INFRA
INFRA
INFRA
UK to fine essential-services companies that fail cybersecurity tests up to $24M
The U.K. government has announced punitive measures against essential-services companies that fail to secure their networks, including fines of up to £17 million ($24 million).
The measures, announced as part of the U.K.’s implementation of the European Union network and information systems directive, covers companies providing services such as energy, transportation, water and healthcare. It also includes regulations that would allow government inspectors to inspect cybersecurity at those companies to ascertain whether they are taking appropriate measures to protect their networks.
The proposals may sound somewhat harsh, but the U.K. government is pitching its big-stick approach to private enterprises as being a way to ensure the companies are “prepared to deal with the increasing numbers of cyberthreats.”
The regulations not only require essential-services operators to report to the government any cybersecurity breach, no matter how small, but hardware failures will also need to be reported. The regulator would “assess whether appropriate security measures were in place” and then “issue legally binding instructions to improve security, and – if appropriate – impose financial penalties.”
Explaining that the regulations are in response to high-profile attacks in the past, Richard Henderson, global security strategist at Absolute Software Corp., told SiliconANGLE that “it’s clear this new directive was pushed forward after the substantial impact many attacks have had in recent years on public infrastructure and essential utilities. Wannacry’s disproportionate impact on the networks of the National Health Service is clearly not forgotten by the NCSC.”
Henderson added that the NCSC understands how complex and difficult it will be to prepare for all cyber security problems, and as a result, the guidelines are intentionally vague. “In practice, this gives OES’s significant freedom and latitude to design, build, and monitor their unique infrastructures in the ways they deem best,” he said, but it’s not yet clear if that will be enough.
“The fines themselves seem to be a last resort for the U.K. after continued failure by OES’s to improve and learn from incidents,” Henderson said. “It’s great that they’re being pragmatic in understanding that breaches and incidents in some fashion are going to happen and allowing organizations the ability to learn and improve from them. But at the same time, the lack of sharp teeth ready to take a giant financial bite out of an organization may give some the false sense that punitive enforcement is just a paper tiger.”
Image: Sstrobeck23/Wikimedia Commons
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
