This bill is targeting critical national infrastructure and including data centres into the scope of the national cyber resilience effort.

The fines are for companies (telcos, utilities) who fail to patch against known vulns in a timely manner, meant to light a fire under those companies who don’t care enough to invest in cyber defence and are routinely compromised.

This is a good thing for national security.

Seems like a very good change.

I’ve worked in a number of companies that handle a lot of data, some of it even defence manufacturing related, and it’s depressing how bad the security procedures are sometimes.

Timely patches of known vulnerabilities? That was a rarity.