Alexander Martin
In a policy statement published Tuesday, the British government set out what its forthcoming Cyber Security and Resilience Bill will include when it is introduced to parliament later this year.
The belated reworking of the country’s cybersecurity regulations comes three years after the previous government had prematurely described those laws as “updated” while failing to actually introduce the legislation.
“For too long, successive governments have failed to properly address the growing risk posed by cyber criminals and hostile states. Our people have paid the price,” said Peter Kyle, the Secretary of State, in a foreword to the policy document.
Britain’s cybersecurity laws were passed in 2018 and are based on the European Union’s Network and Information Systems (NIS) Directive. They were not reworked following the United Kingdom’s withdrawal from the European Union in 2020, even though the EU itself did so through the NIS2 update in 2022.
The original law introduced duties for organizations in critical sectors to report cyber incidents to their regulators, but the thresholds for reportable incidents were based on the “interruption to the continuity of the essential or digital service” meaning that organizations had no duty to report compromises that involved pre-positioning or reconnaissance so long as the attacker didn’t disrupt the target system.
No comments:
Post a Comment