The UK government has laid heavy criticism on companies in leading industries for leaving gaping holes in their cybersecurity practices.
Fines of up to £17 million could be levied against electricity, transport, water, energy, transport, health and digital companies if they fail to put robust safeguards in place.
While it admitted that fines would be a last resort, the Department for Digital, Media, Culture and Sport said regulators would be regularly assessing the critical infrastructure that keeps the country running.
The NHS was the most notable victim of a huge upsurge in ransomware attacks in 2017, when its computer systems were hit with the Wannacry variant bug.
Cybercriminals linked to North Korea’s spy agency locked down the Windows XP-based NHS systems for nearly 6 hours, demanding payment in Bitcoin to restore patient records.
The Wanna Decryptor or WannaCry malware infected targets in 11 countries, shutting down computer systems and phones in Spanish telecoms company Telefonica and bank Santander.
“Earlier today, our products detected and successfully blocked a large number of ransomware attacks around the world,” security experts at Russia-linked Kaspersky Lab wrote in a blog post.
[Editor’s Note: The UK’s National Cyber Security Centre has warned against using Russian antivirus programs</a> like Kaspersky for fears they are linked to state-sponsored spying.]
“In these attacks, data is encrypted with the extension “.WCRY” added to the filenames.
“Our analysis indicates the attack, dubbed “WannaCry”, is initiated through an SMBv2 remote code execution in Microsoft Windows.
“This exploit (codenamed “EternalBlue”) has been made available on the internet through the Shadowbrokers dump on 14 April 2017 and patched by Microsoft on 14 March 2017.”
To ensure the general public are not affected by cybersecurity blowups like these, the DCMS is seeking to put the Network and Information Systems (NIS) Directive into force from 10 May 2018.
The NIS will also cover other cyber-related threats such as hardware failures and power outages. The regulator will then have the power to issue fines to the companies involved.
“Today we are setting out new and robust cyber security measures to help ensure the UK is the safest place in the world to live and be online,” says Margot James, Minister for Digital and the Creative Industries,“we want our essential services and infrastructure to be primed and ready to tackle cyber attacks and be resilient against major disruption to services.