Atkins issues warning over cyber resilience
Atkins has warned that companies run a risk of being fined up to £17 million if unable to show they have adopted sufficient cyber security measures to protect information systems under new legislation.
National Cyber Security Centre CEO Ciaran Martin said earlier this year that it is vital the UK develops more resilience in the battle against cyber attacks and that water, gas and electricity are potential targets.
In a new white paper on cyber security, Atkins said the NIS Directive, enacted on 10 May 2018, applies to companies involved in critical national infrastructure, including water and energy companies (excluding nuclear), healthcare service providers, transportation services such as railway lines and airports.
The companies that run this infrastructure, known as Operators of Essential Services, are required to secure their information systems, in addition to any technology they use to perform essential services.
Richard Piggin, principal operational technology cyber security consultant at SNC-Lavalin’s Atkins business, said: “Cyber security is of paramount importance across a range of industries that are the lifeblood of the UK.
"Our extensive experience of rolling out cyber security and resilience services across multiple industries such as transport, infrastructure and defence has made a significant difference in the ability of our clients to defend not only their own systems but those of their customers and the public at large from more frequent and more sophisticated cyber-attacks.”
Amplified by the cyber skills shortage in the UK, Atkins suggests that organisations may need to rely on external resources and expertise to ensure their networking infrastructure, systems, processes, policies and staff awareness comply with the requirements of the NIS Regulations and the relevant guidance.
They may also be required to ensure that their supply chain has sufficient cyber resilience in place to demonstrate sufficient preventative action has been taken.
The white paper suggests organisations should take immediate action by focusing on five key areas:
- Compliance: Achieving compliant status should be a priority as the maximum penalty in the UK is £17 million
- Responsibility: Rules and responsibilities have been clearly defined in the legislation. Overall, it is the operators that must ensure their own security measure are appropriate and proportionate
- Understanding: A cyber assessment framework has been developed to assist organisations in performing their own assessments. However, due to its simplicity, it is imperative that operators understand how to demonstrate improvements have been made
- Training: As the industry is experiencing a skills shortage, technical training and senior leadership awareness programmes will be vital to complying with the Directive
- Supply Chain: Suppliers are not directly obligated to comply with regulations but should they be asked to comply contractually?
- Old sewage sludge incinerator in Brighouse set to be demolished An old sewage sludge incinerator in Brighouse built in 1992 will be demolished to make way for a £40 million... Read More >
- Welsh Water announces projects for £34M reinvestment Dŵr Cymru Welsh Water has announced how it will invest an extra £34 million arising from its strong financial results... Read More >
- Northumbrian Water to use nuron's nervous system for sewers nuron has announced that Northumbrian Water has signed an agreement to become the first water company in the world to... Read More >
- A glass half-full? Bringing water costs down for utility customers Mark Bullock, Balfour Beatty chief executive officer for rail and utilities, says the water sector must change its... Read More >
- INWED 2019: 'Each step was driven by choosing work I enjoy' To mark International Women in Engineering Day 2019 on 23 June, Fiona Barbour discusses her journey to becoming Mott... Read More >
- Interview: Kier Utilities' water MD Nigel Dyer Kier Utilities' Nigel Dyer tells Robin Hackett how the company is evolving to meet the changing demands on the water... Read More >
- Comment: New tech and partnerships will up the ante on leakage Closer partnerships, technology and connectivity will be the key to tackling leakage, with collaborative delivery... Read More >
- The search for safer streetworks practices Amey Utilities' HSEQ director, Gerry Mulholland, explains how the company’s 2020 Challenge and Know What’s Below... Read More >