Ofcom has proposed to update their existing Network and Information Systems (NIS) guidance in order to require that UK Operators of Essential Services (OES), such as top-level domain name registries, DNS (domain name systems) providers and IXP (internet exchange) operators, inform them of less severe outages.
Operators are already required to notify the UK communications regulator of any incident – such as an outage – that has a “significant impact on the continuity of the essential service they provide“, which could conceivably affect millions of consumers and businesses, often at a huge cost.
However, Ofcom notes that there have been several outages since 2020, which were widely covered in the media but not reported to the regulator. Ofcom’s suspicion is that this is probably because the outages often fell below the existing reporting thresholds (i.e. depending upon the event, OES operators might only need to report an outage if it lasts longer than 30 minutes to 1 hour).
Advertisement
“These outages fell below the existing reporting thresholds, but we believe they could have had a significant impact on the continuity of essential services,” said Ofcom. The regulator is now proposing to lower the incident reporting thresholds in their NIS Guidance, which would result in more outages being formally reported.
Ofcom’s Statement
“Improved visibility of incidents impacting UK users being reported to Ofcom will enable us to better understand causes of disruption to essential services, identify significant cyber security and resilience gaps and spot thematic trends across the digital infrastructure subsector. We will work with OES as they remediate any reported issues, with the aspiration that they are delivering an improved level of service to users of internet services across the UK.”
Ofcom intends to consult upon the new proposals until 13th January 2023 (here) and, subject to feedback, expect to publish their decision and revised guidance in spring 2023.
I wonder if the timing of this is related to the, now obvious, hybrid war Russia is engaged in with the UK and EU?