UK Cyber Security Regulatory Forecast for September 2024
The European Union, the UK, and international agencies are taking decisive steps to bolster cyber resilience and counter major cyber incidents that could disrupt key financial services and operations.
The three European Supervisory Authorities (EBA, EIOPA, and ESMA) have established the EU systemic cyber incident coordination framework (EU-SCICF) to support the EU's Digital Operational Resilience Act (DORA). This framework aims to strengthen coordination among financial authorities and key actors, creating an effective financial sector response to cyber incidents.
On a national level, the UK has classified its data infrastructure, including physical data centres and cloud operators, as critical national infrastructure (CNI). This designation places data centres on equal footing with essential services like water, energy, and emergency services. A dedicated CNI data infrastructure team will be established to oversee and coordinate access to the National Cyber Security Centre (NCSC) and emergency services during critical incidents.
The Information Commissioner's Office (ICO) and the National Crime Agency (NCA) have signed a memorandum of understanding (MoU) on 5th September 2024, aiming to improve the UK's cyber resilience. The MoU establishes a framework for cooperation and information sharing between the ICO and the NCA, including sharing intelligence about cyber security, reminding organisations of their legal obligations to notify all relevant regulators of a cyber incident, and coordinating incident management.
The NCSC and its international partners have identified a unit of Russia's military intelligence service as responsible for carrying out a campaign of malicious cyber activity targeting government and critical infrastructure organisations around the world. The NCSC and international partners issued a joint advisory warning about the threat from a Democratic People's Republic of Korea-state sponsored group called "Andariel". This group primarily targets defence, aerospace, nuclear, engineering, medical, and energy sectors.
The advisory outlines technical details and mitigation advice for organisations. The NCSC strongly advises organisations to follow the recommended actions set out in the advisory to strengthen their cyber resilience and defend their networks against GRU-linked attacks, including prioritising routine system updates and patching known vulnerabilities.
The NCSC's chief technology officer published a blog post encouraging organisations to share information on cybersecurity incidents and their impact on services. The NCSC also encourages organisations to share information on the Connect Information Share Protect (CISP) platform or other trusted cyber security groups.
In a global effort to combat cybercrime, United Nations member states have agreed on a draft text for a convention against cybercrime to strengthen international cooperation in addressing the threat posed by technology used by criminals. The draft convention aims to address offences such as terrorism and organized crime once it is adopted by the UN General Assembly.
The international agencies have also published a joint advisory detailing the tactics and techniques used by the GRU Unit 29155 to target organisations to collect information for espionage purposes, the theft and leaking of sensitive information, disruption of websites, and destruction of data.
While the name of the person leading the new CNI data infrastructure team is not publicly available, the establishment of this team is a significant step towards enhancing the UK's cyber resilience. The EU-SCICF, the MoU between the ICO and the NCA, and the joint advisories issued by the NCSC and its international partners are all part of a comprehensive approach to strengthening cyber resilience and protecting critical infrastructure from cyber threats.
Read also:
- Setting Up and Expanding Operations at a Soil Blending Facility
- Surveying the Scene: Legality, Drones, and American Anti-Terror Strategy
- Regional University's healthcare system strengthened through collaborative partnership with Chancellor Dr Fiona Hill
- Reminisced University Trustee David M. Flaum as a 'fervent advocate' for the University and community
