Tech TV’s Bill Mew and Pete Warren are the first TV reporters in the UK to cover the new Cyber Security and Resilience (Network and Information Systems) Bill. Their guests for this special half-hour debate are James Morris, CEO of the CSBR and Carolyn Harrison, CEO of Assured Clarity.

Topics discussed are:

1) UK Cybersecurity and Resilience Bill – As expected the proposed new legislation widens the classification of critical national infrastructure (to include data centres and MSPs, etc) and introduces mandatory breach reporting rules (Organisations in scope will need to report more harmful cyber incidents to their regulator and the National Cyber Security Centre within 24 hours, with a full report within 72 hours).

2) Henry VIII Powers and Big Penalties – The new Cyber Security and Resilience (Network and Information Systems) Bill also includes a controversial Henry VIII clause (King Henry VIII famously ruled by proclamation, bypassing Parliament) which allows ministers to modify legislation made by Parliament or by regulations, without going through the ordinary law-making process. This means that the minister is empowered to make as yet unspecified demands that people take action that the minister deems essential (e.g. to patch a vulnerability) – if you don’t do so then for serious violations under the new rules will result in penalties that could reach daily fines equivalent to £100,000 ($131,000), or 10 percent of the organization’s daily turnover – whichever is higher.

3) Changing Attitudes and Behaviour – The most controversial issue in the Bill is the new ministerial powers and the potential fines that come with them. Obviously, the government has recently had to consider a massive bailout for Jaguar Landrover and it doesn’t want to be in a position where it has to do this at all so needs organisations to take cybersecurity more seriously – aside from the wider economic impact of cybercrime. The question is… will these new powers and penalties have the desired effect? and if not, then what is needed to make organisations take cybersecurity more seriously?

#cybersecurity #cyber #security #resilience