Cyber Security and Resilience Bill

On July 17th 2024, it was announced at the State Opening of Parliament that the Labour government will introduce the Cyber Security and Resilience Bill (CS&R).[1] The proposed legislation is intended to update the existing Network and Information Security Regulations 2018, known as UK NIS.[2] CS&R will strengthen the UK's cyber defences and resilience to hostile attacks thus ensuring that the infrastructure and critical services relied upon by UK companies are protected by addressing vulnerabilities, while ensuring the digital economy can deliver growth.[3]

The legislation will expand the remit of the existing regulations and put regulators on a stronger footing, as well as increasing the reporting requirements placed on businesses to help build a better picture of cyber threats.[4] Its aim is to strengthen UK cyber defences, ensuring that the critical infrastructure and digital services which companies rely on are secure.[5] The Bill will extend and apply UK-wide.[3]

The new laws are part of the Government's pledge to enhance and strengthen UK cyber security measures and protect the digital economy.[6] CS&R will introduce a comprehensive regulatory framework designed to enforce stringent cyber security measures across various sectors. This framework will include mandatory compliance with established cyber security standards and practices to ensure essential cyber safety measures are being implemented. Ultimately, businesses will need to demonstrate their adherence to these standards through regular audits and reporting.[7] Also included in the legislation are potential cost recovery mechanisms to provide resources to regulators and provide powers to proactively investigate potential vulnerabilities.[8]

Key facts

The key facts from the King's Speech are:[3]

i) The current UK NIS cyber security regulations play an essential role in safeguarding the UK’s critical national infrastructure by placing security duties on industry involved in the delivery of essential services.[9] These regulations cover the five sectors of transport, energy, drinking water, health and digital infrastructure, as well as some digital services including online marketplaces, online search engines, and cloud computing services. 12 regulators are responsible for implementing the present regulations.

ii) Hostile cyber actors are increasingly targeting UK critical sectors and supply chains. Recent serious high-profile attacks impacting London hospitals and the Ministry of Defence, as well as ransomware attacks on the British Library and Royal Mail, have highlighted that UK services and institutions are vulnerable to attack.

iii) The impacts of a cyber attack on these sectors pose severe risks to UK citizens, core services and the economy at large. For example, as a result of the ransomware attack affecting the NHS in England in June [2024], 3,396 outpatient appointments and 1,255 elective procedures were postponed across King's College Hospital, Guy’s Hospital and St Thomas’ Hospital, all in South London. It has been estimated that the cost of cybercrime in the UK in 2023 was $320 billion, near £225 billion.[10]

iv) The National Cyber Security Centre (NCSC) assess that the increased threat from hostile states and state-sponsored actors continues to escalate. At a recent speech at CyberUK, NCSC CEO Felicity Oswald warned that providers of essential services in the UK cannot afford to ignore these threats.[11]

v) 2 UK NIS Post-Implementation Reviews found that the original regulations are having a positive impact, but that progress has not been fast enough.[12][13] In 2022 the review found that they "are a vital framework in raising wider UK resilience against network and information systems security threats", but updates are required to keep pace with growing threats. Just over half of the operators of essential services have updated or strengthened existing policies and processes since the inception of the UK NIS Regulations in 2018, which were introduced after EU NIS Directive 2016/1148.[2][14]

Consequences

Digital verification services would be established and include "digital identity products to help the public quickly and securely share key information about themselves as they use online services in their everyday life."[4]

A National Underground Asset Register would be created enabling "planners and excavators instant, standardised access to pipe and cable data around the country."[4]

The Bill will enable the creation of smart data schemes, "which would allow for the secure sharing of customer data, upon their request, with authorised third-party service providers."[4]

It will introduce compulsory ransomware reporting so that the authorities can better understand the threat and "alert us to potential attacks by expanding the type and nature of incidents that regulated entities must report."[6][15] While this information collection is likely to increase resilience to attacks, the administrative burden for businesses from this reporting might well bring with it additional costs as well as the original cyber incident's expense.[6]

As modern business practices are interconnected, organisations must ensure that their partners and suppliers also adhere to the standards set by the CS&R.[6]

In the EU, the original Network and Information Security Directive (NIS Directive 2016/1148) is being updated to Directive 2022/2555, known as EU NIS 2.[16][17] EU NIS 2 introduces wide-reaching changes to the existing EU cyber security laws for network and information systems.[16] The CS&R should bring the existing UK NIS regulations 2018 to a framework similar to that of the EU.[16][18]

The Bill as yet has no information on any punishments for non-compliance or what the data regulators' demands from an organisation that has experienced a cyber security incident will be.[19]

Reaction

Jon Ellison, NCSC Director of National Resilience, said that the proposed bill was "a landmark moment tackling the growing threat to the UK's critical systems".[20] He continued that it will be "a crucial step towards a more comprehensive regulatory regime, fit for our volatile world".[20]

Former head of the NCSC Ciaran Martin along with other experts welcomed the legislative proposal. On social media, he wrote that the proposed legislation seemed sensible, with mandatory reporting requirements being significant and positive steps.[21]

A representative of the CyberUp Campaign Matt Hull said that the organisation is looking forward to the Government updating UK cyber resilience and in particular the Computer Misuse Act 1990. Any updates to this Act would help cyber professionals protect the U.K., safeguard the digital economy and unlock the potential growth within the cybersecurity industry.[21]

Schedule

Main article: Act of Parliament (United Kingdom)

The Bill will proceed through seven stages of the legislative process which happens in both houses of the UK parliament: first reading, second reading, committee stage, report stage, third reading, opposite house and royal assent.

  1. July 17th Bill announced.[1]
  2. Stage: Pre-legislative Scrutiny (current).
  3. Stage: First reading - The Bill will be introduced to Parliament in 2025.[22]

See also

References

  1. ^ a b Seddon, P. (15 July 2024). "Key points in King's Speech at a glance". BBC News. Retrieved 30 July 2024.
  2. ^ a b "King's Speech: new cyber resilience laws planned in the UK". Pinsent Masons. 17 July 2024. Retrieved 5 August 2024.
  3. ^ a b c "The King's Speech 2024" (PDF). UK GOV. p. 94. Retrieved 30 July 2024.
  4. ^ a b c d Griffin, A. (17 July 2024). "Labour announces host of new tech rules – but does not reveal much-hyped 'AI bill'". Independent. Retrieved 30 July 2024.
  5. ^ Patefield, D.; Broom, J.; Collings, A.; Tsolova, R.; Modha, T. (19 July 2024). "Government announces new Bill to strengthen the UK's cyber security and resilience". techUK. Retrieved 30 July 2024.
  6. ^ a b c d "Cyber Security and Resilience Bill: what businesses and insurers need to know". CMS Legal. 18 July 2024. Retrieved 30 July 2024.
  7. ^ "What businesses need to know about the Cyber Security and Resilience Bill". ITN. 22 July 2024. Retrieved 30 July 2024.
  8. ^ "UK set to debut Cyber Security and Resilience Bill to boost national cyber defenses, secure critical infrastructure". Industrial Cyber. 19 July 2024. Retrieved 30 July 2024.
  9. ^ "The Network and Information Systems Regulations 2018". Crown. 10 May 2024. Retrieved 4 August 2024.
  10. ^ "Annual cost of cybercrime in the UK 2017-2028". Ani Petrosyan. 1 December 2023. Retrieved 7 August 2024.
  11. ^ "CYBERUK 2024: Felicity Oswald keynote speech". National Cyber Security Centre. May 2024. Retrieved 15 August 2024.
  12. ^ "Review of the Network and Information Systems Regulations". Crown. 29 May 2020. Retrieved 2 November 2024.
  13. ^ "Second Post-Implementation Review of the Network and Information Systems Regulations 2018". Crown. 27 July 2022. Retrieved 15 August 2024.
  14. ^ "Directive (EU) 2016/1148 of the European Parliament and of the Council". Crown. 6 July 2016. Retrieved 22 August 2024.
  15. ^ Muncaster, P. (18 July 2024). "UK Government Set to Introduce New Cyber Security and Resilience Bill". Reed Exhibitions. Retrieved 5 August 2024.
  16. ^ a b c Belcheva, R. (23 July 2024). "New Cyber Security & Resilience Bill announced in King's Speech". The Lens. Retrieved 13 August 2024.
  17. ^ "The NIS 2 Directive". Cyber Risk. 2022. Retrieved 13 August 2024.
  18. ^ Poireault, K. (12 August 2024). "Navigating Regulation Discrepancies: EU's NIS 2 v UK's Cyber Security and Resilience Bill". RELX. Retrieved 26 September 2024.
  19. ^ Jones, C. (30 July 2024). "Revamped UK cybersecurity bill couldn't come soon enough, but details are patchy". The Register. Retrieved 4 August 2024.
  20. ^ a b Say, M. (25 July 2024). "NCSC highlights importance of Cyber Security Bill". Informed Communications Ltd. Retrieved 29 August 2024.
  21. ^ a b Akshaya, A. (17 July 2024). "UK Labour Introduces Cyber Security and Resilience Bill". Information Security Media Group. Retrieved 16 August 2024.
  22. ^ "Cyber Security and Resilience Bill". Crown. 30 September 2024. Retrieved 11 October 2024. The Bill will be introduced to Parliament in 2025

Read other articles:

شكل صيدلاني معادل للجرعة

تحوي هذه المقالة أو هذا القسم ترجمة آلية. فضلًا، ساهم في تدقيقها وتحسينها أو إزالتها لأنها تخالف سياسات ويكيبيديا. (نقاش) (أكتوبر 2019) شَكْل صَيْدلانيّ مُعادِل للجُرْعَة[1][2] (بالإنجليزية: Dosage form)‏ وَتُسمى أيضًا وحدة جرعات[3] (بالإنجليزية: unit doses)‏ هي المنتجات الصي�...

 

 

Regno Unito di Libia

Regno di Libia (dettagli) (dettagli) Motto: Libia, Libia, Libia Regno di Libia - Localizzazione Dati amministrativiNome completoRegno Unito di Libia (fino al 1963)Regno di Libia (dal 1963) Nome ufficialeRegno Unito di Libia - المملكة الليبية المتحدة (fino al 1963)Regno di Libia - المملكة الليبية (dal 1963) Lingue ufficialiarabo Lingue parlatearabo, italiano InnoLibia, Libia, Libia CapitaleTripoli Altre capitaliBengasi, Beida PoliticaForma di StatoMonarchia c...

 

 

Hilary Putnam

American mathematician and philosopher (1926–2016) Hilary PutnamPutnam in 2006BornHilary Whitehall Putnam(1926-07-31)July 31, 1926Chicago, Illinois, U.S.DiedMarch 13, 2016(2016-03-13) (aged 89)Arlington, Massachusetts, U.S.Alma materUniversity of Pennsylvania (BA)Harvard UniversityUniversity of California, Los Angeles (PhD)SpouseRuth Anna PutnamAwardsRolf Schock Prize in Logic and Philosophy (2011), Nicholas Rescher Prize for Systematic Philosophy (2015)Era20th-century philosophyR...

Siti Zailah Mohd Yusoff

Malaysian politician This article needs to be updated. Please help update this article to reflect recent events or newly available information. (March 2020)In this Malay name, there is no surname or family name. The name Mohd Yusoff is a patronymic, and the person should be referred to by their given name, Siti Zailah. Yang Berhormat Dato' HajahSiti Zailah Mohd YusoffDJMK JMK SMK MPسيتي ظل ﷲ محمد يوسف‎Siti Zailah in 2018Deputy Minister of Women, Family and Community Deve...

 

 

Imabari, Ehime

City in Shikoku, JapanImabari 今治市CityView of Seto Inner Sea and downtown Imabari FlagEmblemLocation of Imabari in Ehime PrefectureImabariLocation in JapanCoordinates: 34°4′N 133°0′E / 34.067°N 133.000°E / 34.067; 133.000CountryJapanRegionShikokuPrefectureEhime PrefectureGovernment • MayorShigeki Tokunaga (since February 2021)Area • Total419.14 km2 (161.83 sq mi)Population (August 31, 2012) • Total152...

 

 

The Idiot (1951 film)

1951 Japanese drama film The IdiotTheatrical release poster showing Toshiro Mifune (left), Masayuki Mori (centre) and Setsuko Hara (right)Japanese nameKanji白痴TranscriptionsRevised HepburnHakuchi Directed byAkira KurosawaScreenplay byAkira KurosawaEijirō HisaitaBased onThe Idiotby Fyodor DostoevskyProduced byTakashi KoideStarringSetsuko HaraYoshiko KugaToshiro MifuneMasayuki MoriTakashi ShimuraNoriko SengokuCinematographyToshio UbukataEdited byAkira KurosawaMusic byFumio HayasakaProductio...

Court End

Historic neighborhood of Richmond, Virginia, United States 37°32′38″N 77°25′53″W / 37.54389°N 77.43139°W / 37.54389; -77.43139 1000 block E. Clay Street There are several areas in Downtown Richmond, including Shockoe Bottom, Shockoe Slip, the River District, Belle Isle, Monroe Ward, Manchester, Jackson Ward, Main Street, Court End, Tobacco Row, and the Canal Walk. edit Court End is a neighborhood in Richmond, Virginia, that sits to the north of the Capitol ...

 

 

Borča

Borča БорчаPemandangan BorčaKoordinat: 44°52′N 20°27′E / 44.87°N 20.45°E / 44.87; 20.45Koordinat: 44°52′N 20°27′E / 44.87°N 20.45°E / 44.87; 20.45NegaraSerbiaKotaBeogradKota prajaPalilulaLuas • Total56,81 km2 (2,193 sq mi)Populasi (Sensus 2011)[1] • Total46.086 • Kepadatan8,1/km2 (21/sq mi)Zona waktuUTC+1 (CET) • Musim panas (DST)UTC+2 (CEST)K...

 

 

Bremen-Verden

Peta wilayah Bremen-Verden (warna pink muda). Bremen-Verden, secara resmi dikenal dengan nama Kadipaten Bremen dan Verden (pelafalan dalam bahasa Jerman: [ˈfɛːɐ̯dən]; Jerman: Herzogtümer Bremen und Verdencode: de is deprecated ), adalah dua wilayah fief Kekaisaran Romawi Suci yang memperoleh status reichsfreiheit pada tahun 1180. Pada awalnya keduanya bernama Keuskupan Agung Bremen dan Keuskupan Verden. Pada tahun 1648, kedua keuskupan ini disekularisasi, atau dalam kata lain d...

U.S. Route 264

Highway in the United States U.S. Highway 264US 264 in red, US 264 Alt. in blue, US 264 Bus. in Belhaven in pinkRoute informationAuxiliary route of US 64Maintained by NCDOTLength215.7 mi[1] (347.1 km)Existed1932–presentTouristroutes Pamlico Scenic BywayMajor junctionsWest end I-87 / I-440 / US 64 / US 64 Bus. in Raleigh Major intersections I-540 near Knightdale US 64 near Zebulon I-95 / I-587 / I-795 near Wilson I-587 ...

 

 

Ramón Ramírez (Dominican pitcher)

Dominican baseball player (born 1981) This article is about the current pitcher. For the former Cincinnati Reds pitcher, see Ramón Ramírez (Venezuelan pitcher). For the Panamanian national pitcher, see Ramón Ramírez (Panamanian pitcher). For other uses, see Ramón Ramírez. Baseball player Ramón RamírezRamirez with the New York Mets in 2012PitcherBorn: (1981-08-31) August 31, 1981 (age 42)Puerto Plata, Dominican RepublicBatted: RightThrew: RightProfessional debutNPB: 2002, for...

 

 

土库曼斯坦总统

土库曼斯坦总统土库曼斯坦国徽土库曼斯坦总统旗現任谢尔达尔·别尔德穆哈梅多夫自2022年3月19日官邸阿什哈巴德总统府(Oguzkhan Presidential Palace)機關所在地阿什哈巴德任命者直接选举任期7年,可连选连任首任萨帕尔穆拉特·尼亚佐夫设立1991年10月27日 土库曼斯坦土库曼斯坦政府与政治 国家政府 土库曼斯坦宪法 国旗 国徽 国歌 立法機關(英语:National Council of Turkmenistan) ...

Пушка в геральдике

Пушка — негеральдическая искусственная гербовая фигура, возникшая изначально в шведской и русской геральдике в Новое время с XVII века. В геральдике почти без исключений артиллерийское орудие этого типа представляется на раннем этапе своего развития — не казнозар...

 

 

The Soul of Ike & Tina Turner

1961 studio album by Ike & Tina TurnerThe Soul of Ike & Tina TurnerStudio album by Ike & Tina TurnerReleasedFebruary 1961Recorded1960, St. LouisGenreSoul[1]Length31:39LabelSueProducerIke Turner, Juggy MurrayIke & Tina Turner chronology The Soul of Ike & Tina Turner(1961) Dynamite!(1962) Singles from The Soul of Ike & Tina Turner A Fool In LoveReleased: July 1960 I Idolize YouReleased: November 1960 I'm JealousReleased: January 1961 The Soul of Ike &...

 

 

Left-wing terrorism

Terrorism motivated by left-wing or far-left ideologies Damage resulted from the bombing outside of the Chamber of the United States Senate on November 7, 1983. The bombing was a retaliation hit against U.S. military involvement in Lebanon and Grenada.[1] Part of a series onTerrorism Definitions History Incidents By ideology Anarchist Communist Left-wing/Far-left Narcotics-driven Nationalist Right-wing/Far-right Religious Buddhist Christian (Mormon) Hindu Islamic (Salafi-Wahhabi) Jewi...

Toke Makinwa

Nigerian media personality (born 1984) Toke MakinwaNovember 2018 GTBank Fashion Weekend Cocktail Party led by en:Jemima Osunde and Toke MakinwaBorn (1984-11-03) 3 November 1984 (age 39)[1]Lagos StateAlma materUniversity of LagosOccupationsRadio personalitytelevision hostvloggerentrepreneurauthoractorYears active2010–presentSpouse Maje Ayida ​(m. 2014⁠–⁠2017)​[2][3]WebsiteOfficial website Toke Makinwa (bo...

 

 

2017 Russian Grand Prix

2017 Russian Grand Prix Race 4 of 20 in the 2017 Formula One World Championship← Previous raceNext race → Layout of the Sochi AutodromRace details[1]Date 30 April 2017Official name 2017 Formula 1 VTB Russian Grand Prix[2][3]Location Sochi Autodrom,Adlersky City District, Sochi, Krasnodar Krai, RussiaCourse Permanent racing facilityCourse length 5.848 km (3.634 miles)Distance 52 laps, 303.897 km (188.833 miles)Scheduled distance 53 laps, 309.745 ...

 

 

Thakurli railway station

Railway Station in Maharashtra, India This article does not cite any sources. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed.Find sources: Thakurli railway station – news · newspapers · books · scholar · JSTOR (December 2011) (Learn how and when to remove this message) Thakurli Indian Railways and Mumbai Suburban Railway stationGeneral informationLocationThakurli, Kalyan-Dombiv...

Henry IV, Duke of Mecklenburg

This article needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed.Find sources: Henry IV, Duke of Mecklenburg – news · newspapers · books · scholar · JSTOR (February 2024) (Learn how and when to remove this message) Duke of Mecklenburg Henry IVDuke of MecklenburgHenry the FatBorn1417Died9 March 1477SpouseDorothea of BrandenburgHouseHouse o...

 

 

Reactor de Pruebas Avanzado

Imagen del núcleo del Reactor de Pruebas Avanzado en forma de trébol de cuatro hojas. El Reactor de Pruebas Avanzado (por sus siglas en inglés, ATR: Advanced Test Reactor) es un reactor de investigación del laboratorio Nacional de Idaho (Idaho National Engineering and Environmental Laboratory INEEL). El ATR fue puesto en funcionamiento en 1967 con el objetivo principal de realizar pruebas de materiales y combustibles para el Programa de Reactores Navales de Estados Unidos. Es el reactor e...