UK Plans Tough New Security Rules For Datacenters

Written by

The UK government has proposed new rules designed to regulate the datacenter sector, in a bid to improve baseline cybersecurity and resilience.

It’s seeking industry feedback on a new consultation document, Protecting and enhancing the security and resilience of UK data infrastructure, which will be open until February 22 2024.

Under the current proposals, datacenter providers would have a “duty to take appropriate and proportionate technical and organizational measures” to manage security and resilience risk. This could include:

  • Risk management
  • Physical and cybersecurity of facilities, networks and systems
  • Incident management
  • Resilience and service continuity
  • Monitoring
  • Detection, auditing and testing
  • Governance and personnel
  • Supply chain management

Datacenter providers would be required to register with a new regulator and provide relevant operational and incident-related information. Standards and assessment frameworks will be used to provide assurances on security and resilience.

Read more on datacenter security: Ransomware Attack Hits Payments Giant NCR’s Datacenter

“Data is an increasingly important driver of our economic growth and plays a pivotal role across our public services,” argued data and digital infrastructure minister, John Whittingdale.

“So ensuring companies storing it have the right protections in place to limit risks from threats such as cyber-attacks and extreme weather, will help us reap the benefits and give businesses peace of mind.”

The government claimed that 28% of UK businesses use services delivered from datacenters, rising to 62% of large companies. Datacenter operators generated £4.6bn ($5.9bn) in revenue in 2021 and a year later data contributed nearly 7% of national GDP, as well as 76% of all UK service exports.

What’s hot on Infosecurity Magazine?