Asked by: Lord Browne of Ladyton (Labour - Life peer)
Question to the Department for Science, Innovation & Technology:
To ask His Majesty's Government, with regard to their Government Cyber Security Strategy: 2022–2030, published on 25 January 2022, what assessment they have made of the UK Cyber Security Council’s progress in developing consistent taxonomies, standards and pathways for the cyber security profession across the UK.
Answered by Viscount Camrose - Parliamentary Under Secretary of State (Department for Science, Innovation and Technology)
The UK Cyber Security Council was established to develop professional standards so that cyber security can be appropriately recognised as a profession, similar fields such as accounting and engineering. In October 2023, the Council announced that over 100 cyber security practitioners had been awarded professional titles (including chartered status) and this number is increasing. The Council has used its standards to outline pathways into and through the cyber security profession by creating a Cyber Careers Framework. The Council continues to work with stakeholders in government, industry, and academia to ensure that the standards it sets are relevant, accessible, and demand consistent high quality from cyber security practitioners throughout the UK.
Asked by: Lord Browne of Ladyton (Labour - Life peer)
Question to the Department for Science, Innovation & Technology:
To ask His Majesty's Government what steps they are taking to support businesses seeking to adopt process improvement programmes for their organisational cyber-resilience.
Answered by Viscount Camrose - Parliamentary Under Secretary of State (Department for Science, Innovation and Technology)
The government is inviting views on a proposed Cyber Governance Code of Practice until 19th March. This is part of a package of action in the £2.6 billion National Cyber Strategy to drive up improvements in organisational cyber resilience. Co-designed with the National Cyber Security Centre (NCSC) and industry experts, the Code consolidates critical cyber governance areas for directors' ownership. As part of this package, the NCSC revised their Board Toolkit (BTK) and intends to develop an online Cyber Governance Training Pack for Boards, integrating the Code and BTK. This comprehensive package will help boards ensure that cyber resilience is embedded throughout their organisation, including its people and processes.
Asked by: Lord Harris of Haringey (Labour - Life peer)
Question to the Cabinet Office:
To ask His Majesty's Government, following the data breach experienced by Southern Water as a result of a cyber-attack, what assessment they have made of the adequacy of existing cyber security regulations for UK critical infrastructure.
Answered by Baroness Neville-Rolfe - Minister of State (Cabinet Office)
The National Cyber Strategy 2022 set outcomes for critical national infrastructure (CNI) (in the private and public sector) to better understand & manage cyber risk and minimise the impact of cyber incidents when they occur. In addition, at CyberUK 2023, the Deputy Prime Minister announced specific and ambitious cyber resilience targets for all CNI sectors (public and private sector) to meet by 2025.
Over the past year, the Cabinet Office has been progressing foundational work to support the creation of common but flexible resilience standards across CNI and do more on the assurance of CNI, including cyber assurance preparedness, by 2030. This includes work to evaluate the impact and effectiveness of all regulation that applies to CNI, including (but not limited to) NIS regulations, and to bring more private sector businesses working in CNI within the scope of cyber resilience regulations.
The Government is also committed to ensuring cyber security in the public sector, which is why GovAssure was launched in April 2023. Under GovAssure, government organisations regularly review the effectiveness of their cyber defences against common cyber vulnerabilities and attack methods. We are currently evaluating the first year’s assessments. GovAssure will enable government organisations to accurately assess their levels of cyber resilience across their critical services, highlight priority areas for improvement and provide the Government with a strategic view of cyber capability, risk and resilience across the sector.
Asked by: Lord Browne of Ladyton (Labour - Life peer)
Question to the Cabinet Office:
To ask His Majesty's Government what assessment they have made of the efficacy of existing cyber-resilience regulations relating to the UK’s critical national infrastructure.
Answered by Baroness Neville-Rolfe - Minister of State (Cabinet Office)
The National Cyber Strategy 2022 set outcomes for critical national infrastructure (CNI) (in the private and public sector) to better understand & manage cyber risk and minimise the impact of cyber incidents when they occur. In addition, at CyberUK 2023, the Deputy Prime Minister announced specific and ambitious cyber resilience targets for all CNI sectors (public and private sector) to meet by 2025.
Over the past year, the Cabinet Office has been progressing foundational work to support the creation of common but flexible resilience standards across CNI and do more on the assurance of CNI, including cyber assurance preparedness, by 2030. This includes work to evaluate the impact and effectiveness of all regulation that applies to CNI, including (but not limited to) NIS regulations, and to bring more private sector businesses working in CNI within the scope of cyber resilience regulations.
The Government is also committed to ensuring cyber security in the public sector, which is why GovAssure was launched in April 2023. Under GovAssure, government organisations regularly review the effectiveness of their cyber defences against common cyber vulnerabilities and attack methods. We are currently evaluating the first year’s assessments. GovAssure will enable government organisations to accurately assess their levels of cyber resilience across their critical services, highlight priority areas for improvement and provide the Government with a strategic view of cyber capability, risk and resilience across the sector.
Asked by: Lord Harris of Haringey (Labour - Life peer)
Question to the Department for Science, Innovation & Technology:
To ask His Majesty's Government what steps they are taking to help businesses provide advanced cyber skills training to staff.
Answered by Viscount Camrose - Parliamentary Under Secretary of State (Department for Science, Innovation and Technology)
The National Cyber Strategy sets out the importance of reducing cyber risks to businesses. To do this, the Government is supporting the UK Cyber Security Council to define the skills and knowledge needed for cyber roles. The Government is also funding numerous targeted training initiatives such as Cyber Ready and Upskill in Cyber to upskill and retrain those in the workforce, as well as the government-funded Skills Bootcamp opportunities highlighted through our recent Advanced Digital Skills campaign. This is alongside our Cyber Essentials scheme which supports businesses to implement essential technical controls on cyber security.
Asked by: Siobhain McDonagh (Labour - Mitcham and Morden)
Question to the Department for Energy Security & Net Zero:
To ask the Secretary of State for Energy Security and Net Zero, how many breaches of (a) physical and (b) cyber security there were at Sellafield in each year since 2015.
Answered by Andrew Bowie - Parliamentary Under Secretary of State (Department for Energy Security and Net Zero)
I will write to the hon. Member on this matter, and place a copy of my letter in the Library of the House.
Asked by: Andrew Rosindell (Conservative - Romford)
Question to the Department for Education:
To ask the Secretary of State for Education, whether she has had discussions with Cabinet colleagues on cyber security threats to educational institutions.
Answered by Damian Hinds - Minister of State (Education)
The UK government takes cyber threats to our public institutions very seriously and this threat has been highlighted in both the published Integrated Review and the Government Cyber Security Strategy, which show the cross-government approach the department has to tackling these threats. The Integrated Review is accessible at: https://www.gov.uk/government/collections/the-integrated-review-2021. The Government Cyber Security Strategy is accessible at: https://www.gov.uk/government/publications/government-cyber-security-strategy-2022-to-2030.
The department cyber team continues to work closely with colleagues across government, including those at the National Cyber Security Centre, to manage its cyber risk across educational institutions.
Asked by: Nick Thomas-Symonds (Labour - Torfaen)
Question to the Ministry of Defence:
To ask the Secretary of State for Defence, how many and what proportion of digital roles within his Department were vacant as of 26 February 2024.
Answered by Andrew Murrison - Parliamentary Under-Secretary (Ministry of Defence)
The Ministry of Defence (MOD) has 925 vacant posts aligned to digital roles which makes up 27.5% as the proportion of the total civilian digital workforce across Defence. Please note that these vacant posts may not be under any recruitment action at this time.
As part of the 2022 to 2025 roadmap for digital and data, all departments made a commitment to reduce their digital and data vacancies to under 10% of total Government Digital and Data headcount by 2025. MOD has adopted the Central Digital and Data Office Digital Data and Technology pay framework and introduced a new Digital Skills Allowance in September 2023 across the entire digital function. This is to enable improved attraction and retention in critical digital and cyber security roles. Recruitment using the Digital Skills Allowance is underway, with some early success in attracting external applicants to some Data and Software Development roles.
Asked by: Kieran Mullan (Conservative - Crewe and Nantwich)
Question to the Cabinet Office:
To ask the Minister for the Cabinet Office, what steps his Department is taking to strengthen cyber security.
Answered by Alex Burghart - Parliamentary Secretary (Cabinet Office)
The National Cyber Strategy 2022 sets out how the UK will continue to be a leading responsible and democratic cyber power, able to protect and promote our interests in and through cyberspace. It is supported by more than £2.6 billion of investment over three years with a particular emphasis on improving the government’s own cyber security.
The Strategy is delivering a step-change in the UK’s cyber resilience with the government leading the way, adopting a more proactive and sustained campaign approach to deter our adversaries, putting cyber power at the heart of the UK’s foreign policy agenda, whilst protecting and pursuing a competitive advantage in the underpinning technologies that are critical to cyberspace. It also emphasises a whole-of-society approach calling on all parts of society to play their part in reinforcing the UK’s economic and strategic strengths in cyberspace.
In August 2023 the Government published its first annual report on progress implementing the Strategy. The report highlighted the success in the last twelve months in improving cyber resilience through the NCSC Cyber Action Plan and Cyber Essentials as well as disruptions such as the first tranche of cyber sanctions and the takedown of the GENESIS marketplace, a go-to service for cyber-criminals.
Asked by: Kieran Mullan (Conservative - Crewe and Nantwich)
Question to the Cabinet Office:
To ask the Minister for the Cabinet Office, what steps his Department is taking to strengthen national security.
Answered by Alex Burghart - Parliamentary Secretary (Cabinet Office)
The Cabinet Office leads and coordinates the UK’s national security crisis response through the Cabinet Office Briefing Room (COBR), and national security policy through the National Security Council structures. This includes the National Cyber Strategy, National Security and Investment Programme, and the Biological Security Strategy, all of which the department is taking essential steps to deliver.
Key successes in 2023 included publishing the Integrated Review Refresh, passing the National Security Act, launching the Emergency Alerting service, and delivering the Atlantic Declaration and risk elements of the AI Summit. So far in 2024, we have launched a new Strategic Dialogue on Biological Security with the US and continued to coordinate the response to the conflict in Gaza and Russia’s illegal invasion of Ukraine.