Key Takeaways
- The Jersey States has approved a new law to increase protection against cyber attacks
- The law requires Operators of Essential Services (OES) to improve their cyber security levels
- The Jersey Cyber Security Centre (JCSC) will be given legal status and will help organisations make the necessary changes
- The law will apply to organisations in various sectors, including energy, water, transport, and financial services
- OES will be required to register with the JCSC, make improvements, and report significant cyber incidents within 24 hours
Introduction to the New Law
The passing of the Cyber Security (Jersey) Law is a significant milestone for the island of Jersey, marking a major step forward in its efforts to protect against cyber attacks. The law, which has been approved by the States, aims to increase the island’s protection against cyber threats by requiring organisations that provide essential services to improve their levels of cyber security. The law will apply to a range of sectors, including energy, water, transport, food production and retail, postal and courier services, health, telecommunications, public communications, financial services, and public administration. These organisations, known as Operators of Essential Services (OES), will be required to register with the Jersey Cyber Security Centre (JCSC) and make improvements to their cyber security systems.
The Role of the Jersey Cyber Security Centre
The JCSC, which is an arm’s length advisory and emergency response group, will play a crucial role in helping organisations make the necessary changes to comply with the new law. The centre will provide guidance and support to OES, helping them to improve their cyber security levels and prepare for the implementation of the law. The JCSC will also be responsible for receiving reports of significant cyber incidents from OES, which will be required to notify the centre within 24 hours of becoming aware of an incident. The centre’s director, Matt Palmer, has welcomed the approval of the law, describing it as a "significant landmark" for the island. He noted that the law will not only improve the cyber resilience of Jersey’s key services but also make the JCSC’s status and role clearer, enabling it to collaborate more effectively with OES.
The Impact on Organisations
The new law will have a significant impact on organisations that provide essential services in Jersey. These organisations will be required to take steps to improve their cyber security systems, which may involve investing in new technologies and training staff. They will also be required to register with the JCSC and commit to reporting any significant cyber incidents to the centre. This will help to ensure that the island’s essential services are better protected against cyber threats and that any incidents are responded to quickly and effectively. The law will apply to a wide range of organisations, including those in the energy, water, and transport sectors, as well as those in the financial services and public administration sectors.
The Next Steps
The approval of the law is just the first step in the process of implementing the new cyber security measures. The law will now be sent to the Privy Council for approval, after which it will come into force. In the meantime, the JCSC will be working with organisations to help them prepare for the implementation of the law. This will involve providing guidance and support to help OES improve their cyber security levels and comply with the new requirements. The JCSC will also be working to raise awareness of the law and its requirements, and to encourage organisations to take steps to protect themselves against cyber threats.
Conclusion
The approval of the Cyber Security (Jersey) Law is an important step forward for the island of Jersey, marking a significant improvement in its protection against cyber attacks. The law will require organisations that provide essential services to improve their cyber security levels and report significant incidents to the JCSC. The JCSC will play a crucial role in helping organisations comply with the new law, providing guidance and support to help them improve their cyber security systems. As the law comes into force, it is likely to have a significant impact on organisations in Jersey, requiring them to take steps to protect themselves against cyber threats and to report any incidents to the JCSC. Overall, the new law is an important step forward in protecting the island’s essential services and ensuring the continued safety and security of its citizens.
