Question to the Department for Transport:

To ask the Secretary of State for Transport, what steps her Department is taking to work with transport operators to mitigate the risks posed by cyber attacks.

The Department for Transport (DfT) works across Government to introduce relevant standards, guidance, and policy to ensure the cyber security and resilience of our essential services.

DfT uses both policy and regulatory levers to support the transport sector to effectively manage cyber risk and assist the sector to secure its networks and systems. We work closely with the National Cyber Security Centre (NCSC), operators across all four modes of transport, and others to continuously assess and mitigate emerging cyber threats to the sector.

As Competent Authority under the Network and Information Systems (NIS) Regulations 2018 for road, rail and maritime and joint Competent Authority for aviation with the Civil Aviation Authority, DfT regulates transport Operators of Essential Services (OES) to ensure that services which are most critical to the British public are compliant with relevant cyber standards. We will use the forthcoming Cyber Security and Resilience Bill (CSRB) to strengthen our regulatory powers, improve incident reporting, and expand the type of entities in scope.