Asked by: Tanmanjeet Singh Dhesi (Labour - Slough)
Question to the Cabinet Office:
To ask the Minister for the Cabinet Office, if he will make an assessment of the impact of the National Procurement Policy Statement, published in June 2021, on cybersecurity in public sector procurement processes.
Answered by Alex Burghart - Parliamentary Secretary (Cabinet Office)
The Procurement Act 2023 brings in new powers to exclude and debar companies from public procurement on grounds of national security. The new National Security Unit for Procurement (NSUP), in the Cabinet Office, will work across government to coordinate assessments of companies and support ministers in national security debarment decisions.
In addition, Procurement Policy Note 09/14 requires central government contracting authorities to ensure that for contracts with certain characteristics, suppliers must meet the technical requirements prescribed by Cyber Essentials, including where suppliers store, or process, personal information or data at Official level.
The Cabinet Office encourages all organisations to follow National Cyber Security Centre (NCSC) guidance which sets out the security matters to be considered during the procurement process. The National Protective Security Agency (NPSA) has also published guidance to prevent hostile actors exploiting vulnerabilities in supply chains.
The National Procurement Policy Statement sets out the national priorities that all contracting authorities should have regard to in their procurement where it is relevant to the subject matter of the contract and proportionate to do so. The current statement does not include cyber security as a separate, wider policy because the need for cyber security protection is fundamental to procurements where it applies and therefore built into the procurement process as described above. The new legislative statement that will come into force alongside the Procurement Act is currently being drafted and will be subject to a consultation process as set out in Section 13 of the Act.
Asked by: Tanmanjeet Singh Dhesi (Labour - Slough)
Question to the Cabinet Office:
To ask the Minister for the Cabinet Office, if he will make an assessment of the effectiveness of the Procurement Act 2023 for tackling cybersecurity threats in public tenders.
Answered by Alex Burghart - Parliamentary Secretary (Cabinet Office)
The Procurement Act 2023 brings in new powers to exclude and debar companies from public procurement on grounds of national security. The new National Security Unit for Procurement (NSUP), in the Cabinet Office, will work across government to coordinate assessments of companies and support ministers in national security debarment decisions.
In addition, Procurement Policy Note 09/14 requires central government contracting authorities to ensure that for contracts with certain characteristics, suppliers must meet the technical requirements prescribed by Cyber Essentials, including where suppliers store, or process, personal information or data at Official level.
The Cabinet Office encourages all organisations to follow National Cyber Security Centre (NCSC) guidance which sets out the security matters to be considered during the procurement process. The National Protective Security Agency (NPSA) has also published guidance to prevent hostile actors exploiting vulnerabilities in supply chains.
The National Procurement Policy Statement sets out the national priorities that all contracting authorities should have regard to in their procurement where it is relevant to the subject matter of the contract and proportionate to do so. The current statement does not include cyber security as a separate, wider policy because the need for cyber security protection is fundamental to procurements where it applies and therefore built into the procurement process as described above. The new legislative statement that will come into force alongside the Procurement Act is currently being drafted and will be subject to a consultation process as set out in Section 13 of the Act.
Written Evidence Mar. 20 2024
Inquiry: The UK’s economic securityFound: UKE0016 - The UK’s economic security techUK Written Evidence
Asked by: Jim Shannon (Democratic Unionist Party - Strangford)
Question to the Department for Energy Security & Net Zero:
To ask the Secretary of State for Energy Security and Net Zero, whether her Department is taking steps to secure the (a) electricity grid and (b) electric vehicle infrastructure from remote disruption by foreign actors.
Answered by Justin Tomlinson - Minister of State (Department for Energy Security and Net Zero)
The Government takes the security of the electricity grid and electric vehicle infrastructure extremely seriously. The Department for Energy Security and Net Zero works closely with Ofgem, the National Cyber Security Centre, and operators to strengthen infrastructure against attacks, share threat intelligence, and set clear and robust regulatory standards that are enforced through the Network and Information Systems Regulations 2018.
The 2021 electric vehicle smart charge point regulations include cyber security requirements. These require that all private charge points meet physical tamperproof requirements, check regularly for security updates, and encrypt all communication to and from the charge point.
The Government has recently published a detailed consultation package, 'Delivering a smart and secure electricity system: implementation'. This sets out proposals for minimum security and grid stability requirements for Energy Smart Appliances and load controlling organisations to further mitigate risk.
Asked by: Julie Elliott (Labour - Sunderland Central)
Question to the Department of Health and Social Care:
To ask the Secretary of State for Health and Social Care, whether the implementation plan for a cyber resilient health and adult social care system in England has been published.
Answered by Andrew Stephenson - Minister of State (Department of Health and Social Care)
The purpose of the implementation plan is to provide details on how we are going to be delivering our strategy over the current spending period. The plan will be published in spring 2024, but we are already delivering on the strategy through an ambitious Cyber Improvement Programme, aiming to invest up to £147.6 million by April 2025.
This programme is looking to further strengthen existing national cyber security controls for health and care, which already includes cyber monitoring 24 hours a day, seven days a week, through NHS England’s Cyber Security Operations Centre, national-scale defences from cyberattack, such as Secure Boundary, and nationally provided cyber incident response contracts in the event of a cyber incident.
Feb. 14 2024
Source Page: The second UK-Nigeria Security and Defence Partnership Dialogue CommuniqueFound: The second UK-Nigeria Security and Defence Partnership Dialogue Communique
Feb. 14 2024
Source Page: The second UK-Nigeria Security and Defence Partnership Dialogue CommuniqueFound: The second UK-Nigeria Security and Defence Partnership Dialogue Communique
May. 16 2024
Source Page: Improving UK cyber resilience: AI, software and skillsFound: Improving UK cyber resilience: AI, software and skills
May. 16 2024
Source Page: Improving UK cyber resilience: AI, software and skillsFound: Improving UK cyber resilience: AI, software and skills
Mar. 25 2024
Source Page: UK holds China state-affiliated organisations and individuals responsible for malicious cyber activityFound: UK holds China state-affiliated organisations and individuals responsible for malicious cyber activity