IET reaction to Cyber Security and Resilience Bill

The Cyber Security and Resilience Bill was introduced to Parliament on Wednesday (12 November), with proposed new law aimed at protecting electricity, drinking water supplies, the NHS and other public services from cyber attacks.

Dr Junade Ali, cyber security expert and Fellow at the IET said: “The Cyber Security and Resilience Bill is an important, long-awaited piece of legislation which is much needed to address the significant cybersecurity threat the country is facing, not least due to the threat of ransomware targeting our Critical National Infrastructure.

“What will be essential as this Bill navigates the Parliamentary process is policymakers and legislators being mindful of the rapidly evolving evidence base of cybersecurity threats, as it develops further over the coming months. It is therefore essential that lawmakers and cybersecurity experts work together as this Bill makes progress.

“This legislation offers a golden opportunity to ensure that the currently piecemeal and disjoint regulatory framework around cybersecurity – and the mandatory reporting of cybersecurity incidents – is replaced with a holistic framework, whilst ensuring that academics and policymakers have access to the latest data.”

Dr Graham Herries, Chair of the IET’s Policy Oversight Committee said: “All cyber security measures that increase the responsibility and accountability for cyber security of public services are welcomed. The professionalism of the staff involved in cyber security protection is critical. At the IET, we seek to ensure that all individuals involved in cyber security are suitably trained and certified by professional bodies, particularly those architecting systems and making decisions around risk and technology selection.

“The cyber risk is persistent, and the preparedness of such public institutions should be focussed on resilience – with strong preparedness for recovery from an incident rather than assuming an incident can be prevented in its entirety.

“The proposed Bill includes the statement: “Enforcement powers will be bolstered to ensure companies are punished if they cut corners in cybersecurity.” However, the concept of “cutting corners” is problematic because it cannot be precisely defined. Cybersecurity is a constantly evolving field where defences must adapt to new technologies and emerging threats. As a result, this could be exploited contractually by IT providers, who may respond by inflating costs without delivering meaningful improvements, simply to meet the perceived compliance burden.”

 
ENDS

Notes to Editor

About the IET

• We inspire, inform and influence the global engineering community to engineer a better world.     
• We are a diverse home for engineering and technology intelligence throughout the world. This breadth and depth means we are uniquely placed to help the sector progress society.     
• We want to build the profile of engineering and technology to change outdated perceptions and tackle the skills gap. This includes encouraging more women to become engineers and growing the number of engineering apprentices.    
• Interview opportunities are available with our spokespeople from a range of engineering and technology disciplines including cyber-security, energy, engineering skills, innovation, manufacturing, technology, transport and diversity in engineering.    
• For more information, visit www.theiet.org.    
• Follow the IET on LinkedIn and Instagram via @TheIET / @InstitutionofEngineeringandTechnology.    

Media enquiries to:

Rebecca Gillick
External Communications & PR Lead
E: rgillick@theiet.org