The UK government has proposed new rules to regulate the data center sector, with the aim of improving basic cybersecurity and resilience.
It is seeking industry feedback on a new consultation document, Protecting and improving the security and resilience of the UK’s data infrastructurewhich will be open until February 22, 2024.
Under the current proposals, data center providers would have “an obligation to take appropriate and proportionate technical and organizational measures” to manage security and resilience risks. This could include:
- Risk management
- Physical security and cybersecurity of facilities, networks and systems
- Incident management
- Resilience and continuity of service
- Monitoring
- Detection, audit and testing
- Governance and staff
- Supply Chain Management
Data Center Providers would be required register with a new regulator and provide relevant operational and incident-related information. Standards and assessment frameworks will be used to provide assurances on security and resilience.
Read more about data center security: Ransomware attack hits payments giant NCR’s data center
“Data is an increasingly important driver of our economic growth and plays a central role in our public services,” said the Minister of Data and Digital Infrastructure. John Whittingdale.
“So ensuring that the businesses that store them have the right protections in place to limit the risks from threats such as cyberattacks and extreme weather will help us reap the benefits and give businesses peace of mind.” »
The government has claimed that 28% of UK businesses use services provided from data centres, compared to 62% of large businesses. Data center operators generated £4.6 billion ($5.9 billion) in revenue in 2021 and, a year later, data contributed to almost 7% of national GDP, as well as 76% of all UK services exports.