Asked by: Lord Harris of Haringey (Labour - Life peer)
Question to the Department for Science, Innovation & Technology:
To ask His Majesty's Government what plans they have to publish draft legislation incorporating proposed reforms to the Network and Information Systems Regulations 2018.
Answered by Viscount Camrose - Parliamentary Under Secretary of State (Department for Science, Innovation and Technology)
The government remains committed to updating the Network and Information Systems Regulations 2018 (“NIS Regulations”) as soon as parliamentary time allows.
Whilst we wait for parliamentary time, the government is developing improvements which can be delivered without legislative changes, including:
These actions build on the government’s existing plans, as set out in the £2.6 billion National Cyber Strategy, to improve cyber resilience across the economy.
Asked by: Lord Harris of Haringey (Labour - Life peer)
Question to the Department for Science, Innovation & Technology:
To ask His Majesty's Government what steps they are taking to help businesses provide advanced cyber skills training to staff.
Answered by Viscount Camrose - Parliamentary Under Secretary of State (Department for Science, Innovation and Technology)
The National Cyber Strategy sets out the importance of reducing cyber risks to businesses. To do this, the Government is supporting the UK Cyber Security Council to define the skills and knowledge needed for cyber roles. The Government is also funding numerous targeted training initiatives such as Cyber Ready and Upskill in Cyber to upskill and retrain those in the workforce, as well as the government-funded Skills Bootcamp opportunities highlighted through our recent Advanced Digital Skills campaign. This is alongside our Cyber Essentials scheme which supports businesses to implement essential technical controls on cyber security.
Asked by: Lord Harris of Haringey (Labour - Life peer)
Question to the Department for Science, Innovation & Technology:
To ask His Majesty's Government what assessment they have made of the adequacy of current statutory cyber and digital risk reporting requirements.
Answered by Viscount Camrose - Parliamentary Under Secretary of State (Department for Science, Innovation and Technology)
Reporting of cyber and digital risks and incidents is critical to the UK’s cyber resilience, supporting our ability to monitor, mitigate, and respond to threats to our economy and society. Reporting is also important in helping businesses and organisations adequately understand the broader threat and assess the risks to their own operations.
Statutory incident reporting requirements vary across sectors, depending on the applicable legislation. For example, organisations which process personal data for general purposes must comply with the breach reporting requirements in the UK GDPR. In the telecoms sector, the Telecommunications (Security) Act introduced a new telecoms security framework, and includes detailed requirements for public telecoms providers to identify and reduce the risks of security compromises, including cyber attacks.
Organisations which provide services that are critical for the provision of essential services (such as transport, energy, water, health, and digital infrastructure services) must comply with the Network and Information Systems (NIS) Regulations 2018. In November 2022 the government also announced its intention to strengthen the NIS Regulations, including requiring essential and digital services to report a wider range of cyber incidents to regulators.