Cyber Security and Resilience (Network and Information Systems) Bill (Seventh sitting) Debate
Full Debate: Read Full DebateDepartment: Department for Science, Innovation & Technology
Andrew Cooper
Main Page: Andrew Cooper (Labour - Mid Cheshire)Department Debates - View all Andrew Cooper's debates with the Department for Science, Innovation & Technology
Cyber Security and Resilience (Network and Information Systems) Bill (Seventh sitting)
Andrew Cooper Excerpts(1 day, 9 hours ago)
Public Bill CommitteesRead Full debate Read Hansard Text Read Debate Ministerial Extracts
Kanishka Narayan
I thank hon. Members for their new clauses; I recognise the strong feeling and thoughtful contributions about reforming the Computer Misuse Act.
I speak first to new clause 18, which seeks to place a duty on the Secretary of State to review whether amendments to the Computer Misuse Act could support the security and resilience of network and information systems used for carrying out essential activities. I assure the hon. Member for Runnymede and Weybridge that the Government remain committed to ensuring that the Act remains up to date and effective.
The Home Office is already conducting a review of the Computer Misuse Act, and is developing proposals that arise from its findings. That includes careful consideration of proposals to introduce a statutory defence that would allow researchers to spot and share vulnerabilities. It will provide an update as soon as the proposals are finalised. However, limiting a defence to only the sectors covered by the NIS regime would be impractical. Any package of workable defence would need to be broad enough to apply economy-wide.
New clause 19 raises the introduction of a statutory defence to the Computer Misuse Act. I acknowledge the strong sentiment regarding reform of the CMA. There is no doubt that UK cyber-security professionals play a significant role in maintaining the country’s overall security and resilience. Supporting them is vital.
I agree with the principle behind the new clause: that a defence to section 1 of the Computer Misuse Act could strengthen the resilience of network and information systems by allowing researchers to spot and share vulnerabilities. The Government are already conducting a review of the Computer Misuse Act, and we have made significant progress in developing a proposal for a limited defence to the offence provided for in section 1 of the Computer Misuse Act.
Andrew Cooper (Mid Cheshire) (Lab)
Many of us, on both sides of the House, are sympathetic to both new clauses. We heard very clearly in evidence sessions that the Computer Misuse Act, as it is today, has a chilling effect on the operation of the cyber-security industry in this country and on whether such companies want to locate here as opposed to other countries.
I absolutely hear what the Minister says about the Home Office developing proposals. I wonder whether he can set out a timescale for when those proposals are likely to be brought forward—whether he expects that to be in this parliamentary Session or the next one. The issue is clearly holding back the cyber-security industry in this country, and we would all like to see it resolved.
Kanishka Narayan
My hon. Friend is absolutely right to recognise the shared sense on the principle of reforming the Computer Misuse Act. Although I am not in a position to give him a specific timeline, I absolutely take into account his recognition that the work needs to proceed at pace. Having held an industry engagement recently on specific proposals, with more than 75 attendees from a range of cyber-security organisations, the Home Office is now reviewing specific feedback as a particular proposal. The question is not whether we will reform the Computer Misuse Act, but simply how.