MPs across all parties have serious fears about the UK’s cyber security defences, according to a YouGov survey. Among 100 surveyed MPs, 62 believe there is a serious risk of critical national infrastructure being compromised.
This includes the possibility of the UK’s nuclear capabilities being hacked, as well as the comparably less disastrous (but still severe) threat to transport links, energy and water suppliers, hospitals and digital services.
The concern isn’t new. Ciaran Martin, head of the NCSC (National Cyber Security Centre), said in April that it is a matter of “when, not if” the UK suffers a debilitating cyber attack. However, the fact that so many MPs have acknowledged the threat is promising. It should create a push in parliament for strengthened cyber defences in essential services, a move that began with the transposition of the EU’s NIS Directive (Directive on security of network and information systems) into UK law, where it is referred to as the NIS Regulations (The Network and Information Systems 2018).
Ollie Whitehouse, global chief technical officer at the NCC Group, which commissioned the survey, said: “It’s very positive to see that a majority of MPs are aware of the different threats we face and realise the gravitas of a successful attack, particularly with regards to our resilience as a nation.”
He noted the government’s proactivity in implementing initiatives to address cyber security and business continuity. The UK was one of the first EU member states to transpose the NIS Directive into national law, and the government has done a good job releasing guidance to help organisations within its scope.
Whitehouse added: “MPs play a significant role in these initiatives, so it’s important to maintain continued education around modern threats and informed dialogue amongst all stakeholders. This will ensure that parliamentary staff at all levels understand the steps they need to take, in both their professional and personal lives, to address cyber risk head-on.”
Complying with the NIS Regulations
The UK’s ability to avert a major cyber attack depends on organisations’ ability to comply with the NIS Regulations. The legislation lays out the steps that OES (operators of essential services) and DSPs (digital service providers) must take to mitigate the risk of an attack and the damage it can cause.
Meeting the NIS Regulations’ requirements will be a long, hard process, so it’s important to be as prepared as possible. Our NIS Regulations Gap Analysis enables you to assess how big of a job you have on your hands. A specialist cyber security consultant will analyse your organisation and provide you with a detailed report containing:
- An analysis of the overall state and maturity of your cyber security and resilience arrangements;
- Specific details of the gaps between your current cyber arrangements and the requirements of the NIS Regulations;
- An action plan that outlines and indicates the level of internal management effort required to implement and maintain a cyber resilience programme in line with the NIS Regulations;
- A compliance status report against the individual elements of the requirements; and
- Recommendations for solutions, including resource requirements and proposed timelines.
Take part in the NIS Regulations readiness survey for a chance to win a £300 voucher that can be used against any product or service purchased from IT Governance >>