‘A core part of national infrastructure’ – ministers consider regulating to make the cloud safer

Written by Sam Trendall on 27 May 2022 in News
News

Consultation launched seeking feedback on risks and mitigations for systems that now underpin a wide range of ‘essential services’ 

Credit: Blue Coat Photos/CC BY-SA 2.0

The government is considering introducing new regulatory measures for cloud and datacentre environments which now constitute a “core part of our national infrastructure”, according to ministers.

A consultation has been launched seeking guidance on the main risks faced by IT hosting facilities and how these can be best mitigated against. One of the main aims of the exercise is to explore whether regulatory interventions in other industries could and should be introduced for a datacentre sector the government believes is “relatively unregulated for security and resilience”.

The feedback process will be led by the Department for Digital, Culture, Media and Sport, which said that the exercise is being undertaken as the “UK’s essential services and wider economy are becoming ever more reliant on large-scale data storage”.

The consultation first seeks to better understand the major risks posed to the computing infrastructure that supports the storage and processing of data. Expert views are sought on a variety of potential dangers, ranging from cyber breaches to extreme weather.


Related content


The second part of the consultation examines current measures in place to mitigate these risks and their impacts – as well additional safeguards that could be introduced by replicating regulation applied in other countries or industries.

Suggestions proposed include legal requirements for infrastructure operators to ensure security, resilience and continuity of service, as well as mandatory security penetration testing conducted by a government-appointed agency. DCMS has also mooted the possibility of obligating datacentre providers to notify a regulatory body about any incidents that impact service delivery.

The appointment of a named, board-level individual who is “fully accountable for security and resilience” is another measure under consideration, as is the empowerment of authorities to demand more information from any firms subject to investigation by regulators.

The third and final part of the consultation is dedicated to the impact of datacentre failure or compromise – including potential disruption to public services, as well as communications and the financial sector.

Julia Lopez, minister for media, data, and digital infrastructure, said: “Datacentres and cloud platforms are a core part of our national infrastructure. They power the technology which makes our everyday lives easier and delivers essential services like banking and energy. We legislated to better protect our telecoms networks and the internet-connected devices in our homes from cyberattacks and we are now looking at new ways to boost the security of our data infrastructure to prevent sensitive data ending up in the wrong hands.”

Submissions are open until 24 July. The government is hoping to receive contributions from datacentre and cloud providers and their customers, and security industry companies or individual cyber experts.

 

About the author

Sam Trendall is editor of PublicTechnology. He can be reached on sam.trendall@dodsgroup.com.

Share this page

Tags

Categories

CONTRIBUTIONS FROM READERS

Please login to post a comment or register for a free account.

Related Articles

Russia: sanctions tightened on exports of monitoring and military tech
24 June 2022

New measures prohibit supply of any tech used for ‘internal repression’

Fraud challenges see HMRC and DWP named among ‘departments of concern’
27 May 2022

Public spending watchdog points to issues with controls on fraud and error

EXCL: Wall of silence surrounds plan for nationwide collection of citizens’ internet records
26 May 2022

Online notice reveals controversial trials are to be expanded into a national service – about which government, law enforcement, watchdogs and all the UK’s major ISPs declined to answer questions...

Ransomware: Cabinet minister sounds alarm over ‘greatest cyberthreat to the UK’
16 May 2022

Steve Barclay urges greater reporting of attacks