Asked by: Lord Browne of Ladyton (Labour - Life peer)
Question to the Department for Science, Innovation & Technology:
To ask His Majesty's Government what steps they are taking to support businesses seeking to adopt process improvement programmes for their organisational cyber-resilience.
Answered by Viscount Camrose - Parliamentary Under Secretary of State (Department for Science, Innovation and Technology)
The government is inviting views on a proposed Cyber Governance Code of Practice until 19th March. This is part of a package of action in the £2.6 billion National Cyber Strategy to drive up improvements in organisational cyber resilience. Co-designed with the National Cyber Security Centre (NCSC) and industry experts, the Code consolidates critical cyber governance areas for directors' ownership. As part of this package, the NCSC revised their Board Toolkit (BTK) and intends to develop an online Cyber Governance Training Pack for Boards, integrating the Code and BTK. This comprehensive package will help boards ensure that cyber resilience is embedded throughout their organisation, including its people and processes.
Asked by: Lord Browne of Ladyton (Labour - Life peer)
Question to the Cabinet Office:
To ask His Majesty's Government what assessment they have made of the efficacy of existing cyber-resilience regulations relating to the UK’s critical national infrastructure.
Answered by Baroness Neville-Rolfe - Minister of State (Cabinet Office)
The National Cyber Strategy 2022 set outcomes for critical national infrastructure (CNI) (in the private and public sector) to better understand & manage cyber risk and minimise the impact of cyber incidents when they occur. In addition, at CyberUK 2023, the Deputy Prime Minister announced specific and ambitious cyber resilience targets for all CNI sectors (public and private sector) to meet by 2025.
Over the past year, the Cabinet Office has been progressing foundational work to support the creation of common but flexible resilience standards across CNI and do more on the assurance of CNI, including cyber assurance preparedness, by 2030. This includes work to evaluate the impact and effectiveness of all regulation that applies to CNI, including (but not limited to) NIS regulations, and to bring more private sector businesses working in CNI within the scope of cyber resilience regulations.
The Government is also committed to ensuring cyber security in the public sector, which is why GovAssure was launched in April 2023. Under GovAssure, government organisations regularly review the effectiveness of their cyber defences against common cyber vulnerabilities and attack methods. We are currently evaluating the first year’s assessments. GovAssure will enable government organisations to accurately assess their levels of cyber resilience across their critical services, highlight priority areas for improvement and provide the Government with a strategic view of cyber capability, risk and resilience across the sector.
Asked by: Lord Browne of Ladyton (Labour - Life peer)
Question to the Department for Environment, Food and Rural Affairs:
To ask His Majesty's Government on what date they expect to receive the Health and Safety Executive's delayed final restriction opinion in respect of the risks of using lead in ammunition to human health and the environment; and whether they will make and publish their decision on the restriction within three months of receipt of the opinion.
Answered by Lord Douglas-Miller - Parliamentary Under-Secretary (Department for Environment, Food and Rural Affairs)
The UK REACH restriction process relating to lead in ammunition was initiated in 2021 by the then Defra Secretary of State, with the agreement of the Scottish and Welsh Governments. This triggered a process under the UK REACH regulations, with the dossier preparation and recommendations process led by the Health and Safety Executive (HSE).
HSE expects to issue their final restriction opinions later this year. The decision to apply any restrictions, or not to do so, will subsequently be made by the Defra Secretary of State, with the consent of the Scottish and Welsh Ministers, and published on GOV.UK.