Asked by: Lord Harris of Haringey (Labour - Life peer)
Question to the Cabinet Office:
To ask His Majesty's Government, following the data breach experienced by Southern Water as a result of a cyber-attack, what assessment they have made of the adequacy of existing cyber security regulations for UK critical infrastructure.
Answered by Baroness Neville-Rolfe - Minister of State (Cabinet Office)
The National Cyber Strategy 2022 set outcomes for critical national infrastructure (CNI) (in the private and public sector) to better understand & manage cyber risk and minimise the impact of cyber incidents when they occur. In addition, at CyberUK 2023, the Deputy Prime Minister announced specific and ambitious cyber resilience targets for all CNI sectors (public and private sector) to meet by 2025.
Over the past year, the Cabinet Office has been progressing foundational work to support the creation of common but flexible resilience standards across CNI and do more on the assurance of CNI, including cyber assurance preparedness, by 2030. This includes work to evaluate the impact and effectiveness of all regulation that applies to CNI, including (but not limited to) NIS regulations, and to bring more private sector businesses working in CNI within the scope of cyber resilience regulations.
The Government is also committed to ensuring cyber security in the public sector, which is why GovAssure was launched in April 2023. Under GovAssure, government organisations regularly review the effectiveness of their cyber defences against common cyber vulnerabilities and attack methods. We are currently evaluating the first year’s assessments. GovAssure will enable government organisations to accurately assess their levels of cyber resilience across their critical services, highlight priority areas for improvement and provide the Government with a strategic view of cyber capability, risk and resilience across the sector.
Asked by: Lord Harris of Haringey (Labour - Life peer)
Question to the Cabinet Office:
To ask His Majesty's Government which Ministers, including those at Cabinet level, have used private aircraft on official business during the past 12 months; and, for each journey, what were (1) the destinations travelled to and from, (2) the dates, and (3) the cost of travel.
Answered by Baroness Neville-Rolfe - Minister of State (Cabinet Office)
The Government publishes details of all Ministers' overseas travel on a quarterly basis.
The other information requested is not centrally held and could only be provided at disproportionate cost.
It has also been the practice of successive administrations not to publish granular information relating to the official movements of protected individuals and those accompanying them within the United Kingdom.
Asked by: Lord Harris of Haringey (Labour - Life peer)
Question to the Cabinet Office:
To ask His Majesty's Government which Ministers, including those at Cabinet level, have used military aircraft during the past 12 months; and, for each journey, what were (1) the destinations travelled to and from, (2) the dates, and (3) the cost of travel.
Answered by Baroness Neville-Rolfe - Minister of State (Cabinet Office)
The Government publishes details of all Ministers' overseas travel on a quarterly basis.
The other information requested is not centrally held and could only be provided at disproportionate cost.
It has also been the practice of successive administrations not to publish granular information relating to the official movements of protected individuals and those accompanying them within the United Kingdom.
Asked by: Lord Harris of Haringey (Labour - Life peer)
Question to the Cabinet Office:
To ask His Majesty's Government what has been the total cost to date of developing, maintaining and testing the UK's emergency alert system; and what plans they have for further tests.
Answered by Baroness Neville-Rolfe - Minister of State (Cabinet Office)
The total cost to date of developing the technical architecture and systems which underpin the emergency alert programme, in addition to the first three years of operational delivery, will be a maximum of £25.3 million.
The contracts which are publicly available on contracts finder include:
The Government Digital Service have a contract with Fujitsu for £1.6 million per year for a three year period, a potential total of £5 million assuming that the contract runs to completion;
The Department for Culture, Media and Sport (as was) issued contracts totalling £18.6 million to mobile network operators, as well as further spending on security testing and legal work.
The remaining costs were spent on security testing and legal fees. The specific figures are commercially sensitive and can therefore not be released to the public.
There are no current plans for a further UK-wide, or public, test of the system, though it is likely that there will be further public tests in the coming years to ensure the system is operational to help keep the British people safe.
Asked by: Lord Harris of Haringey (Labour - Life peer)
Question to the Cabinet Office:
To ask His Majesty's Government what plans they have to provide an update on the implementation of the Cyber Security Strategy.
Answered by Baroness Neville-Rolfe - Minister of State (Cabinet Office)
The National Cyber Strategy 2022 sets out how we will ensure that the UK continues to be a leading, responsible and democratic cyber power, able to protect and promote our interests in the rapidly evolving online world. We plan to publish the first of our annual progress reports this summer.
Asked by: Lord Harris of Haringey (Labour - Life peer)
Question to the Cabinet Office:
To ask His Majesty's Government what assessment they have made of the progress in the adoption of the Cyber Assessment Framework across all government bodies.
Answered by Baroness Neville-Rolfe - Minister of State (Cabinet Office)
The Government Cyber Security Strategy, published in January 2022, sets out how we will build and maintain our cyber defences; by building greater cyber resilience across all government organisations, and working together to ‘defend as one’ - exerting a defensive force greater than the sum of our parts.
The strategy sets a clear target for government’s most critical functions to be appropriately resilient by 2025, with all government organisations being resilient to known vulnerabilities and common attack methods by 2030.
The strategy will see us roll out GovAssure in April as the foundation of a new, more robust independent assurance regime for the whole of government. With its foundations in the National Cyber Security Centre’s Cyber Assessment Framework, it will help us to understand our risk at scale and put us on the pathway to reducing it, as well as aligning Government with the best practice in management of wider UK Critical National Infrastructure sectors. Results of these reviews will not be published publicly for reasons of security. The progress on adopting the Cyber Assessment Framework across HMG is that pilots have been conducted with 3 government departments, and the wider scheme will launch in April.
Asked by: Lord Harris of Haringey (Labour - Life peer)
Question to the Cabinet Office:
To ask His Majesty's Government what plans they have to publish the cyber audits of all government departments.
Answered by Baroness Neville-Rolfe - Minister of State (Cabinet Office)
The Government Cyber Security Strategy, published in January 2022, sets out how we will build and maintain our cyber defences; by building greater cyber resilience across all government organisations, and working together to ‘defend as one’ - exerting a defensive force greater than the sum of our parts.
The strategy sets a clear target for government’s most critical functions to be appropriately resilient by 2025, with all government organisations being resilient to known vulnerabilities and common attack methods by 2030.
The strategy will see us roll out GovAssure in April as the foundation of a new, more robust independent assurance regime for the whole of government. With its foundations in the National Cyber Security Centre’s Cyber Assessment Framework, it will help us to understand our risk at scale and put us on the pathway to reducing it, as well as aligning Government with the best practice in management of wider UK Critical National Infrastructure sectors. Results of these reviews will not be published publicly for reasons of security. The progress on adopting the Cyber Assessment Framework across HMG is that pilots have been conducted with 3 government departments, and the wider scheme will launch in April.