UK Threatens £100K-A-Day Fines Under New Cyber Bill
Arthur T Knackerbracket has processed the following story:
The UK's technology secretary revealed the full breadth of the government's Cyber Security and Resilience (CSR) Bill for the first time this morning, pledging 100,000 ($129,000) daily fines for failing to act against specific threats under consideration.
Slated to enter Parliament later this year, the CSR bill was teased in the King's Speech in July, shortly after the Labour administration came into power. The gist of it was communicated at the time - to strengthen the NIS 2018 regulations and future-proof the country's most critical services from cyber threats - and Peter Kyle finally detailed the plans for the bill at length today.
Kyle said the CSR bill comprises three key pillars: Expanding the regulations to bring more types of organization into scope; handing regulators greater enforcement powers; and ensuring the government can change the regulations quickly to adapt to evolving threats.
Additional amendments are under consideration and may add to the confirmed pillars by the time the legislation makes its way through official procedures. These include bringing datacenters into scope, publishing a unified set of strategic objectives for all regulators, and giving the government the power to issue ad-hoc directives to in-scope organizations.
The latter means the government would be able to order regulated entities to make specific security improvements to counter a certain threat or ongoing incident, and this is where the potential fines come in.
If, for example, a managed service provider (MSP) - a crucial part of the IT supply chain - failed to patch against a widely exploited vulnerability within a time frame specified by a government order, and was then hit by attacks, it could face daily fines of 100,000 or 10 percent of turnover for each day the breach continues.
"Resilience is not improving at the rate necessary to keep pace with the threat and this can have serious real-world impacts," said Kyle. "The government's legislative plan for cyber security will address the vulnerabilities in our cyber defenses to minimize the impact of attacks and improve the resilience of our critical infrastructure, services, and digital economy."
Read more of this story at SoylentNews.