Asked by: Catherine West (Labour - Hornsey and Wood Green)
Question to the Foreign, Commonwealth & Development Office:
To ask the Deputy Foreign Secretary, how many UK-based staff from his Department worked in (a) HM Embassy or the High Commission and (b) Consulates General, Consulates or Deputy High Commissions in (i) China, (ii) South Korea, (iii) Vietnam, (iv) the Philippines, (v) India and (vi) the Asia Pacific region in 2023.
Answered by Anne-Marie Trevelyan - Minister of State (Foreign, Commonwealth and Development Office)
Mar24 UKB Data | |||
Location | A | B | |
(v) | India | 30-39 | 10-19 |
(iv) | Philippines | 10-19 | No UKB Staff |
(ii) | South Korea | 10-19 | No UKB Staff |
(iii) | Vietnam | 10-19 | Fewer than 10 |
(vi) | Asia Pacific Region | 180-199 | Fewer than 10 |
Scope | |
British Embassy | A |
British High Commission | A |
British Consulate | B |
British Consulate General | B |
British Deputy High Commission | B |
Countries in Scope of Asia Pacific Region |
Australia |
Brunei |
Cambodia |
Fiji |
Indonesia |
South Korea |
Laos |
Malaysia |
Myanmar |
New Zealand |
Papua New Guinea |
Philippines |
Samoa |
Singapore |
Solomon Islands |
Thailand |
Tonga |
Vanuatu |
Vietnam |
Staff in scope: UKB | |
Headcount data is presented as at: Mar24 | |
Locations:China (Withheld), India, Philippines, South Korea, Vietnam (Part (i) to (v), see list for (Part (vi). | |
Staff out of scope: Contingent Labour, Unpaid Liabilities, Ministers / NeDs / SpAds etc, third party suppliers, Staff working for other government departments, CB staff. | |
Headcounts are banded for release in line with advice from FCDO Information and Cyber Security Unit. |
Asked by: Liam Byrne (Labour - Birmingham, Hodge Hill)
Question to the Department for Business and Trade:
To ask the Secretary of State for Business and Trade, what recent assessment she has made of the effectiveness of export controls on cyber-surveillance tools.
Answered by Alan Mak - Minister of State (Department for Business and Trade) (jointly with the Cabinet Office)
The UK already controls the export of a range of cyber-surveillance tools. Export licence applications for such items are rigorously assessed against the Strategic Export Licensing Criteria taking full account of risks to national security and human rights. The UK Government continues to work through the international export control regimes to ensure these controls remain up-to-date.
In assessing licences involving sensitive communications technology, the Export Control Joint Unit also takes advice from HM Government’s National Cyber Security Centre.
Asked by: Liam Byrne (Labour - Birmingham, Hodge Hill)
Question to the Department for Business and Trade:
To ask the Secretary of State for Business and Trade, what role the National Cyber Security Centre plays in facilitating export controls to prevent the proliferation of sensitive technology in the areas of (a) artificial intelligence, (b) quantum computing, (c) biometric tools and data and (d) intangible technology transfers.
Answered by Alan Mak - Minister of State (Department for Business and Trade) (jointly with the Cabinet Office)
The National Cyber Security Centre is HM Government’s national technical authority for information security and advises the Export Control Joint Unit, in the Department for Business and Trade, on export licence applications for goods involving sensitive communications or computer technology.
Asked by: Maria Eagle (Labour - Garston and Halewood)
Question to the Ministry of Defence:
To ask the Secretary of State for Defence, what the average number of people employed to the cyber security programme at the Defence Science and Technology Laboratory was in each year since 2019.
Answered by James Cartlidge - Minister of State (Ministry of Defence)
Dstl works with industry, academia and Government to make sure the UK has the right defence science and technology capabilities, and to deliver work for our customers in the Ministry of Defence (MOD) and across Government. Dstl provides summary information on its Science and Technology Programmes on its website to inform the public of the nature of the work it is undertaking.
Dstl’s structure, and the wide range of expertise within the organisation, allows expertise to be brought in, as required, to support the dedicated programme technical teams deliver its S&T Programmes.
Whilst information relating to Dstl’s workforce is published annually in its Annual Report and Accounts, detailed FTE staffing details in respect of named Programmes cannot be provided in the interests of National Security.
Asked by: Maria Eagle (Labour - Garston and Halewood)
Question to the Ministry of Defence:
To ask the Secretary of State for Defence, what the annual budget for the Cyber Security programme at the Defence Science and Technology Laboratory is for the financial year (a) 2023-24, (b) 2024-25 and (c) 2025-26.
Answered by James Cartlidge - Minister of State (Ministry of Defence)
I refer the right hon. Member to the answer I gave her on 2 April 2024 to Question 19791.
Asked by: Lord Bishop of St Albans (Bishops - Bishops)
Question to the Cabinet Office:
To ask His Majesty's Government whether they plan to ban Chinese-made electric cars from sensitive national infrastructure sites.
Answered by Baroness Neville-Rolfe - Minister of State (Cabinet Office)
The UK takes the security and resilience of critical infrastructure seriously. Each Critical National Infrastructure (CNI) sector has a Lead Government Department responsible for working with owners and operators to identify and mitigate risks to their sites. They are also supported by the National Cyber Security Centre and the National Protective Security Authority who provide expert advice and guidance to both public and private organisations to identify risks and vulnerabilities to the UK’s national infrastructure.
As set out in the Integrated Review Refresh, China under the Chinese Communist Party (CCP) poses an epoch-defining challenge and an economic threat to a range of government policy areas, including CNI. The Government actively monitors threats to UK critical national infrastructure, and will not hesitate to take further action if necessary to protect sensitive assets where appropriate to protect national security.
Asked by: Lord Bishop of St Albans (Bishops - Bishops)
Question to the Department for Transport:
To ask His Majesty's Government what assessment they have made of the potential impact upon national security of Chinese-made electric vehicles; and whether they plan to further investigate any risks that may arise.
Answered by Lord Davies of Gower - Parliamentary Under-Secretary (Department for Transport)
DfT co-chairs the UN Economic Commission for Europe (UNECE) group that developed two new international regulations related to connected vehicles – one on cyber security and one on software updates. The cyber security regulation sets out requirements to mitigate potential threats in vehicle construction, to monitor emerging threats and to respond to cyber attacks.
The Government takes national security extremely seriously. The Department for Transport (DfT) works closely with the transport sector and the National Cyber Security Centre (NCSC), and other Government departments, including the Department for Business and Trade (DBT) and Department for Science Innovation and Technology (DSIT), to understand and respond to cyber vulnerabilities associated with all connected vehicles, including electric vehicles.
Asked by: Baroness Manzoor (Conservative - Life peer)
Question to the Department of Health and Social Care:
To ask His Majesty's Government what steps they have taken to ensure that patient records and personal data are only accessible to those who need to view them, and to ensure connections between software systems in health facilities include suitable control measures for this risk.
Answered by Lord Markham - Parliamentary Under-Secretary (Department of Health and Social Care)
National IT systems must ensure that users can be identified correctly, and are given appropriate access. This is achieved using identity verification capabilities, including creating a national digital identity for each authorised user.
Each local National Health Service organisation which requires access to the national IT systems is required to set up its own local Registration Authority (RA) which consists of people and processes who are trained to create identities and grant access for their staff to the national IT systems. NHS England has published the RA Policy requirements with which every local NHS organisation that has an RA must comply. This reflects current best practice for identity and access management as informed by the National Cyber Security Centre (NCSC) guidance.
The RA Policy also allows non-NHS health and care organisations providing direct care to run their own RA service. RA hosting is subject to meeting requirements and assessment criteria, which are soon to be published.
The RA process includes the use of RA codes, assigned to professional users’ smartcards to give them access to the correct information within national IT systems.
The RA codes which are assigned for a specific user will allow that user to create and process referrals appropriately depending on their job role.
Local organisations which have an RA function are required to have an RA audit policy and conduct annual audits on NHS Smartcard usage as part of their RA governance. RA Managers (those responsible for administering the RA function within an organisation) must implement a process to run the RA reports on a regular basis.
Asked by: Lord Alton of Liverpool (Crossbench - Life peer)
Question to the Foreign, Commonwealth & Development Office:
To ask His Majesty's Government what assessment they have made of the report by the Coalition on Secure Technology, Chinese cellular (IoT) modules: Countering the threat, published in March, and its conclusions that Chinese-made cellular internet of things modules should be banned from UK critical national infrastructure.
Answered by Lord Ahmad of Wimbledon - Minister of State (Foreign, Commonwealth and Development Office)
The security of the UK's critical national infrastructure is of utmost importance to the Government. We continue to monitor potential security threats, including the unique challenges posed by cellular internet-of-things (IoT) modules. The National Protective Security Authority (NPSA) and The National Cyber Security Centre (NCSC) produce advice and guidance on the security implications of internet connected components, which the Government follows where appropriate.
Existing legislation such as the Telecommunications (Security) Act 2021 and Product Security and Telecommunications Infrastructure Act (PSTI) 2022 are designed to address the emerging security threats posed by IoT technologies. These include a range of measures that can be employed even in an evolving threat landscape. Any action is only taken after a rigorous assessment.
The UK's approach to China is to enhance our national security protections, align with our partners, and to engage where it is in the UK's national interest.
Asked by: Maria Eagle (Labour - Garston and Halewood)
Question to the Ministry of Defence:
To ask the Secretary of State for Defence, what the cost to the public purse was of spending on the cyber security programme at the Defence Science and Technology Laboratory in each financial year since 2019-20.
Answered by James Cartlidge - Minister of State (Ministry of Defence)
Dstl works with industry, academia and Government to make sure the UK has the right defence science and technology capabilities, and to deliver work for our customers in the Ministry of Defence and the rest of Government.
Dstl provides summary information on its Science and Technology Programmes on its website to inform the public of the nature of the work it is undertaking. Detailed Programme costs cannot be provided in the interests of National Security.