Asked by: Jo Platt (Labour (Co-op) - Leigh)
Question to the Department for Digital, Culture, Media & Sport:
To ask the Secretary of State for Digital, Culture, Media and Sport, what assessment he has made of the effect of the uptake of Huawei Cyber Security Evaluation Centre advice and guidance on the risk management of operators.
Answered by Margot James
The Communications Act 2003 requires operators to take appropriate measures to manage security risks to their networks and services. The Government expects operators to take appropriate account of the advice and guidance issued by The National Cyber Security Centre (NCSC) including that in relation to the Huawei Cyber Security Evaluation Centre.
Asked by: Jo Platt (Labour (Co-op) - Leigh)
Question to the Department for Digital, Culture, Media & Sport:
To ask the Secretary of State for Digital, Culture, Media and Sport, whether his Department has targets for the number of (a) organisations and (b) people registered for the cyber security information sharing partnership.
Answered by Margot James
The National Cyber Security Centre (NCSC) runs the cyber security information sharing partnership (CiSP).
The CiSP platform has both private and public organisations registered, with over 20 sectors represented. There are over 5,000 organisations and over 11,300 individual members with an active CiSP account as at 1st July 2019. In the past 12 months there have been over 4,000 content pieces published on the CiSP platform, including blogs, alerts and advisories.
The NCSC does not have a set target to meet in terms of registering organisations and individual members. Registration is voluntary.
Asked by: Jo Platt (Labour (Co-op) - Leigh)
Question to the Department for Digital, Culture, Media & Sport:
To ask the Secretary of State for Digital, Culture, Media and Sport, what estimate he has made of the number of pieces of information that were shared on the cyber security information sharing partnership in the last 12 months.
Answered by Margot James
The National Cyber Security Centre (NCSC) runs the cyber security information sharing partnership (CiSP).
The CiSP platform has both private and public organisations registered, with over 20 sectors represented. There are over 5,000 organisations and over 11,300 individual members with an active CiSP account as at 1st July 2019. In the past 12 months there have been over 4,000 content pieces published on the CiSP platform, including blogs, alerts and advisories.
The NCSC does not have a set target to meet in terms of registering organisations and individual members. Registration is voluntary.
Asked by: Jo Platt (Labour (Co-op) - Leigh)
Question to the Department for Digital, Culture, Media & Sport:
To ask the Secretary of State for Digital, Culture, Media and Sport, what the total cost incurred to the public purse has been of the CyberEssentials programme in each of the last five years.
Answered by Margot James
The Cyber Essentials scheme is largely self-sustaining. The small cost to Government is mostly made up from proportions of time from members of staff within the National Cyber Security Centre and the Department for Digital, Culture, Media and Sport. This includes governance, technical oversight, policy development and contract management.
The financial model for delivery of the Cyber Essentials scheme involves Government overseeing the governance, technical oversight, policy development and contract management of five industry Accreditation Bodies. The Accreditation Bodies are responsible for marketing the scheme along with their Certification Bodies and providing the certificates to those wishing to achieve certification. The Accreditation Bodies and Certification Bodies charge a fee for the issuing of certificates and any related services provided.
The original start-up costs included an injection of investment from the Government's National Cyber Security Programme in 2014 and there has been some further investment to uplift the scheme in the last 2 years. For reasons of national security we do not specify individual funding amounts from the current National Cyber Security Programme.
Asked by: Jo Platt (Labour (Co-op) - Leigh)
Question to the Department for Digital, Culture, Media & Sport:
To ask the Secretary of State for Digital, Culture, Media and Sport, pursuant to the Answer of 11 June 2019 to Question 261281, whether the supply chain review will include a technical assessment of the equipment and software used by 5G suppliers.
Answered by Margot James
The National Cyber Security Centre (NCSC) undertook a full security risk assessment as part of the Supply Chain Review.
The decisions of the Supply Chain Review will be announced to Parliament in due course.
Asked by: Jo Platt (Labour (Co-op) - Leigh)
Question to the Department for Digital, Culture, Media & Sport:
To ask the Secretary of State for Digital, Culture, Media and Sport, pursuant to the Answer of 5 June 2019 to Question 257533 and the statement in that Answer that the Huawei Cyber Security Evaluation Centre has not begun assessing any 5G equipment, how the Supply Chain Review will ensure the secure and resilient roll-out of 5G.
Answered by Margot James
The Government has undertaken a thorough, evidence-based and hard-headed review of the 5G supply chain to ensure the secure and resilient roll-out of 5G. This includes a full security risk assessment by the National Cyber Security Centre.
The decisions of the Supply Chain Review will be announced to Parliament in due course.
Asked by: Jo Platt (Labour (Co-op) - Leigh)
Question to the Department for Digital, Culture, Media & Sport:
To ask the Secretary of State for Digital, Culture, Media and Sport, pursuant to the Answer of 11 April 2019 to Question 242266 on Cybercrime, whether targets have been set for industry awareness of Government cyber initiatives and communications in advance of the publication of the Cyber Security Breaches Survey 2020.
Answered by Margot James
The Government's broad ambitions for industry awareness and engagement in cyber security are set out in the National Cyber Security Strategy 2016-2021. The Strategy can be found here: https://www.gov.uk/government/publications/national-cyber-security-strategy-2016-to-2021
Asked by: Jo Platt (Labour (Co-op) - Leigh)
Question to the Department for Digital, Culture, Media & Sport:
To ask the Secretary of State for Digital, Culture, Media and Sport, how many mandatory cyber security training sessions civil servants working in his Department are required to undertake.
Answered by Margot James
All DCMS staff are mandated to undertake a ‘Responsible for Information’ online training course relating to information security, which includes content on cyber security.
In addition, an element of cyber security awareness is included in staff induction training.
Asked by: Jo Platt (Labour (Co-op) - Leigh)
Question to the Department for Digital, Culture, Media & Sport:
To ask the Secretary of State for Digital, Culture, Media and Sport, with reference to the Cyber Security Breaches Survey 2019, published in April 2019, what steps his Department is taking to raise awareness of Government cyber initiatives and communications.
Answered by Margot James
The Department for Digital, Culture, Media and Sport (DCMS) has responsibility for a number of policy objectives in the National Cyber Security Strategy relating to improving the cyber resilience of organisations across the economy. In this role, DCMS works very closely with the National Cyber Security Centre (NCSC), which was established in October 2016 as the UK’s authority on cyber security matters. The NCSC regularly produces contextualised guidance, products and services, such as Cyber Essentials and 10 Steps to Cyber Security, which allow organisations across key sectors to protect themselves against cyber incidents. The NCSC also works closely with regulators, trade associations and other external partners to proactively share its guidance, products and services to ensure they reach organisations, all of which can be found on the recently relaunched NCSC website. Additionally, Government departments, including DCMS and the NCSC, are working together to deliver a national campaign for cyber security to help individuals and organisations take action to protect themselves online.
Asked by: Jo Platt (Labour (Co-op) - Leigh)
Question to the Department for Digital, Culture, Media & Sport:
To ask the Secretary of State for Digital, Culture, Media and Sport, whether the Government holds information on the number of times that competent authorities have issued (a) warnings, (b) information notices, (c) inspections, (d) enforcement notices and (e) penalties under the Network and Information Systems Regulations 2018.
Answered by Margot James
The competent authorities have the powers to audit and inspect, and to issue information, enforcement and penalty notices, so they hold the information on the number of audits conducted and notices issued in each sector. Under the NIS Regulations, competent authorities do not have a legal obligation to share that information with DCMS or Cabinet Office.