This publication and the abstract below was published by Atkins Global. ICIT strongly encourages you to visit the Atkins Global Publication Library to search for additional information security resources which are freely available.

Protecting our critical infrastructure : Understanding new cyber security laws

Operators of the UK’s essential services face fines of up to £17 million if they fail to comply with strict, new cyber security laws.

From 10 May 2018 organisations must be able to demonstrate that they understand the threat to their network and systems and have wide-reaching measures in place to detect and manage a security breach. The Network and Information Systems Directive (NIS Directive), proposed by the European Union, seeks to protect our vital infrastructure from increasingly sophisticated attacks. In this paper, we offer our insight into the regulations and ask what they mean for the UK. We consider how the structure, processes, policies and systems within companies may change to meet the requirements, and we highlight the resources and expertise needed to comply. Finally, we discuss the impact of the new rules on the supply chain, and consider the action operators should take to avoid a hefty penalty.