Industries running critical infrastructure in the UK will be facing fines as much as £17 million ($24 million), if they fail to put in strong cybersecurity measures as required by the NIS Directive.
NIS covers network and information security to be put into place by 9 May, 2018, and was announced by the UK government on Sunday.
The affected industries include transport, water, energy, and health businesses.
These fines are apparently as “last resort” if any of the above-mentioned businesses fails to follow the cybersecurity guidelines as required by all industries in the EU member states.
The government warned that a regulator will be able to assess the cybersecurity infrastructure of the country’s critical industries and will have the power to issue legally-binding instructions to make sure the security is up to its mark — including imposing fines.
The Directive’s objectives are outlined as to manage security risk, ensure protection against cyber attacks, detecting cybersecurity events, and minimising the impact of cybersecurity incidents.
“We want our essential services and infrastructure to be primed and ready to tackle cyber attacks and be resilient against major disruption to services. I encourage all public and private operators in these essential sectors to take action now and consult NCSC’s advice on how they can improve their cybersecurity,” said Margot James, Minister for Digital and Creative Industries.
According to the government, they are working on a “simple, straightforward reporting system” where it will be one can easily report cyber breaches and IT failures so they can be quickly identified and acted upon.
The National Cyber Security Centre (NCSC) website states that the first iteration of the Cyber Assessment Framework (CAF) will be available by the end of April 2018.