New bill protecting public services from cyberattacks

Author: Simon Rowley

In yesterday’s King’s Speech (17 July 2024), the new Labour government pledged to strengthen the UK’s cybersecurity and resilience, promising to introduce new legislation designed to protect critical infrastructure and the digital services businesses rely on from highly damaging cyberattacks.

The Cyber Security and Resilience Bill will expand the remit of existing regulation to cover a broader range of digital services and supply chains, put regulators in a better position to ensure best practices are implemented, and mandate increased reporting so that better data on cyberattacks, and their impact, is available. This comes following a series of cyberattacks against public bodies throughout the year, including attacks targeting the NHS and MoD.

Darren Anstee, Chief Technology Officer for Security at NETSCOUT, comments on the new Cyber Security and Resilience Bill, and the best practices for organisations to implement to improve their cyber resilience:

“The existing regulations in the UK, introduced in 2018, have helped to ensure that critical national infrastructure and the services it delivers are defended from cyberattacks. As we’ve seen recently though, attackers are targeting these services indirectly by going after elements of their supply chain. We’re also seeing the nature of the threats we all face evolve, with more sophistication and broader, as well as increasingly persistent, activity from nation-state affiliated actors. Given this, broadening the scope of regulation, and giving the regulators more powers to ensure best practices are followed, can only be a good thing.

“Equally important is the ability to mandate increased incident reporting. A broader, deeper and more timely view into the nature of the incidents that organisations experience can help to both refine best practices and ensure that companies can move quickly to prevent attackers repeating their success. Bad actors share tools and techniques – organisations delivering critical services, and those involved in their supply chains, should follow suit, working with one another, or via industry and government institutions that can aid communications.

“What’s key in delivering better reporting capability, from a technology perspective, is that organisations have consistent visibility across their increasingly diverse infrastructures, without blind spots at internal or external technology borders. Consistent broad and deep visibility helps to ensure comprehensive threat detection, but also speeds up investigation and delivers the forensic capability required.”

For more from NETSCOUT, click here.