The NIS Regulations 2018 provides legal measures to protect essential services by improving the security of the network and information systems that support the continuation of these services. Drinking water supply and distribution has been designated an essential service within Schedule 1 of these Regulations. A water company supplying potable water to more than 200,000 people are classed as Operators of Essential Services (OES). OESs must take appropriate and proportionate measures to manage risks to their network and information systems and to prevent and/or minimise the impact of incidents to those systems.
DWI have been transferred the function to undertake the operational Competent Authority (CA) duties to regulate OESs on behalf of Secretary of State (for England) and the Welsh Government (for Wales).
The National Cyber Security Centre (NCSC) are the Single Point of Contact (SPOC) and Computer Security Incident Response Team (CSIRT) for incidents. Additionally they undertake the Technical Authority function supporting the OES and CA deliver the requirements of the Regulations.
NIS incidents need to be reported to DWI, as outlined in the below Incident Reporting Guidance PDF.
DWI’s Network and Information Systems Enforcement Policy is outlined in the below PDF.
The NIS team can be reached at DWI.NIS@defra.gov.uk