The government has set out a series of ambitions and goals for the soon-to-be-introduced Cyber Security and Resilience Bill, including measures to better protect supply chain and operators of critical national services, which besides public services and utilities will now also includes IT service providers and suppliers – up to 1,000 of which are likely to fall into the scope of the planned measures – and potentially datacentre operators.
First trailed in 2024 shortly after Labour’s General Election victory, the overall aims of the Cyber Security and Resilience Bill are to improve the UK’s online defences, protect the public and safeguard growth in line with its wider Plan for Change Policy.
The government said its plans would help ensure organisations that provide essential services – IT and otherwise – across both the public and private sectors are a less tempting target for cyber criminals. It also wants to give the country greater confidence in digital services, which it is relying upon to support its overall economic growth mission.
Noting that cyber threats cost the UK over £22bn during the second half of the 2010s, it cited last summer’s attack on Synnovis that cost the NHS over £32m and suggested that a hypothetical cyber attack focused on energy services in southeast England could wipe over £49bn off the economy.
“Economic growth is the cornerstone of our Plan for Change, and ensuring the security of the vital services which will deliver that growth is non-negotiable,” said Peter Kyle, secretary of state for science, innovation and technology.
“Attempts to disrupt our way of life and attack our digital economy are only gathering pace, and we will not stand by as these incidents hold our future prosperity hostage. The Cyber Security and Resilience Bill, will help make the UK’s digital economy one of the most secure in the world – giving us the power to protect our services, our supply chains, and our citizens – the first and most important job of any government.”
Richard Horne, CEO of the National Cyber Security Centre (NCSC), added: “The Cyber Security and Resilience Bill is a landmark moment that will ensure we can improve the cyber defences of the critical services on which we rely every day, such as water, power and healthcare. It is a pivotal step toward stronger, more dynamic regulation, one that not only keeps up with emerging threats but also makes it as challenging as possible for our adversaries.
“By bolstering their cyber defences and engaging with the NCSC’s guidance and tools, such as Cyber Assessment Framework, Cyber Essentials and Active Cyber Defence, organisations of all sizes will be better prepared to meet the increasingly sophisticated challenges,” he said.
Effective response
As part of the bill’s progress, the government said it is now exploring measures to take to improve its ability to respond to emerging cyber threats and, critically, to take rapid action to protect national security. This could see the technology secretary granted powers to order regulated organisations to shore up their cyber defences.
Also on the table is the possibility of introducing a set of new protections for the UK’s 200 largest datacentres. Quite what these measures will entail is yet to be decided, but the government noted that it may look to artificial intelligence (AI) to help bolster the defences of the country’s datacentre estate.
Should the proposed bill make it to the statute books, its overall provisions will be largely similar to those already been set out in previous announcements.
Besides proposals to mandate ransomware incident reporting that have already been widely discussed and are currently the subject of an ongoing consultation, and widening the variety of organisations subject to cyber regulation, it will also give regulators more tools to improve cyber security and resilience in their specialist areas, and give the government more flexibility to update regulatory frameworks as and when the threat and technology environments evolve.
#Top #service #providers #scope #cyber #bill