Asked by: Andrew Gwynne (Labour - Denton and Reddish)
Question to the Department for Digital, Culture, Media & Sport:
To ask the Secretary of State for Culture, Media and Sport, what the average response rate was of her Department to individual Freedom of Information requests in each month since July 2016.
Answered by Matt Hancock
FOI statistics are Official Statistics and are governed by the standards set out by the UK Statistics Authority (UKSA) in their Code of Practice. To publish information outside of the release timetable would be a breach of Protocol 2 of the Code of Practice for Official Statistics.
The latest Freedom of Information statistics were published in December 2016 and are available at:
https://www.gov.uk/government/statistics/freedom-of-information-statistics-july-to-september-2016--2Background
Asked by: Andrew Gwynne (Labour - Denton and Reddish)
Question to the Department for Digital, Culture, Media & Sport:
To ask the Secretary of State for Culture, Media and Sport, pursuant to the Answer of 27 February 2017 to Question 63984, how the Cyber Essentials scheme offers protection to organisations compliant with the scheme in the event that third party organisations that provide (a) email, (b) cloud storage and (c) other similar services to compliant organisations are themselves not compliant with that scheme.
Answered by Matt Hancock
The Cyber Essentials scheme sets out the basic technical controls which all organisations relying on the internet should have in place to prevent common online attacks. The scheme enables organisations themselves to determine which technologies are in scope of their Cyber Essentials assessment: this would not normally include any third party organisations.
The Government recognises the importance of third party risk management and will continue to consider how the Cyber Essentials standard can be improved to better account for cloud based services. In addition, the Government is working with industry to ensure businesses encourage the firms in their supply chains to adopt Cyber Essentials where necessary and appropriate.
Asked by: Andrew Gwynne (Labour - Denton and Reddish)
Question to the Department for Digital, Culture, Media & Sport:
To ask the Secretary of State for Culture, Media and Sport, what the timetable is for updates to the Cyber Essentials scheme.
Answered by Matt Hancock
As part of the regular reviews of all cyber security standards, the Government considers whether Cyber Essentials needs to be updated.
Asked by: Andrew Gwynne (Labour - Denton and Reddish)
Question to the Department for Digital, Culture, Media & Sport:
To ask the Secretary of State for Culture, Media and Sport, what security measures are in place to ensure that suppliers compliant with the Cyber Essentials scheme utilise third party services who are also compliant with that scheme.
Answered by Matt Hancock
The Cyber Essentials scheme sets out the basic technical controls which all organisations relying on the internet should have in place to prevent common online attacks. The scheme does not require organisations certified under the scheme to use third parties which are also compliant with the scheme, though this is something the Government would recommend where appropriate.
The Government itself requires its suppliers to hold a Cyber Essentials certificate where contracts involve the handling of sensitive data, such as personal and financial information, or the provision of certain ICT products and services. The recently published National Cyber Security Strategy set out a success measure that all Government suppliers will meet appropriate cyber security standards by 2021.
In addition, the Government is working with industry to ensure businesses encourage the firms in their supply chains to adopt Cyber Essentials where necessary and appropriate; for example, organisations could work with their supply chains and discuss the best way to add resilience to the end-to-end delivery of a product or service, which could include a third party adopting Cyber Essentials.
Asked by: Andrew Gwynne (Labour - Denton and Reddish)
Question to the Department for Digital, Culture, Media & Sport:
To ask the Secretary of State for Culture, Media and Sport, whether the Cyber Essentials scheme includes protections against (a) structured query language injection and (b) other code vulnerabilities.
Answered by Matt Hancock
The Cyber Essentials scheme sets out the basic technical controls which all organisations relying on the internet should have in place to prevent common online attacks. The scheme requires software running on computers and network devices to be kept up-to-date and have the latest security patches installed: this is designed to protect against known code vulnerabilities.
Although Cyber Essentials is intended to provide a good basic level of cyber security, it does not represent a full cyber risk management regime, which is something set out in the more comprehensive ‘10 Steps to Cyber Security’ guidance. As part of the regular reviews of all cyber security standards, the Government considers whether Cyber Essentials needs to be updated to reflect other risks. The value of Cyber Essentials lies in its simplicity and it is important to balance this against breadth and depth of controls.
Asked by: Andrew Gwynne (Labour - Denton and Reddish)
Question to the Department for Digital, Culture, Media & Sport:
To ask the Secretary of State for Culture, Media and Sport, what (a) financial and (b) other support is provided to small and medium-sized enterprises to support the adoption of the Cyber Essentials scheme.
Answered by Matt Hancock
The Cyber Essentials scheme sets out the basic technical controls which all organisations relying on the internet should have in place to prevent common online attacks. The scheme is designed to be low-cost and suitable for implementation by organisations of all sizes, in all sectors. The Government has offered a range of support and advice since the launch of the scheme in 2014, including:
The new National Cyber Security Centre, part of the Government’s five-year £1.9 billion National Cyber Security Strategy, will engage closely with small businesses to offer support and advice, including support for the adoption of Cyber Essentials. The Government also works closely with industry to ensure Cyber Essentials is embedded in the advice industry partners, such as trade associations, offer to their members.
Asked by: Andrew Gwynne (Labour - Denton and Reddish)
Question to the Department for Digital, Culture, Media & Sport:
To ask the Secretary of State for Culture, Media and Sport, whether the Cyber Essentials scheme includes requirements to educate staff on the risk of (a) phishing attacks through email and (b) other user induced attacks.
Answered by Matt Hancock
The Cyber Essentials scheme sets out the basic technical controls which all organisations relying on the internet should have in place to prevent common online attacks. The scheme requires up-to-date malware protection software to be installed on all internet-connected computers: this is designed to detect and disable the malicious software which an organisation might be exposed to via phishing attacks, and prevent users making connections to malicious websites on the internet.
Cyber Essentials is a technical scheme and staff awareness training is therefore out of scope; however other pieces of guidance from the Government do recommend this. For example, the ‘10 Steps to Cyber Security’, the Government’s key piece of advice for organisations on managing cyber risk, sets out the importance of user education and awareness.
The Government offers a range of free online cyber security training programmes at https://www.gov.uk/government/collections/cyber-security-training-for-business. In addition, the National Cyber Security Centre recently published a blog about phishing and user training, which explains that phishing is best tackled by implementing good technical defences and combining these with reasonable levels of user awareness, education and training: https://www.ncsc.gov.uk/blog-post/im-gonna-stop-you-little-phishie
Asked by: Andrew Gwynne (Labour - Denton and Reddish)
Question to the Department for Digital, Culture, Media & Sport:
To ask the Secretary of State for Culture, Media and Sport, what activities the Government Innovation Group (a) undertook during 2016 and (b) has undertaken in 2017.
Answered by Rob Wilson
The functions of the Government Innovation Group were transferred to the Office for Civil Society and Innovation (OCSI) and Government Digital Service in 2015. On 21st July 2016 the functions of OCSI transferred from the Cabinet Office to the Department for Culture, Media and Sport (DCMS). Policy Lab and Business Partnerships remain part of the Cabinet Office resulting in a name change for OCSI, which is now called the Office for Civil Society (OCS). Since 1st January 2016 to date OCS has worked to deliver the Government’s vision of having a more engaged nation, one in which we take greater responsibility for ourselves and for our neighbours.
Asked by: Andrew Gwynne (Labour - Denton and Reddish)
Question to the Department for Digital, Culture, Media & Sport:
To ask the Secretary of State for Culture, Media and Sport, what steps she is taking to notify hon. Members in the event that 21st Century Fox gives to her formal notification of its takeover bid for Sky.
Answered by Matt Hancock
I refer the Hon Gentleman to the written statement made by my Right Hon. Friend, the Secretary of State on 10 January 2018, Vol 619 Col 8WS.
Asked by: Andrew Gwynne (Labour - Denton and Reddish)
Question to the Department for Digital, Culture, Media & Sport:
To ask the Secretary of State for Culture, Media and Sport, (a) how many and (b) what proportion of senior civil service graded posts in her Department classified as (i) deputy director, (ii) assistant director, (iii) team leader and (iv) policy manager have been based outside London in each year since 2014.
Answered by Matt Hancock
Our department is headquartered in Whitehall, and therefore the figures on the number of Senior Civil Service staff in London will reflect that.
Financial Year | Number of SCS | Proportion of SCS |
2014-15 | 0 | 0% |
2015-16 | 1 - Deputy Director |
|
2016 - to date | 1 - Deputy Director |
|