Organisations involved in critical industry and essential services have been warned by the Government that they face £17m fines if their cybersecurity preparations are not up to standard.
Energy, transport, water, health and digital infrastructure firms could be fined if they fail to develop robust safeguards protecting themselves from cyberattacks.
The fines and sanctions come as the government implements the Network and Information Systems (NIS) Directive, which would cover events such as the WannaCry attack which crippled the NHS last year.
Making organisations pay up for failing to meet cybersecurity standards would only be a “last resort” according to the Government, which wants to see a voluntary uptake of the new rules before they come into effect on 10 May.
Margot James, the minister for digital, said: “Today we are setting out new and robust cybersecurity measures to help ensure the UK is the safest place in the world to live and be online.
“We want our essential services and infrastructure to be primed and ready to tackle cyberattacks and be resilient against major disruption to services.”
The UK’s National Cyber Security Centre (NCSC) has also published detailed guidance on the security measures which will help organisations comply.
NCSC’s chief executive, Ciaran Martin, said: “Network and information systems give critical support to everyday activities, so it is absolutely vital that they are as secure as possible.”
Image: North Korea was blamed for the WannaCry ransomware attack
Jens Monrad, the principal threat analyst at cybersecurity firm FireEye, told Sky News: “With so many nations, including the UK, relying on digitalisation, a foreign nation would likely attempt to cause disruption by targeting critical national infrastructure.
“This could be systems, which the UK government and citizens rely on, like healthcare systems, water supply and electricity.”We have seen examples of these disruption attacks carried out in Ukraine in December 2015 and 2016.
“These attacks caused a power outage for many Ukrainian citizens and created confusion and disruption within the customer service teams of energy providers, who were ‘bombarded’ with phone calls from upset customers.”
“The UK and US governments recently attributed the ‘WannaCry’ malware incident to North Korea, which caused a degree of disruption to the NHS,” added Mr Monrad.
More from Tech
“This serves as an example of how malicious code can disrupt national dependent systems. A more targeted attack against such infrastructure might have had a more severe outcome.”
Defence Secretary Gavin Williamson has warned recently that Russia could launch a cyberattack targeting the UK’s critical energy infrastructure.