IET’s response to the Cyber Security and Resilience Bill call for evidence

The IET has responded to a call for evidence from the Public Bill Committee for the Cyber Security and Resilience Bill (CSRB).

The Bill is a welcome step forward to bolster cyber defences in UK businesses and the public sector, bringing together the current piecemeal regulatory frameworks. There are going to be key areas that will be critical to the successful implementation of the Bill, including, increasing the remit and scope of the CSRB, ensuring robust professional standards, focussing on response as well as preparation for cyber-attack and ensuring clarity and proportionality.

The IET recommends:

• Remit: The remit of sectors covered by the CSRB is too narrow to adequately protect the economy and provide resilience to the UK, for example food and medical manufacturing should be covered. The Bill should be strengthened and align more closely with European legislation, particularly for critical infrastructure.
• Standards: There should be standardisation across regulators to ensure that there is parity when considering an appropriate implementation of the bill between sectors.
• Clarity and Proportionality: Clarity and guidance on what is expected of business and repercussions for breaching the Bill is needed to ensure smooth compliance and support business continuity. Proportionality must be a key aim.
• Response plans: Stronger requirements for response plans, underpinned by standards, are required. Cyber security is not just about prevention, but businesses should model their response in the event of a breach to identify weaknesses as a part of routine response planning.
• Professionalism: Cyber security threats are ever evolving, which is why cyber security experts should be chartered and backed by professional organisations to share best practice.
• Mandatory Reporting: The IET welcomes the mandatory reporting outlined in the Bill.