Question to the Cabinet Office:

To ask His Majesty's Government what steps they are taking to ensure that the United Kingdom is protested from large-scale cyber attacks; and what mitigations are in place to protect core infrastructure in the event of an attack.

The Government is working tirelessly to improve the cyber resilience of the UK’s critical infrastructure. We published the Cyber Security and Resilience policy statement on April 1, which set out our plans for the Cyber Security and Resilience Bill. It will strengthen the UK’s cyber defences and ensure that critical infrastructure and the digital services that UK citizens and businesses rely on are secure.

We welcome the findings of the recent National Audit Office report on Government Cyber Resilience, which highlight the need for an accelerated response. We are taking immediate steps to address its recommendations, including developing a cross-government implementation plan for the 2030 target and a new model to clarify and enforce cyber resilience responsibilities. We have published the Cyber Policy Handbook and the Secure by Design Framework to embed best practice throughout the UK’s public services. We are using GovAssure to define clear cyber resilience outcomes and develop an objective view of cyber resilience across the government technology estate.

Our commitment to improving the UK’s cyber resilience includes our engagement with the National Cyber Security Centre (NCSC). The NCSC engages with government, regulators and critical national infrastructure (CNI) operators to improve the cyber security and resilience of CNI, this includes: supporting them to raise their security baseline, improving their understanding the cyber risks they need to manage, such as the Cyber Assessment Framework, and helping them prepare for how they would respond to an incident or a period of heightened risk, leveraging GCHQ expertise.

The NCSC coordinates the government response to significant incidents. In the event of a severe national cyber incident the Cabinet Office activates COBR for enhanced coordination.