The Government should focus on cross-sector dependencies and improve its approach to assessing compliance if the cyber security of critical national infrastructure is to be improved.
The Network and Information Systems (NIS) Regulations came into force in May 2018. They aim to improve the way that cyber risks are managed in Critical National Infrastructure (CNI) sectors.
This report is based on research carried out between March and August 2018, the purpose of which was to explore how cyber resilience risk management is implemented in the UK’s CNI sectors that are subject to the Regulations. The objective was to study the effectiveness of the NIS regulations in bringing about a step-change in cyber security risk management across the UK’s CNI sectors.
Lead researchers: Meha Shukla (Department of Security and Crime Science), Prof Shane Johnson (Department of Security and Crime Science) and Prof Peter Jones (Department of Civil, Environment and Geomatic Engineering).
Funder & Key Contributors: This work was carried out by the Dawes Centre for Future Crime at UCL. This briefing was produced in partnership with Jenny Bird at UCL STEaPP’s Policy Impact Unit. The research was funded by the Dawes Centre for Future Crime at UCL.
Output type: Policy report.