Asked by: Baroness Eaton (Conservative - Life peer)
Question to the Department for Levelling Up, Housing & Communities:
To ask His Majesty's Government what steps are being taken to support local authorities with cyber security and the rise in related threats.
Answered by Baroness Swinburne - Parliamentary Under Secretary of State (Department for Levelling Up, Housing and Communities)
The Government has set out its approach to cyber resilience the Government Cyber Security Strategy (GCSS). Cabinet Office are the lead department for the implementation of the GCSS, local government are responsible for the resilience of their networks and systems, and the Department for Levelling Up, Housing and Communities (DLUHC) is assigned stewardship of local government, with responsibility for cyber policy and assurance.
Since 2020, DLUHC has provided £19.9 million of grant funding and technical support to 192 English local authorities to improve their cyber maturity. In collaboration with the Local Government Association and the National Cyber Security Centre, DLUHC have been raising the awareness of cyber risk and fostering cyber-first cultures and practices in local government.
To support councils to assess and improve their cyber security, DLUHC are introducing the Cyber Assessment Framework (CAF) for the English local government sector later this year, providing a clear cyber security standard and method for local authorities to assess their cyber health.
Asked by: Lord Kempsell (Conservative - Life peer)
Question to the Home Office:
To ask His Majesty's Government what steps they are taking to improve the personal and cyber security of high-profile individuals involved in politics, such as parliamentarians, ahead of the upcoming general election campaign.
Answered by Lord Sharpe of Epsom - Parliamentary Under-Secretary (Home Office)
The safety of our elected representatives is essential to the security of our country. Protecting our democratic values and processes is one of the most important duties of government. That is why the Government will take every possible step to safeguard the people, processes, and institutions upon which our democracy relies.
On 28th February the Prime Minister announced the Government was investing an additional £31 million in funding to protect the democratic process and our elected representatives. The funding is being used to strengthen protective security measures for MPs and locally elected representatives over the next year.
Through the funding we are enhancing police capabilities, increasing private sector security provision for those facing a higher risk, and expanding cyber security advice to elected representatives. The investment also enables the expansion of the Operation BRIDGER network, so that every elected representative and candidate is given a dedicated, named police contact to liaise with on security matters, where needed. Through this network all candidates will have access to security briefings in the run up to the General Election.
The funding is accompanied by a new Defending Democracy Policing Protocol, agreed with police to enhance the safety of elected representatives, and protect the UK’s democratic process from disruption. Further information about the Protocol is available on GOV.UK.
Furthermore, the Defending Democracy Taskforce has supported the Westminster Parliamentary authorities and the National Cyber Security Centre to develop and roll out an enhanced cyber security offer for Parliamentarians and their teams to better protect them against cyber-attacks and foreign interference. As part of the £31 million uplift, the Taskforce is now seeking to extend this offer to other elected officials including the Devolved Authorities and is working closely with staff from the Devolved Authorities to do so.
Asked by: Jim Shannon (Democratic Unionist Party - Strangford)
Question to the Department for Science, Innovation & Technology:
To ask the Secretary of State for Science, Innovation and Technology, what steps her Department is taking to support businesses secure their digital infrastructure against the provision of technological services from companies deemed a potential threat to national security.
Answered by Julia Lopez - Minister of State (Department for Science, Innovation and Technology)
The security of UK businesses and their digital infrastructure is a priority for the government and a key part of the National Cyber Strategy. The Department for Science, Innovation and Technology (DSIT) works with Ofcom, UK technical authorities (the National Cyber Security Centre & National Protective Security Authority) and industry to identify risks and secure telecoms network infrastructure.
The UK Telecommunications (Security) Act 2021 sets out one of the world’s toughest telecoms cyber security regimes and places stringent obligations on public telecoms networks providers to protect networks against security threats. The Act also created new national security powers to control the use of high-risk vendors in the UK’s telecoms network. The government encourages businesses to improve their digital infrastructure security through the Cyber Essentials scheme and the Network and Information Systems Regulations 2018.
Asked by: Dan Jarvis (Labour - Barnsley Central)
Question to the Home Office:
To ask the Secretary of State for the Home Department, whether he has made an assessment of the potential merits of introducing a ban on public sector bodies paying a ransom to criminal groups in exchange for decryption.
Answered by Tom Tugendhat - Minister of State (Home Office) (Security)
Cyber crime is a significant threat to the security and prosperity of the UK. The most recent Crime Survey for England and Wales (CSEW) estimated that there were 984,000 ‘computer misuse’ offences against individuals in England and Wales in the year ending December 2023. The Government recognises ransomware as the most significant national security cyber threat.
The National Cyber Security Centre (NCSC) discourages paying ransoms, noting that such payments rarely ensure data recovery. The UK Government neither pays ransoms nor condones the payment of ransoms to criminals, always advising against such substantial concessions to hostage-takers or extortionists.
At the Counter Ransomware Initiative (CRI) summit in Washington last year, we led a joint statement signed by 46 countries and Interpol, which pledged that “relevant institutions under the authority of our national government” should not be used to pay a ransomware demand. This was the first international statement of its kind. Our joint statement was a major milestone in achieving international consensus around the non-payment of ransoms.
Asked by: Greg Knight (Conservative - East Yorkshire)
Question to the Cabinet Office:
To ask the Minister for the Cabinet Office, what guidance his Department issues on how (a) schools, (b) NHS trusts and (c) other public bodies should respond to ransomware attacks.
Answered by Alex Burghart - Parliamentary Secretary (Cabinet Office)
The world leading National Cyber Security Centre provides comprehensive guidance to all UK public bodies on how to respond to ransomware attacks, which can be found. The guidance is clear that central Government funds will not be used by Government departments or Arms Length Bodies (ALBs) to pay ransomware demands and this stance was publicly reiterated in November 2023 when the UK, along with other members of the Counter Ransomware Initiative, signed a joint statement discouraging anyone from paying a ransomware demand.
NHS England and the Department for Education provide bespoke guidance for their respective sectors which is consistent with the wider government’s approach. The Department is committed to harnessing expertise on this subject, including recently hosting a roundtable discussion on academic security with the support of the NCSC, to ensure that guidance continues to be appropriate for the developing threat.
Asked by: Jim Shannon (Democratic Unionist Party - Strangford)
Question to the Department for Energy Security & Net Zero:
To ask the Secretary of State for Energy Security and Net Zero, whether her Department is taking steps to secure the (a) electricity grid and (b) electric vehicle infrastructure from remote disruption by foreign actors.
Answered by Justin Tomlinson - Minister of State (Department for Energy Security and Net Zero)
The Government takes the security of the electricity grid and electric vehicle infrastructure extremely seriously. The Department for Energy Security and Net Zero works closely with Ofgem, the National Cyber Security Centre, and operators to strengthen infrastructure against attacks, share threat intelligence, and set clear and robust regulatory standards that are enforced through the Network and Information Systems Regulations 2018.
The 2021 electric vehicle smart charge point regulations include cyber security requirements. These require that all private charge points meet physical tamperproof requirements, check regularly for security updates, and encrypt all communication to and from the charge point.
The Government has recently published a detailed consultation package, 'Delivering a smart and secure electricity system: implementation'. This sets out proposals for minimum security and grid stability requirements for Energy Smart Appliances and load controlling organisations to further mitigate risk.
Asked by: Gregory Campbell (Democratic Unionist Party - East Londonderry)
Question to the Home Office:
To ask the Secretary of State for the Home Department, how many major cyber crime incidents have been reported since the National Cyber Strategy was introduced.
Answered by Tom Tugendhat - Minister of State (Home Office) (Security)
Since the announcement of the National Cyber Strategy on 15 December 2021, the National Cyber Security Centre (NCSC) has received 71 reports associated with cyber crime activity, considered to be significant.
The NCSC categorise incidents based on numerous contemporaneous factors, including but not limited to, the technical impact of the incident, the nature of the affected organisation, and contextual considerations at the time of the incident report being received.
NCSC and law enforcement take action against cyber criminals by taking down their malicious URLs used to defraud people.
Asked by: Liam Byrne (Labour - Birmingham, Hodge Hill)
Question to the Department for Business and Trade:
To ask the Secretary of State for Business and Trade, what recent assessment she has made of the effectiveness of export controls on cyber-surveillance tools.
Answered by Alan Mak - Minister of State (Department for Business and Trade) (jointly with the Cabinet Office)
The UK already controls the export of a range of cyber-surveillance tools. Export licence applications for such items are rigorously assessed against the Strategic Export Licensing Criteria taking full account of risks to national security and human rights. The UK Government continues to work through the international export control regimes to ensure these controls remain up-to-date.
In assessing licences involving sensitive communications technology, the Export Control Joint Unit also takes advice from HM Government’s National Cyber Security Centre.
Asked by: Liam Byrne (Labour - Birmingham, Hodge Hill)
Question to the Department for Business and Trade:
To ask the Secretary of State for Business and Trade, what role the National Cyber Security Centre plays in facilitating export controls to prevent the proliferation of sensitive technology in the areas of (a) artificial intelligence, (b) quantum computing, (c) biometric tools and data and (d) intangible technology transfers.
Answered by Alan Mak - Minister of State (Department for Business and Trade) (jointly with the Cabinet Office)
The National Cyber Security Centre is HM Government’s national technical authority for information security and advises the Export Control Joint Unit, in the Department for Business and Trade, on export licence applications for goods involving sensitive communications or computer technology.
Asked by: Lord Bishop of St Albans (Bishops - Bishops)
Question to the Cabinet Office:
To ask His Majesty's Government whether they plan to ban Chinese-made electric cars from sensitive national infrastructure sites.
Answered by Baroness Neville-Rolfe - Minister of State (Cabinet Office)
The UK takes the security and resilience of critical infrastructure seriously. Each Critical National Infrastructure (CNI) sector has a Lead Government Department responsible for working with owners and operators to identify and mitigate risks to their sites. They are also supported by the National Cyber Security Centre and the National Protective Security Authority who provide expert advice and guidance to both public and private organisations to identify risks and vulnerabilities to the UK’s national infrastructure.
As set out in the Integrated Review Refresh, China under the Chinese Communist Party (CCP) poses an epoch-defining challenge and an economic threat to a range of government policy areas, including CNI. The Government actively monitors threats to UK critical national infrastructure, and will not hesitate to take further action if necessary to protect sensitive assets where appropriate to protect national security.