Asked by: Viscount Waverley (Crossbench - Excepted Hereditary)
Question to the Department for Digital, Culture, Media & Sport:
To ask Her Majesty's Government, further to the Written Answer by Lord Ashton of Hyde on 5 March (HL5690), whether they consider the National Cyber Security Centre guidance stated is sufficient to ensure that all sectors of industry and the general public are sufficiently protected against a hybrid threat; and if not, what additional guidance is planned.
Answered by Lord Ashton of Hyde
The National Cyber Security Centre is focussed on the cyber security threat but works closely with its partners, CPNI and MOD, to ensure that the UK is protected against the hybrid threat. The NCSC seeks to provide actionable and accessible guidance and it also works closely with a range of key UK organisations to understand their systems, provide bespoke advice and ensure that cybersecurity is considered as part of new programmes and systems. The NCSC has also been strengthening the UK’s cyber defences through the Active Cyber Defence programme.
It is the responsibility of all organisations to ensure they are sufficiently cyber secure and, while the threat of cyber attacks cannot be eliminated completely, organisations can and should reduce the risks by acting on NCSC issued guidance on how best to defend against cyber attacks. This guidance is widely available to all and updated regularly.
Asked by: Viscount Waverley (Crossbench - Excepted Hereditary)
Question to the Department for Digital, Culture, Media & Sport:
To ask Her Majesty's Government what steps they are taking to modernise the legal environment to enhance the resilience of UK private sector organisations to defend themselves and their clients against cyber threats.
Answered by Lord Ashton of Hyde
The forthcoming Data Protection Bill will require all organisations to have appropriate technical and organisational cyber security measures in place to protect personal data. In addition, for critical services and digital service providers, the Government is transposing the Network and Information Systems Directive into UK Law which requires relevant digital service providers to take appropriate and proportionate measures to secure their network and information systems from both cyber attacks and physical failures. In addition, as committed to in its Cyber Regulation and Incentives review published in 2016, the Government continues to monitor the wider cyber security regulatory landscape to ensure it remains fit for purpose.
Asked by: Viscount Waverley (Crossbench - Excepted Hereditary)
Question to the Department for Digital, Culture, Media & Sport:
To ask Her Majesty's Government what role the Department of Digital, Culture, Media, and Sport plays in responding to national security threats; and if that Department plays no formal role, which department responds to digital threats and other security threats relating to culture, the media, or sport.
Answered by Lord Ashton of Hyde
The Department for Digital, Culture Media and Sport (DCMS) is the Lead Government Department for the Broadcast, Internet and Telecommunications sectors as parts of the UK’s Critical National Infrastructure. As such, DCMS is responsible for the government’s security and resilience policy within those sectors.
DCMS plays a key role in delivering the Government’s National Cyber Security Strategy to support a prosperous digital nation. DCMS also undertakes work to prevent internet harms, such as disinformation. Other security threats would be managed as appropriate by individual digital, culture and media organisations in conjunction with law enforcement and other agencies.
Asked by: Viscount Waverley (Crossbench - Excepted Hereditary)
Question to the Department for Digital, Culture, Media & Sport:
To ask Her Majesty's Government what budget they are allocating to train and evaluate personnel on individual tools, techniques and processes related to live, virtual and constructive simulated environments.
Answered by Lord Ashton of Hyde
Individual Government departments and agencies make decisions on the appropriate tools to train and evaluate their workforces to meet their specific needs.
Asked by: Viscount Waverley (Crossbench - Excepted Hereditary)
Question to the Department for Digital, Culture, Media & Sport:
To ask Her Majesty's Government whether, following the speech of the Prime Minister at the Security Conference in Munich on 17 February, they plan to cooperate with the EU Agency for Network and Information Security (ENISA) after Brexit; and if so, what form any such cooperation would take; and whether they consider that ENISA's programme of implementation of EU policy and laws falls under the jurisdiction of the Court of Justice of the European Union.
Answered by Lord Ashton of Hyde
Membership of the European Network and Information Security Agency (ENISA) is one of the ways in which the UK discusses cyber security policy and shares expertise with European partners.
We remain absolutely committed to ensuring European security and developing a deep and special partnership with a strong, secure and successful European Union that covers both economic and security cooperation. A close working relationship on foreign and security policy is unconditional. We are proud of the UK’s capability and record on cyber security and will continue to support our European partners in this area.
In leaving the European Union, we will bring about an end to the direct jurisdiction of the Court of Justice of the European Union (CJEU) in the UK. There are a number of existing precedents where the EU has reached agreements with third countries which provide for a close cooperative relationship, without the CJEU having direct jurisdiction over those countries.
Our aim is to secure a relationship that provides for practical operational cooperation; facilitates data driven law enforcement; and allows multilateral cooperation through EU agencies. We believe that the UK and the EU should work together to design new, dynamic arrangements as part of our future partnership that support this. The details of our future relationship are a matter for negotiations.
Asked by: Viscount Waverley (Crossbench - Excepted Hereditary)
Question to the Department for Digital, Culture, Media & Sport:
To ask Her Majesty's Government what advice they have given to UK institutions and companies to minimise their being a victim of cyber-attacks in the event of cyber warfare.
Answered by Lord Ashton of Hyde
The goal of the National Cyber Security Centre (NCSC) is to help make the UK the safest place to live and do business online. To that end, the NCSC provides expert guidance for all organisations in the UK, large and small, including businesses and industry, government departments, the critical national infrastructure, universities and charities. Following this advice will enable these institutions and companies to put measures in place to help protect themselves from cyber attacks, and help to protect the UK’s economic prosperity and reputation.