Policy statement sets out changes to law in face of ‘unprecedented threats to our critical national infrastructure’
The government has published a policy statement on the forthcoming Cyber Security and Resilience Bill, its proposed new legislation to protect the public and safeguard economic growth by bolstering the UK’s online defences.
Photo by FlyD / Unsplash
We’ve reported on a number of costly and hight-profile cyber attacks in recent years. The government estimates that these threats cost the UK economy almost £22bn each year between 2015 and 2019.
The attack last summer on Synnovis, which provides pathology services to the NHS, cost an estimated £32.7m alone, and led to thousands of missed appointments, with stress and inconvenience for patients. The National Cyber Security Centre (NCSC) managed 430 cyber incidents in the year up to September 2024, 89 of them – or almost two each week – classed as nationally significant.
To protect such essential services as hospitals, energy suppliers and other parts of our critical infrastructure, the government is looking at ways to bolster the online defences of the whole supply chain.
Under the new proposals, many more organisations and suppliers of essential IT services will be required need to meet robust cyber security requirements, improving their data protection and network security defences, as well undertaking risk assessment to minimise the impact of future cyber attacks.
Third-party suppliers will need to boost their cyber security in areas such as risk assessment to minimise the possible impact of cyber- attacks, while also beefing up their data protection and network security defences.
As well as bringing more entities into scope of the existing regulatory framework, the new legislation is also intended to empower regulators and enhance oversight through such measures as information-gathering powers and cost-recovery mechanisms. The proposals also aim to ensure that the regulatory framework can keep pace with fast-changing technology – and threats.
The government says it will also consider additional measures such as including more than 200 data centres within the scope of the framework and granting the Secretary of State powers of direction to ensure there is a swift responses to attacks and other activity.
The new legislation is part of the government’s wider Plan for Change, which aims to kickstart economic growth.
Peter Kyle MP, Secretary of State for Science, Innovation, and Technology, says: ‘Economic growth is the cornerstone of our Plan for Change, and ensuring the security of the vital services which will deliver that growth is non-negotiable. Attempts to disrupt our way of life and attack our digital economy are only gathering pace, and we will not stand by as these incidents hold our future prosperity hostage.
‘The Cyber Security and Resilience Bill, will help make the UK’s digital economy one of the most secure in the world – giving us the power to protect our services, our supply chains, and our citizens – the first and most important job of any government.’
Richard Horne, CEO of the NCSC, adds: ‘The Cyber Security and Resilience Bill is a landmark moment that will ensure we can improve the cyber defences of the critical services on which we rely every day, such as water, power and healthcare. It is a pivotal step toward stronger, more dynamic regulation, one that not only keeps up with emerging threats but also makes it as challenging as possible for our adversaries.
‘By bolstering their cyber defences and engaging with the NCSC’s guidance and tools, such as Cyber Assessment Framework, Cyber Essentials, and Active Cyber Defence, organisations of all sizes will be better prepared to meet the increasingly sophisticated challenges.’
In related news:
Leave a Reply