Written Evidence May. 08 2024
Inquiry: Implications of the war in Ukraine for UK DefenceFound: The Centre for Russia and Eurasia Studies: Ukraine’s Nuclear Shadow: National Security Implications
Written Evidence May. 20 2024
Inquiry: Defending DemocracyFound: threats, with the National Cyber Security Centre (NCSC) assessing that “democratic events, such as
Mentions:
1: Julia Lopez (Con - Hornchurch and Upminster) That would allow the cyber-security of those products to be addressed by regulations specific to the - Speech Link
2: Chi Onwurah (Lab - Newcastle upon Tyne Central) Are the Government taking steps to address the national security implications of connected vehicles, - Speech Link
Asked by: Julian Knight (Independent - Solihull)
Question to the Home Office:
To ask the Secretary of State for the Home Department, what steps he is taking to tackle cyber-related crime in Solihull constituency.
Answered by Tom Tugendhat - Shadow Minister (Home Office) (Security)
Tackling cyber crime is at the heart of the Government’s National Cyber Strategy 2022-25, which is supported by £2.6 billion of investment through the National Cyber Fund.
Key to delivery is ensuring that local policing has the resources needed to deal with the cyber threats we face. In 2023/24, the Home Office is receiving £18 million from the National Cyber Fund to provide a range of capabilities and resource to tackle and respond to cyber crime. This funding is supplemented by a further £16 million of Home Office funding through the Police Settlement Programme.
This funding continues to build law enforcement capabilities at the national, regional, and local levels to ensure they have the capacity and expertise to deal with the perpetrators and victims of cyber crime. We directly fund a specialist Cyber Crime Unit at West Midlands Police, which covers Solihull, and another, more specialist team, at the West Midlands Regional Organised Crime Unit (ROCU). This ROCU team is integral to our response to high-harm, high-impact crimes like cyber extortion.
This Regional Cyber Crime Unit for West Midlands (RCCUWM) also works with businesses and organisations based in Solihull, across the private and public sectors, and at community level. Under the Local Resilience Forum, RCCUWM work with Solihull Council, amongst others, to build stronger cyber security and resilience. A key part of RCCUWM’s work is to ensure the integrity of our Critical National Infrastructure providers, and they have a long-standing partnership with NHS Birmingham Solihull (BSOL) Integrated Care System and NHS England.
We have also rolled out Regional Cyber Resilience Centres in London and each of the nine policing regions, including the West Midlands. These are a collaboration between the police, public, private sector and academic partners to provide cyber security advice to Small and Medium Sized Enterprises so that they can protect themselves better in a digital age. Details of the Cyber Resilience Centre for the West Midlands can be found at Cyber Resilience | The Cyber Resilience Centre For The West Midlands (wmcrc.co.uk)
All vulnerable victims of fraud and cyber crime in Solihull receive contact and Protect advice from law enforcement, specifically aimed at helping them to protect themselves in future from revictimization.
The specialist RCCUWM Prevent Team also work to intervene if people are deemed at risk of becoming involved in cyber offending. RCCUWM deliver the National Cyber Choices programme and have delivered multiple initiatives across Solihull, including working with schools to help them identify those at risk. Solihull local police officers support these important safeguarding interventions.
Jan. 23 2024
Source Page: Business leaders urged to toughen up cyber attack protectionsFound: Business leaders urged to toughen up cyber attack protections
Jan. 23 2024
Source Page: Business leaders urged to toughen up cyber attack protectionsFound: Business leaders urged to toughen up cyber attack protections
Nov. 25 2011
Source Page: The UK Cyber Security Strategy: Protecting and promoting the UK in a digital world. 43 p.Found: The UK Cyber Security Strategy: Protecting and promoting the UK in a digital world. 43 p.
Asked by: Tanmanjeet Singh Dhesi (Labour - Slough)
Question to the Cabinet Office:
To ask the Minister for the Cabinet Office, what assessment he has made of the potential impact of incorporating device security in public sector risk management strategies.
Answered by Alex Burghart - Shadow Secretary of State for Northern Ireland
The Government Cyber Security Standard requires government organisations to meet or exceed the security outcomes specified in the Cyber Assessment Framework (CAF) developed by the National Cyber Security Centre (NCSC).
One of the four objectives which make up the CAF is managing security risk; this objective covers a range of security outcomes in relation to organisations’ internal processes for managing security risk, accountability and decision-making and managing assets such as corporate devices. The CAF also includes specific security outcomes in relation to the secure configuration and management of devices.
In November 2023 we published the cross-government Mobile Device Management (MDM) policy to help government organisations and their Arms Length Bodies keep their corporately owned mobile devices secure and prevent data breaches. This policy is mandatory for all government organisations and Arms Length Bodies. It requires them to manage corporately owned mobile phones and tablets which access, process or store OFFICIAL government and/or citizen data via critical systems using an appropriate MDM solution.
Asked by: Tanmanjeet Singh Dhesi (Labour - Slough)
Question to the Cabinet Office:
To ask the Minister for the Cabinet Office, what his Department's policy is on the security requirements for endpoint devices procured by the public sector.
Answered by Alex Burghart - Shadow Secretary of State for Northern Ireland
The Government Cyber Security Standard requires government organisations to meet or exceed the security outcomes specified in the Cyber Assessment Framework (CAF) developed by the National Cyber Security Centre (NCSC). This includes specific security outcomes in relation to the secure configuration and management of devices.
As the CAF is outcomes-based, it does not specify which commercially available devices meet these security requirements or which vendors government organisations should buy their devices from. That is a matter for government organisations to determine locally, in consultation with their commercial, security and IT teams, based on their organisation’s business needs, risk tolerance and threat profile.
In addition, in November 2023 we published the cross-government Mobile Device Management policy to help government organisations and their Arms Length Bodies keep their corporately owned mobile devices secure and prevent data breaches. NCSC also provides guidance on how to securely configure devices from each of the most commonly used platforms.
Asked by: Tanmanjeet Singh Dhesi (Labour - Slough)
Question to the Cabinet Office:
To ask the Minister for the Cabinet Office, what criteria his Department uses to determine the security standard of hardware devices before they are purchased by Government.
Answered by Alex Burghart - Shadow Secretary of State for Northern Ireland
The Government Cyber Security Standard requires government organisations to meet or exceed the security outcomes specified in the Cyber Assessment Framework (CAF) developed by the National Cyber Security Centre (NCSC). This includes specific security outcomes in relation to the secure configuration and management of devices.
As the CAF is outcomes-based, it does not specify which commercially available devices meet these security requirements or which vendors government organisations should buy their devices from. That is a matter for government organisations to determine locally, in consultation with their commercial, security and IT teams, based on their organisation’s business needs, risk tolerance and threat profile.
In addition, in November 2023 we published the cross-government Mobile Device Management policy to help government organisations and their Arms Length Bodies keep their corporately owned mobile devices secure and prevent data breaches. NCSC also provides guidance on how to securely configure devices from each of the most commonly used platforms.