Asked by: Dan Aldridge (Labour - Weston-super-Mare)
Question to the Department for Science, Innovation & Technology:
To ask the Secretary of State for Science, Innovation and Technology, what steps his Department is taking to prevent children from receiving (a) harmful content and (b) misinformation from chatbots.
Answered by Feryal Clark - Parliamentary Under Secretary of State (Department for Science, Innovation and Technology)
AI generated content is regulated by the Online Safety Act where it is shared on an in-scope user-to-user or search service and constitutes illegal content or content which is harmful to children. This includes mis- and dis- information where it is assessed to present material harm to a significant number of children. Providers of pornographic content must also prevent children from accessing that content.
Chatbots with functionalities that bring them into scope of the Online Safety Act will be required to comply with the relevant duties including preventing children from encountering harmful content – whether that is real or synthetic.
Asked by: Dan Aldridge (Labour - Weston-super-Mare)
Question to the Department for Science, Innovation & Technology:
To ask the Secretary of State for Science, Innovation and Technology, what steps his Department is taking to ensure Ofcom requires all user-to-user services to remove child sexual abuse content from their platforms.
Answered by Feryal Clark - Parliamentary Under Secretary of State (Department for Science, Innovation and Technology)
The Online Safety Act creates new duties on online services to tackle illegal content and activity. The strongest duties are to protect children from sexual abuse and exploitation (CSEA) and to stop child sexual abuse material (CSAM) from being shared. The illegal content duties have been in effect from 17 March. Ofcom is the regulator for the regime and has set out steps providers can take including strong automated content moderation and takedown measures. Ofcom will continue to develop their codes iteratively, including additional measures to detect, prevent and remove CSAM.
Asked by: Dan Aldridge (Labour - Weston-super-Mare)
Question to the Department for Science, Innovation & Technology:
To ask the Secretary of State for Science, Innovation and Technology, what steps he is taking to help tackle the threat posed by quantum computing to cybersecurity infrastructure.
Answered by Feryal Clark - Parliamentary Under Secretary of State (Department for Science, Innovation and Technology)
The government recognises the cyber threats posed by quantum computing. The NCSC recently issued new guidance to help organisations prepare for and protect against threats posed by future developments in quantum computing [https://www.ncsc.gov.uk/guidance/pqc-migration-timelines]. The guidance is focused on migrating to post-quantum cryptography to mitigate the potential future quantum threat to encryption services, and identifying and mitigating cyber risks during the migration.
The Department for Science, Innovation and Technology and NCSC have also commissioned external research to understand industry barriers and incentives to migrate to post-quantum cryptography. This will be used to inform future policy interventions to drive the transition.
The government continues to monitor developments in quantum computing and uptake of post-quantum cryptography, including working with other countries to keep UK citizens and organisations secure. The government continues to assess wider cyber risks from critical and emerging technologies on an ongoing basis.
Asked by: Dan Aldridge (Labour - Weston-super-Mare)
Question to the Department for Science, Innovation & Technology:
To ask the Secretary of State for Science, Innovation and Technology, what assessment he has made of the potential impact of the increased use of AI by (a) cyber-criminals and (b) nation state actors on cyber security risks to the UK.
Answered by Feryal Clark - Parliamentary Under Secretary of State (Department for Science, Innovation and Technology)
Cyber security is a priority for the government. We are taking action to protect businesses, citizens and essential services against cyber threats. Last year the National Cyber Security Centre (NCSC) said AI will almost certainly increase the volume and heighten the impact of cyber attacks over the next two years, however the impact on the cyber threat would be uneven. The full report is at https://www.ncsc.gov.uk/report/impact-of-ai-on-cyber-threat .
The Cyber Security and Resilience Bill will require regulated organisations to adopt cyber security measures which protect against a wide range of cyber threats, including AI-enabled threats. Further details on the Cyber Security and Resilience Bill will be published in due course.
Cyber attacks cost the UK economy billions of pounds per year, resulting in serious disruption for businesses and individuals, and disruption to supply chains and public services. Cyber attacks harm confidence and investment in UK technology, while intellectual property can be stolen which has cost billions of pounds to develop. The Cyber Security Breaches Survey [https://www.gov.uk/government/collections/cyber-security-breaches-survey] sets out further details on the impact of cyber threats and we will publish further research on this in due course.
Asked by: Dan Aldridge (Labour - Weston-super-Mare)
Question to the Department for Science, Innovation & Technology:
To ask the Secretary of State for Science, Innovation and Technology, whether he plans to include provisions within the Cyber Security and Resilience Bill on requiring regulated organisations to adopt cybersecurity to help tackle AI-enabled threats.
Answered by Feryal Clark - Parliamentary Under Secretary of State (Department for Science, Innovation and Technology)
Cyber security is a priority for the government. We are taking action to protect businesses, citizens and essential services against cyber threats. Last year the National Cyber Security Centre (NCSC) said AI will almost certainly increase the volume and heighten the impact of cyber attacks over the next two years, however the impact on the cyber threat would be uneven. The full report is at https://www.ncsc.gov.uk/report/impact-of-ai-on-cyber-threat .
The Cyber Security and Resilience Bill will require regulated organisations to adopt cyber security measures which protect against a wide range of cyber threats, including AI-enabled threats. Further details on the Cyber Security and Resilience Bill will be published in due course.
Cyber attacks cost the UK economy billions of pounds per year, resulting in serious disruption for businesses and individuals, and disruption to supply chains and public services. Cyber attacks harm confidence and investment in UK technology, while intellectual property can be stolen which has cost billions of pounds to develop. The Cyber Security Breaches Survey [https://www.gov.uk/government/collections/cyber-security-breaches-survey] sets out further details on the impact of cyber threats and we will publish further research on this in due course.
Asked by: Dan Aldridge (Labour - Weston-super-Mare)
Question to the Department for Science, Innovation & Technology:
To ask the Secretary of State for Science, Innovation and Technology, what assessment he has made of the potential impact of (a) AI-enabled and (b) other cyber attacks on economic (i) security and (ii) competitiveness.
Answered by Feryal Clark - Parliamentary Under Secretary of State (Department for Science, Innovation and Technology)
Cyber security is a priority for the government. We are taking action to protect businesses, citizens and essential services against cyber threats. Last year the National Cyber Security Centre (NCSC) said AI will almost certainly increase the volume and heighten the impact of cyber attacks over the next two years, however the impact on the cyber threat would be uneven. The full report is at https://www.ncsc.gov.uk/report/impact-of-ai-on-cyber-threat .
The Cyber Security and Resilience Bill will require regulated organisations to adopt cyber security measures which protect against a wide range of cyber threats, including AI-enabled threats. Further details on the Cyber Security and Resilience Bill will be published in due course.
Cyber attacks cost the UK economy billions of pounds per year, resulting in serious disruption for businesses and individuals, and disruption to supply chains and public services. Cyber attacks harm confidence and investment in UK technology, while intellectual property can be stolen which has cost billions of pounds to develop. The Cyber Security Breaches Survey [https://www.gov.uk/government/collections/cyber-security-breaches-survey] sets out further details on the impact of cyber threats and we will publish further research on this in due course.
Asked by: Dan Aldridge (Labour - Weston-super-Mare)
Question to the Department for Science, Innovation & Technology:
To ask the Secretary of State for Science, Innovation and Technology, what assessment he has made of the effectiveness of (a) cyber security laws and (b) supporting regulatory guidance in preventing supply chain attacks on critical (i) services and (ii) infrastructure.
Answered by Feryal Clark - Parliamentary Under Secretary of State (Department for Science, Innovation and Technology)
Our current cyber security laws – the NIS Regulations (2018) – are inherited from the EU and are the UK’s only cross-sector cyber security-specific legislation. The cyber threat has since evolved since 2018 due to AI and other technology and geopolitical trends. The laws therefore require an urgent update to ensure UK infrastructure and economy is not comparably more vulnerable. This is why we announced the Cyber Security and Resilience Bill, which will improve the UK’s cyber defences, strengthen our regulatory approach and protect more digital services and supply chains.
The government announced in September 2024 that data centres have been designated as critical national infrastructure, meaning the sector will benefit from greater government support in preparing for and managing critical incidents. Further details on the content of the Cyber Security and Resilience Bill will be published in due course.
Asked by: Dan Aldridge (Labour - Weston-super-Mare)
Question to the Department for Science, Innovation & Technology:
To ask the Secretary of State for Science, Innovation and Technology, whether the Cyber Security and Resilience Bill will ensure that data centres are (a) secure and (b) resilient.
Answered by Feryal Clark - Parliamentary Under Secretary of State (Department for Science, Innovation and Technology)
Our current cyber security laws – the NIS Regulations (2018) – are inherited from the EU and are the UK’s only cross-sector cyber security-specific legislation. The cyber threat has since evolved since 2018 due to AI and other technology and geopolitical trends. The laws therefore require an urgent update to ensure UK infrastructure and economy is not comparably more vulnerable. This is why we announced the Cyber Security and Resilience Bill, which will improve the UK’s cyber defences, strengthen our regulatory approach and protect more digital services and supply chains.
The government announced in September 2024 that data centres have been designated as critical national infrastructure, meaning the sector will benefit from greater government support in preparing for and managing critical incidents. Further details on the content of the Cyber Security and Resilience Bill will be published in due course.
Asked by: Dan Aldridge (Labour - Weston-super-Mare)
Question to the Department for Science, Innovation & Technology:
To ask the Secretary of State for Science, Innovation and Technology, what assessment he has made of the adequacy of the UK's contingency plans to tackle quantum cyber threats; and if he will conduct a comparative assessment on the effectiveness of these measures compared to those used by his international counterparts.
Answered by Feryal Clark - Parliamentary Under Secretary of State (Department for Science, Innovation and Technology)
The government recognises the cyber threats posed by quantum computing. The NCSC recently issued new guidance to help organisations prepare for and protect against threats posed by future developments in quantum computing [https://www.ncsc.gov.uk/guidance/pqc-migration-timelines]. The guidance is focused on migrating to post-quantum cryptography to mitigate the potential future quantum threat to encryption services, and identifying and mitigating cyber risks during the migration.
The Department for Science, Innovation and Technology and NCSC have also commissioned external research to understand industry barriers and incentives to migrate to post-quantum cryptography. This will be used to inform future policy interventions to drive the transition.
The government continues to monitor developments in quantum computing and uptake of post-quantum cryptography, including working with other countries to keep UK citizens and organisations secure. The government continues to assess wider cyber risks from critical and emerging technologies on an ongoing basis.
Asked by: Dan Aldridge (Labour - Weston-super-Mare)
Question to the Department for Science, Innovation & Technology:
To ask the Secretary of State for Science, Innovation and Technology, what (a) guidance and (b) resources he is providing to (i) small and medium enterprises and (ii) other businesses to help (A) prepare for and (B) mitigate quantum cyber risks.
Answered by Feryal Clark - Parliamentary Under Secretary of State (Department for Science, Innovation and Technology)
The government recognises the cyber threats posed by quantum computing. The NCSC recently issued new guidance to help organisations prepare for and protect against threats posed by future developments in quantum computing [https://www.ncsc.gov.uk/guidance/pqc-migration-timelines]. The guidance is focused on migrating to post-quantum cryptography to mitigate the potential future quantum threat to encryption services, and identifying and mitigating cyber risks during the migration.
The Department for Science, Innovation and Technology and NCSC have also commissioned external research to understand industry barriers and incentives to migrate to post-quantum cryptography. This will be used to inform future policy interventions to drive the transition.
The government continues to monitor developments in quantum computing and uptake of post-quantum cryptography, including working with other countries to keep UK citizens and organisations secure. The government continues to assess wider cyber risks from critical and emerging technologies on an ongoing basis.