‘A core part of national infrastructure’ – ministers consider regulating to make the cloud safer

Written by Sam Trendall on 27 May 2022 in News

Consultation launched seeking feedback on risks and mitigations for systems that now underpin a wide range of ‘essential services’ 

Credit: Blue Coat Photos/CC BY-SA 2.0

The government is considering introducing new regulatory measures for cloud and datacentre environments which now constitute a “core part of our national infrastructure”, according to ministers.

A consultation has been launched seeking guidance on the main risks faced by IT hosting facilities and how these can be best mitigated against. One of the main aims of the exercise is to explore whether regulatory interventions in other industries could and should be introduced for a datacentre sector the government believes is “relatively unregulated for security and resilience”.

The feedback process will be led by the Department for Digital, Culture, Media and Sport, which said that the exercise is being undertaken as the “UK’s essential services and wider economy are becoming ever more reliant on large-scale data storage”.

The consultation first seeks to better understand the major risks posed to the computing infrastructure that supports the storage and processing of data. Expert views are sought on a variety of potential dangers, ranging from cyber breaches to extreme weather.

Related content

The second part of the consultation examines current measures in place to mitigate these risks and their impacts – as well additional safeguards that could be introduced by replicating regulation applied in other countries or industries.

Suggestions proposed include legal requirements for infrastructure operators to ensure security, resilience and continuity of service, as well as mandatory security penetration testing conducted by a government-appointed agency. DCMS has also mooted the possibility of obligating datacentre providers to notify a regulatory body about any incidents that impact service delivery.

The appointment of a named, board-level individual who is “fully accountable for security and resilience” is another measure under consideration, as is the empowerment of authorities to demand more information from any firms subject to investigation by regulators.

The third and final part of the consultation is dedicated to the impact of datacentre failure or compromise – including potential disruption to public services, as well as communications and the financial sector.

Julia Lopez, minister for media, data, and digital infrastructure, said: “Datacentres and cloud platforms are a core part of our national infrastructure. They power the technology which makes our everyday lives easier and delivers essential services like banking and energy. We legislated to better protect our telecoms networks and the internet-connected devices in our homes from cyberattacks and we are now looking at new ways to boost the security of our data infrastructure to prevent sensitive data ending up in the wrong hands.”

Submissions are open until 24 July. The government is hoping to receive contributions from datacentre and cloud providers and their customers, and security industry companies or individual cyber experts.


About the author

Sam Trendall is editor of PublicTechnology. He can be reached on sam.trendall@dodsgroup.com.

Share this page




Please login to post a comment or register for a free account.

Related Articles

NCSC probes TikTok amid reports of imminent ban of government devices
16 March 2023

Security minister confirms intelligence agency is investigating the video app

Government aims to boost fraud skills of thousands of officials
6 March 2023

New strategy puts forward plan to upskill experts across Whitehall

Worsening skills shortages threaten government digital transformation, NAO finds
13 March 2023

Auditors praise the ‘fresh approach’ of CDDO but warn that unit’s work across government could be compromised by access to expertise

Army seeks tech training proposals for recreating combat
8 March 2023

Military research unit announces £2.8m competition for ‘disruptive ideas and concepts’