The Department of Finance was designated regulator for Northern Ireland and its remit includes the health, drinking water, energy, rail transport and road transport sectors. The Regulations set out the criteria for inclusion of operators of essential services and over 40 operators have been identified for NI alone in both the public and private sectors.
The Department of Finance sets incident thresholds for each sector and operators must report any incident that reaches the threshold within 72 hours of the incident occurring. DoF must then advise the National Cyber Security Centre (NCSC - which is part of GCHQ) about any incident so that appropriate action can be taken in an effective, proportionate and timely way.
DoF must also ensure that operators maintain the security of their systems and it has decided that self-assessments and assessments using the NCSC’s Cyber Assessment Framework is the most appropriate means of doing this.
The guidance attached provides further information.
To report incidents please do so via nis.incident@finance-ni.gov.uk.
Guidance on implementing the Network Information Systems Regulations 2018