In response to the WannaCry attack of May 2017, the NHS is now planning to invest £20 million in a Security Operations Centre, which will include ‘ethical hackers’ assessing the NHS’s defences against cyber attacks in order to prevent future data breaches.
The NHS is also expecting the new Security Operations Centre to improve security communications within the organisation to make incident response to any future breaches more effective.
The NIS Directive: requirements for organisations operating in critical infrastructure industries
The Directive on Security of Network and Information Systems (NIS Directive) will be transposed into UK law by May 2018. It is aimed at bolstering cyber security in national infrastructure and essential services.
It requires operators of essential services (OESs) and digital service providers (DSPs) to implement security measures appropriate to the associated risks, as well as measures that minimise the impact of incidents and ensure business continuity.
The UK government held a consultation on its plans for compliance with the NIS directive, and a response to the feedback is due very soon. The NHS will almost certainly be considered an OES and will be subject to the Directive’s requirements.
Less than six months to prepare for the NIS Directive
While the NHS are taking their first steps in compliance with the NIS Directive, many companies may be woefully unprepared.
The Directive will be coming into effect in less than six months, and although there will be a further six months for EU Member States to formally identify those organisations operating in critical infrastructure, those organisations must start preparing now.
It’s vital that these organisations begin finding solutions to implement and enhance their cyber resilience in order to be thoroughly prepared for the compliance deadline.
NIS Directive solutions tailored to meet your organisation’s needs
Penetration testing is an effective way to evaluate your organisations ability to protect itself and get detailed information on actual, exploitable security threats, and should be considered in a NIS Directive compliance programme.
IT Governance offers a comprehensive range of cyber resilience solutions to meet your organisation’s NIS Directive obligations, and to ensure continued compliance once transposed into law:
- Information security management, supported by the international information security management standard, ISO 27001.
- Business continuity and cyber incident response management, supported by the international standard for business continuity, ISO 22301.