Nine Cyber Attacks On UK’s Transport Sector Missed

BACKGROUND:

It has been reported that nine cyber-attacks affecting the British transport sector were missed by the UK’s mandatory reporting laws and were only disclosed to the government on a voluntary basis, Sky News has learned. A law introduced three years ago was intended to boost Britain’s ability to defend itself from the foreign states and criminal hackers by obliging critical infrastructure organisations to report incidents.

Experts Comments

September 01, 2021
Andy Norton
European Cyber Risk Officer
Armis

The inherent loophole in mandatory breach disclosure is the subjective measure of what constitutes a “substantial breach” upon which you must notify. The added complication is the requirement to notify within 72 hours of the breach being discovered when you may not have an understanding of the extent of the breach in this timeframe or when the full substance of the breach may not be understood. The subjective measure of substantiality may also be an incentive not to divulge the extent of

.....Read More

The inherent loophole in mandatory breach disclosure is the subjective measure of what constitutes a “substantial breach” upon which you must notify. The added complication is the requirement to notify within 72 hours of the breach being discovered when you may not have an understanding of the extent of the breach in this timeframe or when the full substance of the breach may not be understood. The subjective measure of substantiality may also be an incentive not to divulge the extent of the breach to avoid paying fines that form part of the NIS legislation. NIS2, an update to the current NIS legislation, introduces penalties for non compliance with best practises, and so it will incentivise organisations to adopt defensive in-depth practises or face similar fines, taking the emphasis away from divulging breaches and pushing towards cyber resilience.

  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.