Fines of up to £17m if UK infrastructure firms neglect cyber security
The Government has announced plans to fine Infrastructure firms up to £17m if they don’t have adequate cyber security measures in place.
Under a new directive, UK regulators will be able to inspect cyber security at premises operated by transport, energy water and health companies, checking for any threat to public safety and possibility of significant adverse or economic impact resulting from a disruptive incident.
The announcement follows plans last year from the Department for Digital, Culture, Media and Sport to bring the UK in line with the EU Network and Information Systems (NIS) Directive, which comes into effect in May.
The directive will also cover threats affecting IT services, hardware failures and environmental attacks.
Margot James, Minister for Digital and the Creative Industries, said: “Today we are setting out new and robust cybersecurity measures to help ensure the UK is the safest place in the world to live and be online.
“We want our essential services and infrastructure to be primed and ready to tackle cyber attacks and be resilient against major disruption to services.”
Discussing the directive, Jens Monrad, analyst at cyber security company FireEye, said: “With so many nations, including the UK, now relying on digitalisation, hackers may look to cause mass disruption by targeting critical national infrastructure,” said Jens Monrad, at cyber-security company FireEye.
“This could be systems, which the UK government and citizens rely on, like healthcare systems, water supply and electricity.”