getting at-risk businesses to improve their cyber resilience and making the UK digital economy more secure and prosperous.