Cyber Security | UK Regulatory Outlook March 2024

NCSC advisory on tactics used by APT29

The National Cyber Security Centre published an advisory detailing the recent tactics, techniques and procedures used by APT29 (a cyber espionage group believed to be part of the Russian intelligence services) in gaining initial access into cloud infrastructure.

Organisations, particularly those in the aviation and education sectors, as well as public bodies, should take note of the guidance to help detect and mitigate potential malicious activity.

NIST releases Cybersecurity Framework 2.0

The US National Institute of Standards and Technology (NIST) has published version 2.0 of its Cybersecurity Framework, which is widely adopted by organisations around the world.

The updated framework expands the scope to help a wider range of organisations manage and reduce cyber risks. Version 2.0 place greater emphasis on the importance of cyber security governance and supply chain risk management and should be used by organisations as a tool to design an effective cyber security strategy.

Government response to ransomware inquiry

On 11 March 2024, the Joint Committee on the National Security Strategy published the government's response to its inquiry into ransomware and UK national security.

The committee expressed concerns that the government's current approach will leave the UK exposed and unprepared for ransomware attacks. The committee stated that it will continue to monitor and follow up on issues raised in the report, including the extension of the NIS Regulations 2018 and further guidance on ransom payments.

See the press release.

EU Parliament and Council reach agreement on Cyber Solidarity Act

On 6 March 2024, the European Commission and Parliament reached a political agreement on the Cyber Solidarity Act, which aims to strengthen the EU's ability to detect, prepare and respond to cyber threats.

Among other things, the Act establishes mechanisms to support coordination of preparedness testing for critical national infrastructure and provision of financial support to Member States assisting another state affected by a significant cyber security incident. It will need to be approved by the EU Parliament before it can be formally adopted. It will enter into force on the twentieth day following its publication in the Official Journal.

To find out about more, register to attend our "Dipping into Data" webinar where Osborne Clarke's experts will discuss the developing regulatory landscape around cyber security.

EU Parliament adopts Cyber Resilience Act 

Please see Products.