Question to the Cabinet Office:
To ask His Majesty's Government, following the data breach at the Electoral Commission, what plans they have to review the effectiveness of cyber defences of the Government's own technology platforms and those of other public bodies.
The Government Cyber Security Strategy published last year sets out our plans to significantly harden the Government’s critical functions against cyber attack by 2025, with all organisations across the public sector being resilient to known vulnerabilities by 2030.
We have already made significant progress against the strategy. Earlier this year the Government launched GovAssure, the new cyber security assurance process for government organisations. Under GovAssure, government organisations will regularly review the effectiveness of their cyber defences against common cyber vulnerabilities and attack methods. GovAssure will enable government organisations to accurately assess their levels of cyber resilience across their critical services, highlight priority areas for improvement and provide the Government with a strategic view of cyber capability, risk and resilience across the sector.
The Electoral Commission is independent of Government and is accountable to Parliament through the Speaker’s Committee on the Electoral Commission. However, we have supported the Commission via the National Cyber Security Centre, who have provided the Commission with expert advice and support to aid their recovery after the cyber incident was first identified.