Asked by: Lord Alton of Liverpool (Crossbench - Life peer)
Question to the Foreign, Commonwealth & Development Office:
To ask His Majesty's Government how many cyber attacks against UK state entities or parliamentarians have been attributed to China with medium or high confidence in each of the past three years.
Answered by Lord Ahmad of Wimbledon - Minister of State (Foreign, Commonwealth and Development Office)
The UK government has strong defences and resilient systems in place to counter the threat posed by malicious cyber activity. Alongside our allies, the UK government has publicly attributed malicious cyber activity to China where we have had compelling evidence to do so and judged this to be in the UK's national interest. The UK has joined international partners in exposing Chinese malicious cyber activity, most recently Chinese state-backed actors' responsibility for the Microsoft Exchange Server attack in early 2021. But the government has not publicly attributed responsibility to the Chinese state for malicious cyber activity against UK state entities or parliamentarians.
Asked by: Steve McCabe (Labour - Birmingham, Selly Oak)
Question to the Department for Business and Trade:
To ask the Secretary of State for Business and Trade, whether she has had recent discussions with Royal Mail on taking steps to keep customers informed following disruption caused by the cyber attack on that company
Answered by Kevin Hollinrake - Minister of State (Department for Business and Trade)
Royal Mail’s approach to informing customers of service disruptions is an operational matter for Royal Mail as a private business. I understand that Royal Mail had provided updates to its customers on the resumption of services through its international incident bulletin, published on its website: www.royalmail.com/international-incident-bulletin.
Asked by: Paul Blomfield (Labour - Sheffield Central)
Question to the Department for Business and Trade:
To ask the Secretary of State for Business and Trade, whether her Department offered support to Royal Mail to help resolve the ransomware attack on 10 January 2023; and whether her Department had discussions with Royal Mail on (a) compensation for sub-postmasters who lost trade arising from the ransomware attack and (b) sustaining sub-postmasters income as they offer more services online.
Answered by Kevin Hollinrake - Minister of State (Department for Business and Trade)
The cyber incident affecting Royal Mail is an operational matter for the business to address. Royal Mail has been working with the National Cyber Security Centre and law enforcement partners to resolve the incident.
The Department has had no discussions with Royal Mail on compensation for sub-postmasters or sustaining sub-postmasters’ income. These are contractual matters for the two businesses.
Asked by: Catherine West (Labour - Hornsey and Wood Green)
Question
To ask the hon. Member for Broxbourne, representing the House of Commons Commission, whether the Commission has had recent discussion with the Home Office on the potential (a) cyber and (b) espionage threat from hostile state actors.
Answered by Charles Walker
House officials regularly meet with the Home Office and related agencies to discuss a wide range of security matters including threats.
Asked by: Kenny MacAskill (Alba Party - East Lothian)
Question to the Home Office:
To ask the Secretary of State for the Home Department, what steps the Government is taking to protect UK (a) nationals and (b) residents from cyberattacks and malicious hacking through the use of spyware by the Government of Bahrain.
Answered by Tom Tugendhat - Minister of State (Home Office) (Security)
The UK’s National Cyber Strategy commits us to countering the proliferation of high-end cyber capabilities and reducing the opportunity for states and organised crime groups to access them via commercial and criminal marketplaces, as well as tackling forums that enable, facilitate, or glamorise cyber criminality.
The National Cyber Security Centre (NCSC) does not routinely avow details of its assessments of the capabilities of foreign governments. However, the cyber security of individuals and organisations is a high priority for the Government. The government is delivering a strategic programme of work to prevent attacks reaching citizens and organisations at scale. This includes a range of interventions such as identifying and removing malicious websites, building a national data sharing capability to enable industry to block malicious websites and attacks, advising banks of stolen customer credentials to enable them to protect their customers, and work to improve the resilience of UK telecoms networks.
Opportunities for malicious actors have increased in line with improvements in connectivity and our growing reliance on digital services. At the same time, barriers to entry have fallen, granting those who were formerly unable the capability to conduct attacks. Government is continually learning from these incidents to further refine and improve our defences and incident management processes.
With respect to spyware specifically, it is vital that all cyber capabilities are used in ways that are legal, responsible and proportionate to ensure cyberspace remains a safe and prosperous place for everyone. The UK currently considers public attribution of cyber attacks on a case-by-case basis, and has shown that we attribute malicious cyber activity where we believe it is in the best interests of the UK to do so.
Asked by: Simon Lightwood (Labour (Co-op) - Wakefield)
Question to the Department for Business and Trade:
To ask the Secretary of State for Business and Trade, if she will make an assessment of the impact on (a) consumers and (b) businesses of the recent cyber attack on Royal Mail.
Answered by Kevin Hollinrake - Minister of State (Department for Business and Trade)
The cyber incident affecting Royal Mail is an operational matter for the business to address. Royal Mail has been working with the National Cyber Security Centre and law enforcement partners to resolve the incident.
Universal postal service performance standards are set and monitored by Ofcom as the independent regulator for postal services. Ofcom requires Royal Mail to have plans in place in the event of an incident that may severely disrupt postal services and it has informed Ofcom of the incident.
Ofcom continues to monitor Royal Mail’s performance to ensure it is providing the best service possible to its customers.
Asked by: Holly Lynch (Labour - Halifax)
Question to the Home Office:
To ask the Secretary of State for the Home Department, when her Department will publish its response to the call for information on the effectiveness of the Computer Misuse Act 1990, which closed in August 2021.
Answered by Tom Tugendhat - Minister of State (Home Office) (Security)
The Computer Misuse Act 1990 is the main legislation relating to cybercrime, and it is essential that we ensure that it continues to be effective. We are still considering the proposals put forward to the Call for Information, and we will inform Parliament shortly of the way forward on the review of the Computer Misuse Act.
Asked by: Julie Elliott (Labour - Sunderland Central)
Question to the Home Office:
To ask the Secretary of State for the Home Department, what steps she is taking to reduce cybercrime.
Answered by Tom Tugendhat - Minister of State (Home Office) (Security)
Tackling cyber crime is at the heart of the Government’s new National Cyber Strategy which is supported by £2.6bn of new investment over the three year Spending Review period. The National Cyber Strategy (2022-2025) has set the direction and ambition for investment and efforts in UK Cyber. Delivery of the Strategy is being supported by the National Cyber Fund. This programme has allocated investment to lead government departments to support delivery of the objectives set out in the strategy.
We are continuing to invest in law enforcement capabilities at the national, regional and local levels to ensure they have the capacity to deal with the increasing volume and sophistication of cyber crime, which includes ensuring officers are being trained and upskilled.
The Cyber Aware campaign is a major national advertising campaign that aims to help businesses (as well as individuals) to protect themselves online. The campaign empowers and enables the public and micro businesses to understand the best ways to stay secure online and take the necessary protective actions; and supports wider efforts to combat the threat at source via the Suspicious Email Reporting Service (SERs), and through partnership interventions. This year’s campaign was launched on 18 March and is focusing on empowering citizens, microbusinesses and sole traders to keep their email accounts secure. Cyber Aware - NCSC.GOV.UK
The Governments’ Cyber Essentials Scheme provides the basic controls all businesses should implement to protect themselves. About Cyber Essentials - NCSC.GOV.UK
Cyber Prevent is an important part of our response to tackling cyber crime. This is an early intervention programme aimed at deterring individuals from getting involved in cyber crime in the first place, moving deeper into cyber crime or reoffending and diverting them towards positive directions. Since 2019, all local forces now have a Cyber Prevent capability.
Further good advice and helpful products from Government include the 10 Steps to Cyber Security and the Cyber Information Sharing Partnership (CISP). 10 Steps to Cyber Security - NCSC.GOV.UK
We have also rolled out Regional Cyber Resilience Centres in each of the nine policing regions, and London. These are a collaboration between police, public, private sector and academic partners to provide subsidised or free products and cyber security consultancy services to help Small and Medium Sized Enterprise and micro businesses protect themselves better in a digital age.
We have developed and we continue to innovate on a series of Active Cyber Defence measures. Active Cyber Defence is the principle of implementing security measures to strengthen the security of a network or system to make it more robust against attack. The National Cyber Security Centre’s Active Cyber Defence programme provides tools that are free at the point of use which help organisations to tackle, in a relatively automated way, a significant proportion of the cyber attacks that hit the UK.
Asked by: Ben Everitt (Conservative - Milton Keynes North)
Question to the Cabinet Office:
To ask the Minister for the Cabinet Office, what recent assessment he has made of the implications for his policies of the Joint Cybersecurity Advisory Alert AA22-257A, published on 14 September 2022 which states that the Islamic Revolutionary Guard Corps have attempted cyber attacks on UK critical national infrastructure in 2022.
Answered by Jeremy Quin
We do not comment on individual cyber incidents. The government’s approach to tackling cyber threats is set out in the National Cyber Strategy (2022), including detecting, disrupting and deterring state, criminal and other malicious cyber actors and activities against the UK. The strategy also sets out our ambition for improvements in the cyber resilience of critical national infrastructure, which includes being more prepared to respond to and recover from incidents, better incident planning and regular exercising.
Asked by: Barry Gardiner (Labour - Brent North)
Question to the Home Office:
To ask the Secretary of State for the Home Department, how many incidents of (a) fraud and (b) cyber crime were reported to Action Fraud in each of the last five years; and in each of those years what proportion of those incidents resulted in a prosecution.
Answered by Tom Tugendhat - Minister of State (Home Office) (Security)
The Home Office collects data on the number of fraud and computer misuse cases reported to Action Fraud that have been recorded as crimes by the National Fraud Intelligence Bureau (NFIB).
Such data is published by the Office for National Statistics on a quarterly basis and the most recently available statistics for the year ending June 2022 can be found, here: https://www.ons.gov.uk/peoplepopulationandcommunity/crimeandjustice/datasets/crimeinenglandandwalesquarterlydatatables
Statistics on the investigative outcomes of those offences referred to the territorial police forces for investigation are published each year by the Home Office. The most recent publication was Crime outcomes in England and Wales 2021 to 2022 and can be found at this link https://www.gov.uk/government/statistics/crime-outcomes-in-england-and-wales-2021-to-2022
The Home Office does not hold information on cases that result in prosecution but the Ministry of Justice publish statistics on court outcomes by crime type including fraud. The latest statistics can be found at: https://www.gov.uk/government/statistics/criminal-justice-system-statistics-quarterly-june-2022.