Question to the Cabinet Office:

To ask the Minister for the Cabinet Office, what steps he is taking to meet the cyber resilience targets for UK critical national infrastructure by 2025; and if he will make an assessment of the potential merits of mandatory cyber security requirements in the UK public sector.

HMG is committed to continue driving up levels of cyber resilience within the UK and we have seen the significant impact that cyber attacks can have.

We will continue to work closely with Lead Government Departments and the National Cyber Security Centre to ensure resilience and preparedness to cyber threat, and to work towards resilience targets for Critical National Infrastructure (CNI) sectors. This will be achieved through working with CNI (in both the private and public sector) to better: i) understand; ii) manage cyber risk; and, iii) minimise the impact of cyber incidents when they occur.

The King's Speech set out that the Government would bring forward a Cyber Security and Resilience Bill in this parliamentary session which will strengthen the UK’s cyber defences, ensure that critical infrastructure and the digital services that companies rely on are secure. This complements the Cabinet Office’s work to evaluate the impact and effectiveness of all regulation that applies to CNI.

The UK Government is also using GovAssure, the cyber security assurance regime for the whole of government, including Government sector CNI, to define clear cyber resilience outcomes and develop an objective view of cyber resilience across the government technology estate. The common approach to Secure by Design across Government is being rolled out to all Departments responsible for CNI.

The Cyber Security Standard sets out the GovAssure cyber assurance regime as mandatory for some government organisations. The Cabinet Office and partner organisations are using the results from GovAssure to continue to assess the effectiveness of existing cyber security requirements, including consideration of further mandation of requirements.