Asked by: Julian Knight (Independent - Solihull)
Question to the Cabinet Office:
To ask the Minister for the Cabinet Office, what assessment he has made of the implications for his policies of the cyber attack on the Electoral Commission from August 2021; and what steps the Commission have taken to protect voters information.
Answered by Jeremy Quin
Since the Electoral Commission reported the incident to the National Cyber Security Centre, the government has worked closely with the Commission to provide it with all the expertise and support required to deal with this incident and protect voters’ information.
The cyber attack experienced by the Electoral Commission and other recent incidents demonstrate just how real the threat is. This government has already identified the challenge we face and is delivering greater cyber resilience through both the National Cyber Strategy and the Government Cyber Security Strategies which were launched in 2022.
Asked by: Lord Watson of Wyre Forest (Labour - Life peer)
Question to the Ministry of Justice:
To ask His Majesty's Government how many prosecutions have been made under section one of the Computer Misuse Act 1990, for each of the past 13 years.
Answered by Lord Bellamy - Parliamentary Under-Secretary (Ministry of Justice)
The Ministry of Justice holds data on prosecutions under Section 1 of the Computer Misuse Act 1990, covering the period requested. This is publicly available and can be viewed via the following link: Criminal Justice System statistics quarterly: December 2022 - GOV.UK (www.gov.uk).
Information on the number of individuals prosecuted under Section 1 of the Computer Misuse Act 1990 at all courts can be found in the above tool by navigating to the ‘Prosecutions and convictions’ tab. In the ‘HO Offence code’ filter, select the offence:
The data requested can be found in the attached table.
Asked by: Gregory Campbell (Democratic Unionist Party - East Londonderry)
Question to the Home Office:
To ask the Secretary of State for the Home Department, How much funding has the Government allocated to tackling cyber crime in the next twelve months.
Answered by Tom Tugendhat - Minister of State (Home Office) (Security)
Tackling cyber crime is at the heart of the Government’s National Cyber Strategy which is supported by £2.6billion of investment over the three year Spending Review period. The National Cyber Strategy (2022-2025) has set the direction and ambition for investment and efforts across the UK cyber ecosystem. Delivery of the Strategy is being supported by the National Cyber Fund. This programme has allocated investment to lead government departments to support delivery of the objectives set out in the strategy.
In the financial year 23/24, the Home Office is receiving £18,243,506 from the National Cyber Fund to provide a range of capabilities and resource to tackle cyber crime. The National Crime Agency receives a further £30,300,000 from the National Cyber Fund, which includes building and maintaining high-end capabilities that allow a cross-system response to the most harmful cyber crimes, such as ransomware.
This funding is supplemented by a further £16,103,000 of Home Office funding under the Police Settlement Programme. This funding continues to build law enforcement capabilities at the national, regional and local levels to ensure they have the capacity to deal with the impacts of increasing volume and sophistication of cyber crime. This includes ensuring local police officers have the skills to investigate these crimes.
Asked by: Dan Jarvis (Labour - Barnsley Central)
Question to the HM Treasury:
To ask the Chancellor of the Exchequer, whether he has had recent discussions with Capita on the potential impact of the cyber attack on their systems on members of the Mineworkers Pension Scheme.
Answered by Andrew Griffith - Minister of State (Department for Science, Innovation and Technology)
The Chancellor of the Exchequer has not held discussions with Capita on the potential impact to members of the Mineworkers’ Pension Scheme from the recent cyber incident.
HM Treasury has worked closely with the Bank of England, Financial Conduct Authority, and the National Cyber Security Centre to monitor any impacts in the finance sector of the cyber incident. The financial regulators have engaged directly with Capita.
Asked by: Lord Taylor of Warwick (Non-affiliated - Life peer)
Question to the Department for Science, Innovation & Technology:
To ask His Majesty's Government what steps they are taking to prevent cybercriminals from exploiting vulnerabilities in UK firms' cybersecurity software.
Answered by Viscount Camrose - Parliamentary Under Secretary of State (Department for Science, Innovation and Technology)
Software is a key driver of growth across the UK, and a fundamental building block of the digital economy. However, this has also increased its appeal to malicious actors. The Government is committed to strengthening the resilience of UK businesses and organisations, and it is a key pillar of the 2022 National Cyber Security Strategy.
The UK is already making significant progress in the area of cybersecurity. The UK Product Security and Telecommunications Infrastructure (PSTI) Act is raising standards of device security for consumers and organisations and the Network and Information Systems (NIS) Regulations are being updated to ensure that critical digital service providers have thorough security practices. These complement ongoing work by the National Cyber Security Centre to provide technical advice to the Government, critical national infrastructure and organisations across the UK.
In February, the Department for Science, Innovation and Technology published a call for views on software resilience and security for businesses and organisations. This sought views on the key risks and challenges around software security, and where the Government should focus on mitigating them.
The call for views closed on 1 May, and the department is currently analysing the responses. These will inform the design of a set of policies to further address risks linked to software. The Government will be setting out its next steps in the summer.
Asked by: Stewart Malcolm McDonald (Scottish National Party - Glasgow South)
Question to the HM Treasury:
To ask the Chancellor of the Exchequer, whether he has had recent discussions with Capita on the potential impact of the cyber attack on their systems on members of the USS pension fund.
Answered by Andrew Griffith - Minister of State (Department for Science, Innovation and Technology)
The Chancellor of the Exchequer has not held discussions with Capita on the potential impact to members of the USS pension fund from the recent cyber incident.
HM Treasury has worked closely with the Bank of England, Financial Conduct Authority, and the National Cyber Security Centre to monitor any impacts in the finance sector of the cyber incident. The financial regulators have engaged directly with Capita.
Asked by: John Healey (Labour - Wentworth and Dearne)
Question to the Cabinet Office:
To ask the Minister for the Cabinet Office, pursuant to the Answer of 9 May 2023 to Question 183317 on Capita: Cybercrime, what his Department's (a) policies on and (b) processes for informing (i) public sector employees and (ii) other individuals affected by a breach of Government data are.
Answered by Jeremy Quin
The Cabinet Office takes personal data breaches very seriously. As part of standard procedure, the Cabinet Office advises that all Cabinet Office employees must immediately report breaches to the Security Team and Data Protection Officer. Any breach that meets the legal tests set out in UK GDPR will be reported to the Information Commissioner or data subjects within the statutory deadlines.
It is our policy that data subjects will usually be notified of any incident pertaining to their personal data. Agreements with delivery partner(s) and 3rd party suppliers must stipulate the arrangements and obligations for ensuring that there is an established, effective and timely process to identify and report any actual or suspected losses of data/information by the ‘provider’.
Asked by: John Healey (Labour - Wentworth and Dearne)
Question to the Cabinet Office:
To ask the Minister for the Cabinet Office, pursuant to the Answer of 9 May 2023 to Question 183317 on Capita: Cybercrime, whether any (a) civilian and (b) military personnel data was affected by the cyber attack.
Answered by Jeremy Quin
The Cabinet Office, the Financial Conduct Authority and the National Cyber Security Center (NCSC) are working with Capita to understand any risks to government data following the incident in March. Investigations, including client consultation, are ongoing and it would not be appropriate to comment on the detail for security reasons.
Asked by: John Healey (Labour - Wentworth and Dearne)
Question to the Cabinet Office:
To ask the Minister for the Cabinet Office, whether any personal information of (a) civilian and (b) military personnel working at (i) fire and rescue services, (ii) the submarine training facility and (iii) other Capita defence sites were affected by the cyber attack against Capita on 31 March 2023.
Answered by Jeremy Quin
The Cabinet Office, the Financial Conduct Authority and the National Cyber Security Center (NCSC) are working with Capita to understand any risks to government data following the incident in March. Investigations, including client consultation are ongoing and it would not be appropriate to comment on the detail for security reasons.
Asked by: John Healey (Labour - Wentworth and Dearne)
Question to the Cabinet Office:
To ask the Minister for the Cabinet Office, pursuant to the Answer of 24 April to Question 181691, on Capita: Cybercrime, when he expects his Department's investigation into the Capita cyber attack to conclude.
Answered by Jeremy Quin
The Cabinet Office, the Financial Conduct Authority and the National Cyber Security Center (NCSC) are working with Capita to understand any risks to government data following the incident in March. Investigations, including client consultation are ongoing and it would not be appropriate to comment on the detail for security reasons.