Asked by: Lord Harris of Haringey (Labour - Life peer)
Question to the Department for Science, Innovation & Technology:
To ask His Majesty's Government what assessment they have made of (1) the vulnerability of the United Kingdom's electrical and communications systems to extreme space weather; (2) the strength and distribution of geoelectric fields which would be induced across the UK by a Carrington-class geomagnetic storm; and (3) the impact that any resultant induction hazards may have on man-made conductors.
Answered by Baroness Lloyd of Effra - Baroness in Waiting (HM Household) (Whip)
The Government works with National Energy System Operator (NESO) to assess and prepare for space weather risks to the power grid and telecoms, supported by the Space Weather Impact for Future Electricity System Resilience (SWIFTER) projects will provide an assessment of the probability of impacts. A severe geomagnetic storm could generate uneven geoelectric fields across the UK, with effects possible nationwide depending on geology and grid configuration. Resulting geomagnetically induced currents may disrupt power systems and cause local outages, which could in turn affect telecoms and GNSS based timing.
While no plans exist specifically for a Carrington scale event, any large-scale outage would follow established national arrangements, including public preparedness guidance, Pre-Agreed Written Science (PAWS) scientific advice, and Cabinet Office planning to support access to essential services.
Asked by: Lord Harris of Haringey (Labour - Life peer)
Question to the Department for Science, Innovation & Technology:
To ask His Majesty's Government what plans they have to publish draft legislation incorporating proposed reforms to the Network and Information Systems Regulations 2018.
Answered by Viscount Camrose - Shadow Minister (Science, Innovation and Technology)
The government remains committed to updating the Network and Information Systems Regulations 2018 (“NIS Regulations”) as soon as parliamentary time allows.
Whilst we wait for parliamentary time, the government is developing improvements which can be delivered without legislative changes, including:
These actions build on the government’s existing plans, as set out in the £2.6 billion National Cyber Strategy, to improve cyber resilience across the economy.
Asked by: Lord Harris of Haringey (Labour - Life peer)
Question to the Department for Science, Innovation & Technology:
To ask His Majesty's Government what steps they are taking to help businesses provide advanced cyber skills training to staff.
Answered by Viscount Camrose - Shadow Minister (Science, Innovation and Technology)
The National Cyber Strategy sets out the importance of reducing cyber risks to businesses. To do this, the Government is supporting the UK Cyber Security Council to define the skills and knowledge needed for cyber roles. The Government is also funding numerous targeted training initiatives such as Cyber Ready and Upskill in Cyber to upskill and retrain those in the workforce, as well as the government-funded Skills Bootcamp opportunities highlighted through our recent Advanced Digital Skills campaign. This is alongside our Cyber Essentials scheme which supports businesses to implement essential technical controls on cyber security.
Asked by: Lord Harris of Haringey (Labour - Life peer)
Question to the Department for Science, Innovation & Technology:
To ask His Majesty's Government what assessment they have made of the adequacy of current statutory cyber and digital risk reporting requirements.
Answered by Viscount Camrose - Shadow Minister (Science, Innovation and Technology)
Reporting of cyber and digital risks and incidents is critical to the UK’s cyber resilience, supporting our ability to monitor, mitigate, and respond to threats to our economy and society. Reporting is also important in helping businesses and organisations adequately understand the broader threat and assess the risks to their own operations.
Statutory incident reporting requirements vary across sectors, depending on the applicable legislation. For example, organisations which process personal data for general purposes must comply with the breach reporting requirements in the UK GDPR. In the telecoms sector, the Telecommunications (Security) Act introduced a new telecoms security framework, and includes detailed requirements for public telecoms providers to identify and reduce the risks of security compromises, including cyber attacks.
Organisations which provide services that are critical for the provision of essential services (such as transport, energy, water, health, and digital infrastructure services) must comply with the Network and Information Systems (NIS) Regulations 2018. In November 2022 the government also announced its intention to strengthen the NIS Regulations, including requiring essential and digital services to report a wider range of cyber incidents to regulators.