‘A core part of national infrastructure’ – ministers consider regulating to make the cloud safer

Written by Sam Trendall on 27 May 2022 in News

Consultation launched seeking feedback on risks and mitigations for systems that now underpin a wide range of ‘essential services’ 

Credit: Blue Coat Photos/CC BY-SA 2.0

The government is considering introducing new regulatory measures for cloud and datacentre environments which now constitute a “core part of our national infrastructure”, according to ministers.

A consultation has been launched seeking guidance on the main risks faced by IT hosting facilities and how these can be best mitigated against. One of the main aims of the exercise is to explore whether regulatory interventions in other industries could and should be introduced for a datacentre sector the government believes is “relatively unregulated for security and resilience”.

The feedback process will be led by the Department for Digital, Culture, Media and Sport, which said that the exercise is being undertaken as the “UK’s essential services and wider economy are becoming ever more reliant on large-scale data storage”.

The consultation first seeks to better understand the major risks posed to the computing infrastructure that supports the storage and processing of data. Expert views are sought on a variety of potential dangers, ranging from cyber breaches to extreme weather.

Related content

The second part of the consultation examines current measures in place to mitigate these risks and their impacts – as well additional safeguards that could be introduced by replicating regulation applied in other countries or industries.

Suggestions proposed include legal requirements for infrastructure operators to ensure security, resilience and continuity of service, as well as mandatory security penetration testing conducted by a government-appointed agency. DCMS has also mooted the possibility of obligating datacentre providers to notify a regulatory body about any incidents that impact service delivery.

The appointment of a named, board-level individual who is “fully accountable for security and resilience” is another measure under consideration, as is the empowerment of authorities to demand more information from any firms subject to investigation by regulators.

The third and final part of the consultation is dedicated to the impact of datacentre failure or compromise – including potential disruption to public services, as well as communications and the financial sector.

Julia Lopez, minister for media, data, and digital infrastructure, said: “Datacentres and cloud platforms are a core part of our national infrastructure. They power the technology which makes our everyday lives easier and delivers essential services like banking and energy. We legislated to better protect our telecoms networks and the internet-connected devices in our homes from cyberattacks and we are now looking at new ways to boost the security of our data infrastructure to prevent sensitive data ending up in the wrong hands.”

Submissions are open until 24 July. The government is hoping to receive contributions from datacentre and cloud providers and their customers, and security industry companies or individual cyber experts.


About the author

Sam Trendall is editor of PublicTechnology. He can be reached on sam.trendall@dodsgroup.com.

Share this page




Please login to post a comment or register for a free account.

Related Articles

Home secretary admits sending multiple documents to personal email
1 November 2022

Braverman reveals six occasions on which guidelines were breached – but claims no information on law enforcement, security or cyber issues was sent

Government to study ‘key vulnerabilities’ of cloud sector and estimate national cost of outages
26 October 2022

Research will consider potential impact of system failure on the country’s finances and way of life

HMRC issues fraud warning after taking down 10,000 websites in a year
12 October 2022

Scammers will aim to take advantage during a time of year when many are completing tax returns, department warns

EXCL: Government red team security unit to test departmental defences with hostile reconnaissance
2 December 2022

Specialist supplier will support in searching – and then attempting to take advantage of – ‘vulnerabilities and exploitable information’