Asked by: Gregory Campbell (Democratic Unionist Party - East Londonderry)
Question to the Home Office:
To ask the Secretary of State for the Home Department, how many major cyber crime incidents have been reported since the National Cyber Strategy was introduced.
Answered by Tom Tugendhat - Minister of State (Home Office) (Security)
Since the announcement of the National Cyber Strategy on 15 December 2021, the National Cyber Security Centre (NCSC) has received 71 reports associated with cyber crime activity, considered to be significant.
The NCSC categorise incidents based on numerous contemporaneous factors, including but not limited to, the technical impact of the incident, the nature of the affected organisation, and contextual considerations at the time of the incident report being received.
NCSC and law enforcement take action against cyber criminals by taking down their malicious URLs used to defraud people.
Mentions:
1: Mark Hendrick (LAB - Preston) to cyber-crime and the need to enhance the UK’s national cyber-resilience.Cyber-security has a significant - Speech Link
2: Dan Jarvis (Lab - Barnsley Central) National Cyber Security Centre, which is home to exceptional men and women fighting cyber-crime, has - Speech Link
3: Tom Tugendhat (Con - Tonbridge and Malling) the National Cyber Security Centre as a guarantee of security on the internet and in cyber-space. - Speech Link
Asked by: Dan Jarvis (Labour - Barnsley Central)
Question to the Home Office:
To ask the Secretary of State for the Home Department, whether he has made an assessment of the potential merits of introducing a ban on public sector bodies paying a ransom to criminal groups in exchange for decryption.
Answered by Tom Tugendhat - Minister of State (Home Office) (Security)
Cyber crime is a significant threat to the security and prosperity of the UK. The most recent Crime Survey for England and Wales (CSEW) estimated that there were 984,000 ‘computer misuse’ offences against individuals in England and Wales in the year ending December 2023. The Government recognises ransomware as the most significant national security cyber threat.
The National Cyber Security Centre (NCSC) discourages paying ransoms, noting that such payments rarely ensure data recovery. The UK Government neither pays ransoms nor condones the payment of ransoms to criminals, always advising against such substantial concessions to hostage-takers or extortionists.
At the Counter Ransomware Initiative (CRI) summit in Washington last year, we led a joint statement signed by 46 countries and Interpol, which pledged that “relevant institutions under the authority of our national government” should not be used to pay a ransomware demand. This was the first international statement of its kind. Our joint statement was a major milestone in achieving international consensus around the non-payment of ransoms.
Written Evidence Jan. 24 2024
Inquiry: Defence industry in WalesFound: defence manufacturing and cyber security).
Mentions:
1: Oliver Dowden (Con - Hertsmere) We do extensive work with the National Cyber Security Centre and the Ministerial Cyber Board on critical - Speech Link
2: Oliver Dowden (Con - Hertsmere) Cyber Security Centre. - Speech Link
3: Oliver Dowden (Con - Hertsmere) Cyber Security Centre. - Speech Link
4: Oliver Dowden (Con - Hertsmere) Cyber Security Centre. - Speech Link
5: David Jones (Con - Clwyd West) Cyber Security Centre. - Speech Link
6: Oliver Dowden (Con - Hertsmere) Cyber Security Centre. - Speech Link
Mentions:
1: Oliver Dowden (Con - Hertsmere) This is an important issue, which is why we established the National Cyber Security Centre. - Speech Link
2: Oliver Dowden (Con - Hertsmere) Cyber Security Centre. - Speech Link
3: Oliver Dowden (Con - Hertsmere) Cyber Security Centre. - Speech Link
4: Oliver Dowden (Con - Hertsmere) Cyber Security Centre. - Speech Link
Asked by: Lord Browne of Ladyton (Labour - Life peer)
Question to the Department for Science, Innovation & Technology:
To ask His Majesty's Government what steps they are taking to support businesses seeking to adopt process improvement programmes for their organisational cyber-resilience.
Answered by Viscount Camrose - Parliamentary Under Secretary of State (Department for Science, Innovation and Technology)
The government is inviting views on a proposed Cyber Governance Code of Practice until 19th March. This is part of a package of action in the £2.6 billion National Cyber Strategy to drive up improvements in organisational cyber resilience. Co-designed with the National Cyber Security Centre (NCSC) and industry experts, the Code consolidates critical cyber governance areas for directors' ownership. As part of this package, the NCSC revised their Board Toolkit (BTK) and intends to develop an online Cyber Governance Training Pack for Boards, integrating the Code and BTK. This comprehensive package will help boards ensure that cyber resilience is embedded throughout their organisation, including its people and processes.
Asked by: Lord Kempsell (Conservative - Life peer)
Question to the Home Office:
To ask His Majesty's Government what steps they are taking to improve the personal and cyber security of high-profile individuals involved in politics, such as parliamentarians, ahead of the upcoming general election campaign.
Answered by Lord Sharpe of Epsom - Parliamentary Under-Secretary (Home Office)
The safety of our elected representatives is essential to the security of our country. Protecting our democratic values and processes is one of the most important duties of government. That is why the Government will take every possible step to safeguard the people, processes, and institutions upon which our democracy relies.
On 28th February the Prime Minister announced the Government was investing an additional £31 million in funding to protect the democratic process and our elected representatives. The funding is being used to strengthen protective security measures for MPs and locally elected representatives over the next year.
Through the funding we are enhancing police capabilities, increasing private sector security provision for those facing a higher risk, and expanding cyber security advice to elected representatives. The investment also enables the expansion of the Operation BRIDGER network, so that every elected representative and candidate is given a dedicated, named police contact to liaise with on security matters, where needed. Through this network all candidates will have access to security briefings in the run up to the General Election.
The funding is accompanied by a new Defending Democracy Policing Protocol, agreed with police to enhance the safety of elected representatives, and protect the UK’s democratic process from disruption. Further information about the Protocol is available on GOV.UK.
Furthermore, the Defending Democracy Taskforce has supported the Westminster Parliamentary authorities and the National Cyber Security Centre to develop and roll out an enhanced cyber security offer for Parliamentarians and their teams to better protect them against cyber-attacks and foreign interference. As part of the £31 million uplift, the Taskforce is now seeking to extend this offer to other elected officials including the Devolved Authorities and is working closely with staff from the Devolved Authorities to do so.
Asked by: Chris Bryant (Labour - Rhondda)
Question to the Department for Science, Innovation & Technology:
To ask the Secretary of State for Science, Innovation and Technology, what steps her Department is taking to (a) ensure the security of network infrastructure and (b) prevent unauthorised access to fibre lines during the (i) installation and (ii) utilisation of Openreach ducting.
Answered by Julia Lopez - Minister of State (Department for Science, Innovation and Technology)
The Department for Science, Innovation and Technology (DSIT) works with Ofcom, UK technical authorities (the National Cyber Security Centre and the National Protective Security Authority) and industry to identify risks and ensure the security of telecoms network infrastructure.
Through the Telecommunications (Security) Act 2021 and working with the National Cyber Security Centre and Ofcom, we have one of the toughest telecoms cyber security regimes in the world with the Electronic Communications (Security Measures) Regulations 2022 and Code of Practice. These place stringent obligations on providers of public telecoms networks to protect those networks against security threats. The Act also created new national security powers to manage and control the use of high-risk vendors in the UK’s telecoms network.
DSIT also works with the National Protective Security Agency (NPSA) in developing telecoms security policies. The NPSA advises government and industry on the physical security of infrastructure, including its installation.
DSIT will continue to develop policies to address significant risks to the cyber, physical and personnel security of telecoms infrastructure where necessary, based on advice from the NPSA and NCSC.
Asked by: Tanmanjeet Singh Dhesi (Labour - Slough)
Question to the Cabinet Office:
To ask the Minister for the Cabinet Office, what assessment he has made of the effectiveness of the Procurement Act 2023 on strengthening cyber security requirements for public tenders.
Answered by Alex Burghart - Parliamentary Secretary (Cabinet Office)
The Procurement Act 2023 brings in new powers to exclude and debar companies from public procurement on grounds of national security. The new National Security Unit for Procurement (NSUP), in the Cabinet Office, will work across government to coordinate assessments of companies and support ministers in national security debarment decisions.
In addition, Procurement Policy Note 09/14 requires central government contracting authorities to ensure that for contracts with certain characteristics, suppliers must meet the technical requirements prescribed by Cyber Essentials, including where suppliers store, or process, personal information or data at Official level.
The Cabinet Office encourages all organisations to follow National Cyber Security Centre (NCSC) guidance which sets out the security matters to be considered during the procurement process. The National Protective Security Agency (NPSA) has also published guidance to prevent hostile actors exploiting vulnerabilities in supply chains.
The National Procurement Policy Statement sets out the national priorities that all contracting authorities should have regard to in their procurement where it is relevant to the subject matter of the contract and proportionate to do so. The current statement does not include cyber security as a separate, wider policy because the need for cyber security protection is fundamental to procurements where it applies and therefore built into the procurement process as described above. The new legislative statement that will come into force alongside the Procurement Act is currently being drafted and will be subject to a consultation process as set out in Section 13 of the Act.