Suppliers to U.K. critical infrastructure organizations are to be regulated to ensure they are adequately protected from cyberattacks. The Cyber Security and Resilience Bill, introduced to Parliament on November 12, also increases penalties for digital breaches in critical infrastructure organisations and extends the powers of regulators to designate which suppliers should be deemed “critical.”
The bill could bring a host of medium and large suppliers under regulators for the first time. Affected organizations will include IT management firms and IT helpdesk support providers who work with health service trusts, water companies, transport and energy firms. Those providing, for example, chemicals to water treatment plants or diagnostic test support to hospitals are also likely to be regulated, along with data centers.
