Details of proposals by the United Kingdom government aimed at improving UK cyber defences have been unveiled this week by the Department for Digital, Culture, Media & Sport, for which Julia Lopez MP is currently the Minister for.
The government has additionally opened a consultation which is ongoing until April 10 to discuss the changes.
The proposals & reasoning
In a press release, the government states that “new laws are needed to drive up security standards in outsourced IT services used by almost all UK businesses” and suggests improvements are needed in how organisations report cyber security incidents.
The government cites recent attacks such as SolarWinds and the Microsoft Exchange incidents as part of the reason they feel cyber reform is needed in the UK. Julia Lopez MP said “every UK organisation must take their cyber resilience seriously” and it is “not an optional extra”. She later touched on “criminals and hostile states” exploiting vulnerabilities, a potential subtle reference to cyber attack efforts by other nations, particularly Russia and China.
Cyber attacks are often made possible because criminals and hostile states cynically exploit vulnerabilities in businesses’ digital supply chains and outsourced IT services that could be fixed or patched.
Minister of State for Media, Data, and Digital Infrastructure, Julia Lopez
There are also proposed changes to the Network and Information Systems regulations and clarifying the skills needed for the cyber security industry.
Analysis
It is no surprise that the UK is looking to tighten cyber defences. As we know, cyber attacks – either on businesses or governments are costly and can cause real damage. Many governments are also concerned about cyber warfare. Just as technology advances, countries find themselves using it instead of soldiers and guns in international conflict. This is why, recently, countries such as the United States (via The Hill and Bank Info Security), Japan (via Nikkei Asia) and China (via ZDnet) are all looking hard at their cyber security legislation and making it top of policy agendas. From protecting critical infrastructure that supports the daily life of citizens, to safeguarding businesses from the financial damage an attack can cause – no country can ignore cybersecurity or think of it as a low-priority topic any longer.
Links
Press release – https://www.gov.uk/government/news/new-laws-proposed-to-strengthen-the-uks-resilience-from-cyber-attack
Consultation (on legislation, ends April 10) – https://www.gov.uk/government/consultations/proposal-for-legislation-to-improve-the-uks-cyber-resilience
Consultation (on the profession of cyber & UK Cyber Security Council role, ends 20 March) – https://www.gov.uk/government/consultations/embedding-standards-and-pathways-across-the-cyber-profession-by-2025