Asked by: Lord Browne of Ladyton (Labour - Life peer)
Question to the Department for Science, Innovation & Technology:
To ask His Majesty's Government what steps they are taking to support businesses seeking to adopt process improvement programmes for their organisational cyber-resilience.
Answered by Viscount Camrose - Parliamentary Under Secretary of State (Department for Science, Innovation and Technology)
The government is inviting views on a proposed Cyber Governance Code of Practice until 19th March. This is part of a package of action in the £2.6 billion National Cyber Strategy to drive up improvements in organisational cyber resilience. Co-designed with the National Cyber Security Centre (NCSC) and industry experts, the Code consolidates critical cyber governance areas for directors' ownership. As part of this package, the NCSC revised their Board Toolkit (BTK) and intends to develop an online Cyber Governance Training Pack for Boards, integrating the Code and BTK. This comprehensive package will help boards ensure that cyber resilience is embedded throughout their organisation, including its people and processes.
Asked by: Lord Browne of Ladyton (Labour - Life peer)
Question to the Cabinet Office:
To ask His Majesty's Government what assessment they have made of the efficacy of existing cyber-resilience regulations relating to the UK’s critical national infrastructure.
Answered by Baroness Neville-Rolfe - Minister of State (Cabinet Office)
The National Cyber Strategy 2022 set outcomes for critical national infrastructure (CNI) (in the private and public sector) to better understand & manage cyber risk and minimise the impact of cyber incidents when they occur. In addition, at CyberUK 2023, the Deputy Prime Minister announced specific and ambitious cyber resilience targets for all CNI sectors (public and private sector) to meet by 2025.
Over the past year, the Cabinet Office has been progressing foundational work to support the creation of common but flexible resilience standards across CNI and do more on the assurance of CNI, including cyber assurance preparedness, by 2030. This includes work to evaluate the impact and effectiveness of all regulation that applies to CNI, including (but not limited to) NIS regulations, and to bring more private sector businesses working in CNI within the scope of cyber resilience regulations.
The Government is also committed to ensuring cyber security in the public sector, which is why GovAssure was launched in April 2023. Under GovAssure, government organisations regularly review the effectiveness of their cyber defences against common cyber vulnerabilities and attack methods. We are currently evaluating the first year’s assessments. GovAssure will enable government organisations to accurately assess their levels of cyber resilience across their critical services, highlight priority areas for improvement and provide the Government with a strategic view of cyber capability, risk and resilience across the sector.