New rules aimed at boosting cyber security recognize the importance of cloud computing, considering it part of the UK’s vital infrastructure.
Under the European Union’s Network and Information Systems (NIS) directive, businesses that provide essential services such as critical energy, transport, water and health firms, will have to ensure their security is strong enough to protect their network and information systems and will have to notify relevant authorities of any serious incidents or breaches.
Leaders of these vital firms have been warned that failure to have strong safeguards to prevent cyber-attacks, could see them being fined up to £17m, according to the guidance published by the UK government.
However, the government said the fines would only be a last resort and wouldn’t apply to operators which have assessed the risks properly, taken adequate security measures and engaged with regulators but still were attacked.
Margot James, Minister for Digital and the Creative Industries, commented,
“Today we are setting out new and robust cyber security measures to help ensure the UK is the safest place in the world to live and be online.
“We want our essential services and infrastructure to be primed and ready to tackle cyber-attacks and be resilient against major disruption to services.
“I encourage all public and private operators in these essential sectors to take action now and consult NCSC’s advice on how they can improve their cyber security.”
The NIS directive is due to become part of UK law in May. Despite emerging from Europe, Brexit is unlikely to change it. The government stated that following Brexit, these policy provisions will continue to apply in the UK.