The Department for Science, Innovation and Technology (DSIT) has highlighted plans for three key updates to the regulatory framework for cyber security in the UK.
It has published a statement on its plans for a new Cyber Security and Resilience Bill, to be introduced to Parliament next year, to strengthen the defences of digital services.
The changes will include expanding the remit of regulation to protect more digital services and supply chains. This reflects a perception, which is strong in the public sector, of how cyber weaknesses in supply chains are providing a threat vector for attackers.
“This bill will fill an immediate gap in our defences and prevent similar attacks experienced by critical public services in the UK, such as the recent ransomware attack impacting London hospitals,” DSIT said.
Another change will be to give regulators more power to ensure essential cyber safety measures are being implemented. This could include powers to proactively investigate potential vulnerabilities and provide mechanisms for regulators to recover their costs.
Thirdly, the bill will mandate the reporting of incidents to give government better data on cyber attacks. This is aimed at improving the understanding of threats and raising alerts of potential attacks.
Severe impacts
“Recent cyber attacks affecting the NHS and Ministry of Defence show the impacts can be severe,” DSIT said.
“Our laws have not kept pace with technological change so we need to take swift action to address vulnerabilities and protect our digital economy to deliver growth. The bill will strengthen the UK’s cyber defences and ensure critical infrastructure and the digital services companies rely on are secure.”
It added that the National Cyber Security Centre has assessed that there is a ramping up of threats from hostile states and state sponsored actors, and emphasised the dangers of severe disruption of public services.
