UK Cyber Security Strategy

The government has published its response to the April 2018 targeted consultation on the Security of Network and Information Systems Directive (NISD). The targeted consultation specifically addressed how NISD will apply to Digital Service Providers (DSPs) in the UK, focusing on the identification of DSPs, security measures and further guidance. This follows the government’s public consultation in August 2017see our recent blog on this here.

The targeted consultation received 12 responses that largely showed support for the government’s overall approach. Concerns were expressed, however, regarding the uncertainty over who falls within NISD’s scope and the subject of costs recovery.

As the Network and Information System Regulations 2018 (the NIS Regulations) are already in force, the targeted consultation process will be used to assist the Information Commissioner’s Office (ICO) in providing updated guidance to DSPs. The government’s response, therefore, provides a useful insight into the future guidance on this topic, which will directly affect the regulation of DSPs in the UK.Continue Reading The UK responds to NISD consultation

The security and reliability of the UK’s IT infrastructure remains a key priority for the government. In August 2017, the Department for Digital, Culture, Media and Sport launched a public consultation on its plans to transpose the Network and Information Systems Directive (‘NIS Directive’) into UK legislation. (As we reported earlier this year, the UK has until 9 May 2018 to implement the NIS Directive into its national laws.) The closing date for responses is 30 September 2017, and the consultation is aimed at industry participants, regulators and other interested parties.

Tackling growing cyber risks

As society becomes increasingly reliant on information technology, the potential impact of failure in those systems is also rising. Recent events point towards an increase in the scale, frequency and gravity of cyber  attacks. The recent WannaCry ransomware attack illustrates only too well the adverse effects that can result from a security breach.

The European Commission’s aim with the NIS Directive is to increase the security of network and information systems within the EU. The government has announced that it supports that overall aim, and recognises the need to improve the security of UK network and information security systems, with a particular focus on “essential services”. The proposal is that (subject to meeting certain thresholds) service providers operating in the following sectors should qualify as an “essential service”: energy, health, digital and transport (air, road and maritime). Among the NIS Directive’s provisions are a duty for operators of essential services to:

  1. Take appropriate and proportionate technical and organisational measures to manage security risk; and
  2. Take appropriate measures to prevent and minimise the impact of any incidents affecting the security of the network and system used to provide the service.

Continue Reading UK government posts new NIS Directive consultation addressing cybersecurity threats