/ News

Plans to fine water firms and power plants with poor cyber security unveiled

National utilities and infrastructure providers could be fined up to £17 million if it is discovered that they have poor cyber security facilities, it was announced at a House of Lords Committee yesterday.

Speaking on a panel on cyber security for critical national infrastructure (CNI) yesterday, Elliot Rose, cyber security head at PA consulting, warned: "We've all been preoccupied with GDPR, but the [EU Network and Information Systems] directive [will carry] significant fines."

Rose also mentioned that many organisations are facing tough challenges as legacy systems are increasingly introduced to working with the internet.

It is thought that new measures will come into force next May and these will also cover threats affecting IT systems as well as infrastructure.

Over the past year it has become increasingly clear that Britain’s CNI is a prominent target for hackers and state actors.

Only last month, both US and UK governments warned of increasing infrastructure attacks that was the first joint statement of its kind in history.

According to the release, Russian attackers are focussing on weak security systems, legacy protocols, and service ports intended for administration purposes.

Alastair MacWillson, chair of the Institute of Information Security Professionals: “Because of difference in margins, in my experience it is more difficult for a water company, say, to hire a top cyber security team than it is for a bank. There is that industry challenge."