"From May's cyberattack on the Legal Aid Agency to the Foreign Office breach months later, cyber incidents have become increasingly common in UK government. The scale extends far beyond these high-profile cases: the NCSC reports that 40 percent of attacks it managed between September 2020 and August 2021 targeted the public sector, a figure expected to grow. Given this threat landscape, why does the UK's flagship Cyber Security and Resilience (CSR) Bill exclude both central and local government?"
"Sir Oliver Dowden, former digital secretary and current shadow deputy PM, led calls in the House of Commons this week urging Labour to rethink its stance on excluding central government from the Cyber Security and Resilience (CSR) Bill. "I would just urge the minister, as this bill passes through Parliament, to look again at that point, and I think there is a case for putting more stringent requirements on the public sector in order to force ministers' minds on that point.""
"The CSR bill was announced days into Sir Keir Starmer's tenure as Prime Minister, aiming to provide an essential refresh of the country's heavily outdated NIS 2018 regulations. It proposed to bring managed service providers into scope, as was scheduled in 2022 before those plans fell by the wayside, and datacenters, among many other aspects. Parallels can be drawn with the EU's NIS2."
Cyber incidents against UK government have increased, with attacks such as the Legal Aid Agency and Foreign Office breaches illustrating the trend. The NCSC handled attacks where 40 percent targeted the public sector between September 2020 and August 2021, with that share expected to grow. The government's Cyber Security and Resilience (CSR) Bill updates parts of the NIS 2018 framework and would bring managed service providers and datacenters into scope. The CSR Bill, however, explicitly excludes public authorities, leaving central and local government outside statutory scope. Ministers propose a Government Cyber Action Plan to hold departments to equivalent security standards.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]