Beyond Blue have praised Ireland’s National Strategy on the Resilience of Critical Entities, but have called for a similar plan across the United Kingdom.
The strategy represents the State’s first comprehensive framework for protecting essential services from major disruptions, ranging from cyber attacks to natural disasters.
Commenting on the news, David Ferbrache, Managing Director at Beyond Blue, praised the news and highlighted how encouraging it is to see Ireland put something very transparent in place.
“The release of Ireland’s National Strategy on the Resilience of Critical Entities clearly sets out how the country is meeting the requirements of the EU’s Critical Entities Resilience (CER) Directive, at a time when all member states are working to transpose the Directive into national frameworks,” Ferbrache said. “It is encouraging to see Ireland set out a clear plan for meeting the Directive’s requirements, demonstrating a strong commitment to protecting both critical infrastructure and citizens.
“Implementation challenges lie ahead, but clarity on intent is valuable for the government, regulators and operators of essential services.
“The CER Directive is widely regarded as the sister regulation to NIS2, however, it takes a broader, all-hazards approach to resilience, extending beyond cyber threats to also address physical risks and third parties supporting critical industries.
“This ultimately helps safeguard essential services against outages and disruption, regardless of how an incident occurs or who it is targeted at.
“This is a positive step, particularly as recent disruptions to critical national infrastructure have been varied in cause, spanning malicious action, technology failures and natural hazards.”
However, Ferbrache believes that much more can be done across the United Kingdom and believes that these concerns can’t be ignored.
“In contrast, there is currently no direct equivalent to the CER Directive in the UK,” Ferbrache added. “While the Cyber Security and Resilience Bill (CSRB) is currently progressing through Parliament, it places a strong emphasis on cyber security but gives less attention to broader resilience concerns.
“These concerns cannot be ignored, protecting the availability of critical infrastructure cannot be achieved by only looking through the cyber lens. A more holistic approach is needed which bridges the cyber security and operational resilience disciplines.
“This therefore raises important question as to whether the UK should adopt an all-hazards approach which reflects the reality of today’s interconnected environment, recognising that disruption to critical services may come in many forms and from many sources.
“This all-hazards approach may require broader legislation and alignment of regulatory expectations on operators of essential services and their suppliers.
“While it’s unlikely that such provisions will be incorporated into the CSRB at this late stage, the UK government cannot afford to overlook this challenge in future.”
To read more security news, click here.
