Question to the Cabinet Office:

To ask His Majesty's Government when they last assessed the risks to UK critical infrastructure, and what steps they took as a result of that assessment.

The UK Government uses a Lead Government Department model for the oversight of Critical National Infrastructure security and resilience policy. Each Lead Government Department is responsible for routinely undertaking risk assessments for their sector, including assessing Critical National Infrastructure risks within the internal, classified National Security Risk Assessment.

The National Risk Register is the external version of the National Security Risk Assessment. It was most recently updated in January. All risks in the National Risk Register, including those related to Critical National Infrastructure, are kept under review to ensure that they are the most appropriate scenarios to inform emergency preparedness and resilience activity. A number of risks will be subject to reassessment over the next few months. An updated risk will be subsequently published to reflect these changes.

Policy interventions, to address Critical National Infrastructure risks, are sector specific and led by the relevant Lead Government Department.