Political Monitor 29/05/2020

29 May 2020

Cyber Security

Network and Information Systems Regulations post-implementation review

The NIS Regulations have undergone a 2-year review since their introduction in May 2018. The Post-implementation review published by DCMS suggests that while it is too early to judge the long-term impact of the regulations, the regulations have been successful in incentivising organisations to adopt the measures. The review notes that they “expect this action is leading to a reduction in the risks posed to essential services”.

The review does, however, call on organisations to continue to accelerate their improvements given the ongoing threat to the sectors in scope of the regulations. The Review also suggests a need to ensure that regulatory authorities have an effective enforcement regime and cost recovery mechanism in place. DCMS notes that this should be achieved by refining the current provisions
around notices, penalties, and thresholds.

National Infrastructure Commission publishes report into infrastructure resilience

The National Infrastructure Commission (NIC) has published a report into resilient infrastructure systems across sectors including digital, water, rail and energy. The report calls for Government to publish a full set of resilience standards every five years, following advice from regulators, alongside an assessment of any changes needed to deliver them. The NIC recommend this becomes a statutory requirement from 2022 with regulators introducing new obligations from 2023 to undergo regular stress tests and develop long term resilience strategies.

The report also highlights that in the digital sector enforcement and assurance have a stronger focus on addressing resilience issues after an event has occurred, rather than pre-emptive action, which should be addressed.

Parliamentary Question on Cybercrime

DCMS Shadow Minister, Chi Onwurah MP asked a Parliamentary Question around additional resources available to the police to help tackle online crime during the covid-19 outbreak. Security Minister James Brokenshire MP assured the Shadow Minister that the government would do everything they could to prevent criminals exploiting the increasing amount of time people were spending online and noted the recently launched gov.uk page on coronavirus-related fraud and cybercrime to help people protect themselves against cybercrime.

Brokenshire further highlighted the additional £30m funding which would target offenders and prevent them from preying on vulnerable people by hiding on the dark web, and referenced the guidance on keeping children safe during lockdown, launched by the government for parents and carers.

Online Safety

CDEI publishes briefing paper on facial recognition technology

The Centre for Data Ethics and Innovation has published a briefing paper looking at the uses and potential implications of facial recognition technology (FRT) within the UK. The study found that when used responsibly, FRT has the potential to enhance efficiency and security across many contexts. However, the technology also presents several risks, including to privacy and the fair treatment of individuals. Specifically, the CDEI note that the extent to which FRT is beneficial or detrimental is dependent on its context and therefore Policymakers should consider whether there is sufficient oversight of FRT in the private sector. Finally, the report states that while the use of FRT is regulated by several laws, including the Data Protection Act and the Human Rights Act (for public sector applications) a standalone code of practice for FRT has yet to be drawn up. Following the publication of this paper, the CDEI will continue to examine the effects of FRT.

DCMS publish sectoral analysis of UK Online Safety technology

The study, titled ‘Safer technology, safer users: The UK as a world leader in Safety Tech’, found significant growth within the sector, with the number of dedicated online safety firms doubling in the last five years and investment increasing more than eight-fold in 2019. Some key points include:

• UK providers of online safety tech currently hold an estimated 25 per cent of the global market share.
• In 2019, the sector generated £226 million in annual revenues, and has had an estimated 35 per cent annual growth rate since 2016.
• Almost half (47%) of UK Safety Tech companies have an identifiable international presence, and UK companies comprise approximately 25% of global market value.
• In 2015, the safety tech sector raised £6 million in external investment across ten deals. By 2019, the figure had increased to £51 million across nineteen deals.

Secure by design funding

DCMS has announced a pot of £400,000 to support industry-led assurance schemes for the internet of things (IoT) sector to boost their security features. The programme is aimed at consumer smart products and will allow manufacturers to chose from a variety of schemes to demonstrate their compliance with the Government’s secure by design Code of Practice.