CyberWisdom Safe Harbor Commentary on GDPR:
As businesses have filed compliance on the forthcoming data protection legislation on GDPR, businesses operating in member states will face another wave of cybersecurity requirements as part of the NIS Directive on Network and Information Security until 20185 On the 9th of each month, it is implemented in member states.
In the UK, the government announced that organizations that work in key service areas such as energy, transport, water, and health could not prove their cyber-security systems could be fined up to £ 17 million ($ 24 million) to be adequately equipped to withstand attacks.
The main requirements for the organization include having the right people and organizations to deal with cyber attacks; having the right software to protect against attacks; having the proper ability to detect if an attack has occurred; and establishing a proper system that, in the event of system compromise Minimize the impact of the attack (although the other three are in place).
More detailed guidance includes how to secure other aspects of your network, such as your supply chain and the data in the cloud.
The new regulator will evaluate private and public organizations in each sector, not only to review existing infrastructures but also to penalize those who are considered not safe enough and to report violations and promptly make The system of reaction.
Penalties can only be enforced if the system still needs to be improved after the organization is notified. The Ministry of Culture, Media and Sports, which is responsible for implementing the directive as part of its overall responsibility for the digital economy, said this is “the last resort and does not apply to operators that adequately assess risks, take appropriate security measures, and Regulators contacted but were still attacked.
The National Security Operations Directive (NIS Directive) and the Directives governing how organizations and governments comply are monitored by the National Cyber Security Center (a part of GCHQ). The government has earmarked 1.9 billion pounds of funds and has partnered with companies such as Microsoft in a more unified response to the country’s cyber-security threats.
Ciaran Martin, chief executive of the National Cyber Security Center, said in a statement: “Networks and information systems provide important support for day-to-day activities, so it is vital that they be as secure as possible.
Contrast on GDPR
An interesting contrast with the decision to force existing traditional organizations to perform their duties better is in contrast with the development of the United States, whose development priorities seem to be expanding to include newer infrastructures.
Yesterday, Axios reported leaked documents from the U.S. National Security Council, advising the U.S. government to build a 5G mobile network. The view is that China’s dominance in wireless networks means that private operators building their own 5G networks tend to buy equipment from Chinese manufacturers.
However, this posed a security threat because of China’s state-sponsored hacking. Therefore, from the ground up – government-controlled supplier trading, construction, and operations – is a safer way to help secure the network itself as well as key services in transportation, energy and other areas.
Ingrid Lunden (@ingridlunden)”> As companies gear up to make themselves complaint with upcoming data protection regulations in Europe around GDPR, those doing business in Member States will also be facing another wave of requirements around cyber security, as part of the NIS Directive covering network and information security that must be put into place across Member States by May 9, 2018. In the UK, the government has announced that organizations working in critical services like energy, transport, water and health can be fined up to £17 million ($24 million) as a “last resort” if they fail to demonstrate that their cyber security systems are equipped adequately against attacks. Major requirements for organizations will include having the right people and organization in place to handle a cyber attack; having the right software in to protect against attacks; having the right capabilities in place to detect if an attack has taken place anyway; and having the right systems in place to minimize the impact of an attack if a system is breached (despite the other three being in place). More detailed guidance includes how to secure other aspects of your network, such as your supply chain and how your data in the cloud. Private and public organizations in each sector will be evaluated by new regulators, which will not only vet existing infrastructure and fine those who are deemed to have not had good enough security in place, but help set up systems for reporting breaches and responding to them quickly. The fines will only be applied after organizations are notified of where they are still required to improve their systems. They will be applied, the DCMS said, as “a last resort and will not apply to operators [that] have assessed the risks adequately, taken appropriate security measures and engaged with regulators but still suffered an attack.” The NIS Directive and managing how organizations and the government will comply are being overseen by the National Cyber Security Centre, which is part of the GCHQ. Engaging post, Read More…
thumbnail courtesy of techcrunch.com
If you like to receive more of these curated safe harbor news alerts then subscribe to my mailing list. and come back soon at https://www.safeharboroncyber.com/Blog/ to read further CyberWisdom Safe Harbor Commentaries. Home » Curated SafeHarboronCyber’s CyberWisdom Post »