UK Government plans to strengthen critical infrastructure with new cyber Bill

The UK government is set to introduce a new Cyber Security and Resilience Bill in order to enhance the cyber defences of critical infrastructure, including hospitals and energy suppliers.

This initiative is part of the government’s broader “Plan for Change,” focused on bolstering security and promoting economic growth.

The new bill will require approximately 1,000 service providers that supply essential IT services to public services and the wider economy to improve their cyber security measures. The government aims to reduce the vulnerability of these organizations to cyberattacks, thereby increasing public and investor confidence in digital services.

This legislative push is a response to the significant economic and social disruption caused by cyber threats. Government figures indicate that cyberattacks cost the UK economy nearly £22 billion between 2015 and 2019. A recent attack on NHS pathology services resulted in substantial financial losses and widespread appointment cancellations. The government warns that a similar attack on energy infrastructure could cause even greater economic damage.

“Economic growth is the cornerstone of our Plan for Change, and ensuring the security of the vital services which will deliver that growth is non-negotiable,” stated Secretary of State for Science, Innovation, and Technology Peter Kyle.

The government is also considering additional measures to enhance its ability to respond to emerging cyber threats. This includes granting the Technology Secretary the authority to direct regulated organizations to strengthen their defenses and potentially extending protections to over 200 data centres.

The National Cyber Security Centre (NCSC) has reported a significant number of cyber incidents, with nearly two every week classified as nationally significant. A recent survey indicates that half of British businesses experienced a cyber breach or attack in the past year.

Richard Horne, NCSC CEO, emphasized the importance of the new bill, stating that it “will ensure we can improve the cyber defences of the critical services on which we rely every day.” The legislation will empower the Technology Secretary to update the regulatory framework to address evolving cyber threats.

The Cyber Security and Resilience Bill is part of a series of government initiatives to bolster the UK’s cyber security.