Asked by: Lord Stevenson of Balmacara (Labour - Life peer)
Question to the Home Office:
To ask His Majesty's Government what plans they have to introduce legislation relating to cybersecurity practices and offences.
Answered by Lord Sharpe of Epsom - Parliamentary Under-Secretary (Home Office)
The Government keeps the UK’s cyber legislation under regular review to ensure that it can be used to tackle new and emerging threats. The UK’s regulatory framework for cyber resilience is a mixture of: sector-based regulation such the Network and Information Systems (NIS) Regulations 2018; thematic regulation such as the Data Protection Act 2018; and criminal legislation such as the Computer Misuse Act 1990.
The Government has undertaken several amendments to legislation to ensure it keeps pace with the evolving cyber threat, including updating the Computer Misuse Act in 2015 and updating the Network and Information Systems Regulations (2018) in 2020.
In 2022 the Government published proposals to make changes to the Network and Information Systems Regulations and these will be implemented as soon as Parliamentary time allows. The government has also carried out a review of the Computer Misuse Act and is currently considering whether to bring forward legislative proposals.
Asked by: Lord Stevenson of Balmacara (Labour - Life peer)
Question to the Cabinet Office:
To ask His Majesty's Government what steps they are taking to promote greater awareness of cyberthreats among (1) the civil service, (2) public sector workers, and (3) the general public.
Answered by Baroness Neville-Rolfe - Minister of State (Cabinet Office)
The Government Cyber Security Strategy, published in January 2022, sets out how we will build and maintain our cyber defences - by building greater cyber resilience across all government organisations and working together to ‘defend as one’ which enables a greater defensive force. A key component of the strategy is that the civil service and the public sector at large will have sufficient cyber security knowledge and awareness to identify and respond to cyber threats. In central government this work is being led by the Security, Education and Awareness Centre which promotes awareness of all security issues, including cyber threat, across government.
The National Cyber Security Centre’s Cyber Aware campaign is encouraging the public to take the necessary steps to improve their online security. The campaign sets out the six behaviours they can adopt to stay safe. These range from creating stronger passwords using three random words to turning on two-step verification.
Asked by: Lord Stevenson of Balmacara (Labour - Life peer)
Question to the Home Office:
To ask His Majesty's Government what contribution they are making to international efforts to (1) identify, (2) and counter, cybercriminal gangs who target networks and users in the UK.
Answered by Lord Sharpe of Epsom - Parliamentary Under-Secretary (Home Office)
The UK is a world leader in cyber security. Our operational agencies, such as the National Cyber Security Centre (NCSC) and National Crime Agency (NCA) are a source of international best practice, and we strongly support international cooperation to tackle cyber crime. The Government’s approach to countering this threat is set out in the National Cyber Strategy (2022), under the pillar of detecting, disrupting and deterring our adversaries.
Cyber-crime is a global threat. Criminals and the technical infrastructure they use are often based in uncooperative jurisdictions, making international collaboration essential. Across our law enforcement network, we seek to maximise international links as part of our response to criminal activity. Alongside working closely with UK police and regional organised crime units, the NCA have built crucial relationships with partners such as Europol, the FBI, and the US Secret Service to assess cyber crime risks, share intelligence and coordinate action.
The NCA works to identify cyber criminals impacting the UK, wherever they are in the world. Working with international partners to target and disrupt cyber criminal gangs and the illicit cyber crime ecosystem that supports them. For example, in February 2023, we announced sanctions against seven Russian cyber criminals involved in the notorious organised crime group behind many of the most damaging ransomware groups in the last few years involving TRICKBOT, CONTI and RYUK ransomware. A second wave of sanctions was announced in September demonstrating the NCA’s unrelenting targeting of cyber-criminals.
The UK continues to shape the global conversation at multilateral forums and bilaterally to drive cooperation to deter malicious cyber activity. We have promoted the Budapest Convention on Cybercrime since it was agreed in 2001, and we are taking an active role in the development of the proposed UN treaty on cybercrime, to ensure that it supports international cooperation on tackling crimes that all countries face, while protecting human rights.