Asked by: Dan Aldridge (Labour - Weston-super-Mare)
Question to the Department for Science, Innovation & Technology:
To ask the Secretary of State for Science, Innovation and Technology, what assessment he has made of the potential impact of the increased use of AI by (a) cyber-criminals and (b) nation state actors on cyber security risks to the UK.
Answered by Feryal Clark - Parliamentary Under Secretary of State (Department for Science, Innovation and Technology)
Cyber security is a priority for the government. We are taking action to protect businesses, citizens and essential services against cyber threats. Last year the National Cyber Security Centre (NCSC) said AI will almost certainly increase the volume and heighten the impact of cyber attacks over the next two years, however the impact on the cyber threat would be uneven. The full report is at https://www.ncsc.gov.uk/report/impact-of-ai-on-cyber-threat .
The Cyber Security and Resilience Bill will require regulated organisations to adopt cyber security measures which protect against a wide range of cyber threats, including AI-enabled threats. Further details on the Cyber Security and Resilience Bill will be published in due course.
Cyber attacks cost the UK economy billions of pounds per year, resulting in serious disruption for businesses and individuals, and disruption to supply chains and public services. Cyber attacks harm confidence and investment in UK technology, while intellectual property can be stolen which has cost billions of pounds to develop. The Cyber Security Breaches Survey [https://www.gov.uk/government/collections/cyber-security-breaches-survey] sets out further details on the impact of cyber threats and we will publish further research on this in due course.
Asked by: Dan Aldridge (Labour - Weston-super-Mare)
Question to the Department for Science, Innovation & Technology:
To ask the Secretary of State for Science, Innovation and Technology, whether he plans to include provisions within the Cyber Security and Resilience Bill on requiring regulated organisations to adopt cybersecurity to help tackle AI-enabled threats.
Answered by Feryal Clark - Parliamentary Under Secretary of State (Department for Science, Innovation and Technology)
Cyber security is a priority for the government. We are taking action to protect businesses, citizens and essential services against cyber threats. Last year the National Cyber Security Centre (NCSC) said AI will almost certainly increase the volume and heighten the impact of cyber attacks over the next two years, however the impact on the cyber threat would be uneven. The full report is at https://www.ncsc.gov.uk/report/impact-of-ai-on-cyber-threat .
The Cyber Security and Resilience Bill will require regulated organisations to adopt cyber security measures which protect against a wide range of cyber threats, including AI-enabled threats. Further details on the Cyber Security and Resilience Bill will be published in due course.
Cyber attacks cost the UK economy billions of pounds per year, resulting in serious disruption for businesses and individuals, and disruption to supply chains and public services. Cyber attacks harm confidence and investment in UK technology, while intellectual property can be stolen which has cost billions of pounds to develop. The Cyber Security Breaches Survey [https://www.gov.uk/government/collections/cyber-security-breaches-survey] sets out further details on the impact of cyber threats and we will publish further research on this in due course.
Asked by: Dan Aldridge (Labour - Weston-super-Mare)
Question to the Department for Science, Innovation & Technology:
To ask the Secretary of State for Science, Innovation and Technology, what assessment he has made of the potential impact of (a) AI-enabled and (b) other cyber attacks on economic (i) security and (ii) competitiveness.
Answered by Feryal Clark - Parliamentary Under Secretary of State (Department for Science, Innovation and Technology)
Cyber security is a priority for the government. We are taking action to protect businesses, citizens and essential services against cyber threats. Last year the National Cyber Security Centre (NCSC) said AI will almost certainly increase the volume and heighten the impact of cyber attacks over the next two years, however the impact on the cyber threat would be uneven. The full report is at https://www.ncsc.gov.uk/report/impact-of-ai-on-cyber-threat .
The Cyber Security and Resilience Bill will require regulated organisations to adopt cyber security measures which protect against a wide range of cyber threats, including AI-enabled threats. Further details on the Cyber Security and Resilience Bill will be published in due course.
Cyber attacks cost the UK economy billions of pounds per year, resulting in serious disruption for businesses and individuals, and disruption to supply chains and public services. Cyber attacks harm confidence and investment in UK technology, while intellectual property can be stolen which has cost billions of pounds to develop. The Cyber Security Breaches Survey [https://www.gov.uk/government/collections/cyber-security-breaches-survey] sets out further details on the impact of cyber threats and we will publish further research on this in due course.
Asked by: Dan Aldridge (Labour - Weston-super-Mare)
Question to the Department for Science, Innovation & Technology:
To ask the Secretary of State for Science, Innovation and Technology, what assessment he has made of the effectiveness of (a) cyber security laws and (b) supporting regulatory guidance in preventing supply chain attacks on critical (i) services and (ii) infrastructure.
Answered by Feryal Clark - Parliamentary Under Secretary of State (Department for Science, Innovation and Technology)
Our current cyber security laws – the NIS Regulations (2018) – are inherited from the EU and are the UK’s only cross-sector cyber security-specific legislation. The cyber threat has since evolved since 2018 due to AI and other technology and geopolitical trends. The laws therefore require an urgent update to ensure UK infrastructure and economy is not comparably more vulnerable. This is why we announced the Cyber Security and Resilience Bill, which will improve the UK’s cyber defences, strengthen our regulatory approach and protect more digital services and supply chains.
The government announced in September 2024 that data centres have been designated as critical national infrastructure, meaning the sector will benefit from greater government support in preparing for and managing critical incidents. Further details on the content of the Cyber Security and Resilience Bill will be published in due course.
Asked by: Dan Aldridge (Labour - Weston-super-Mare)
Question to the Department for Science, Innovation & Technology:
To ask the Secretary of State for Science, Innovation and Technology, whether the Cyber Security and Resilience Bill will ensure that data centres are (a) secure and (b) resilient.
Answered by Feryal Clark - Parliamentary Under Secretary of State (Department for Science, Innovation and Technology)
Our current cyber security laws – the NIS Regulations (2018) – are inherited from the EU and are the UK’s only cross-sector cyber security-specific legislation. The cyber threat has since evolved since 2018 due to AI and other technology and geopolitical trends. The laws therefore require an urgent update to ensure UK infrastructure and economy is not comparably more vulnerable. This is why we announced the Cyber Security and Resilience Bill, which will improve the UK’s cyber defences, strengthen our regulatory approach and protect more digital services and supply chains.
The government announced in September 2024 that data centres have been designated as critical national infrastructure, meaning the sector will benefit from greater government support in preparing for and managing critical incidents. Further details on the content of the Cyber Security and Resilience Bill will be published in due course.
Asked by: Dan Aldridge (Labour - Weston-super-Mare)
Question to the Department for Science, Innovation & Technology:
To ask the Secretary of State for Science, Innovation and Technology, what assessment he has made of the adequacy of the UK's contingency plans to tackle quantum cyber threats; and if he will conduct a comparative assessment on the effectiveness of these measures compared to those used by his international counterparts.
Answered by Feryal Clark - Parliamentary Under Secretary of State (Department for Science, Innovation and Technology)
The government recognises the cyber threats posed by quantum computing. The NCSC recently issued new guidance to help organisations prepare for and protect against threats posed by future developments in quantum computing [https://www.ncsc.gov.uk/guidance/pqc-migration-timelines]. The guidance is focused on migrating to post-quantum cryptography to mitigate the potential future quantum threat to encryption services, and identifying and mitigating cyber risks during the migration.
The Department for Science, Innovation and Technology and NCSC have also commissioned external research to understand industry barriers and incentives to migrate to post-quantum cryptography. This will be used to inform future policy interventions to drive the transition.
The government continues to monitor developments in quantum computing and uptake of post-quantum cryptography, including working with other countries to keep UK citizens and organisations secure. The government continues to assess wider cyber risks from critical and emerging technologies on an ongoing basis.
Asked by: Dan Aldridge (Labour - Weston-super-Mare)
Question to the Department for Science, Innovation & Technology:
To ask the Secretary of State for Science, Innovation and Technology, what (a) guidance and (b) resources he is providing to (i) small and medium enterprises and (ii) other businesses to help (A) prepare for and (B) mitigate quantum cyber risks.
Answered by Feryal Clark - Parliamentary Under Secretary of State (Department for Science, Innovation and Technology)
The government recognises the cyber threats posed by quantum computing. The NCSC recently issued new guidance to help organisations prepare for and protect against threats posed by future developments in quantum computing [https://www.ncsc.gov.uk/guidance/pqc-migration-timelines]. The guidance is focused on migrating to post-quantum cryptography to mitigate the potential future quantum threat to encryption services, and identifying and mitigating cyber risks during the migration.
The Department for Science, Innovation and Technology and NCSC have also commissioned external research to understand industry barriers and incentives to migrate to post-quantum cryptography. This will be used to inform future policy interventions to drive the transition.
The government continues to monitor developments in quantum computing and uptake of post-quantum cryptography, including working with other countries to keep UK citizens and organisations secure. The government continues to assess wider cyber risks from critical and emerging technologies on an ongoing basis.
Asked by: Dan Aldridge (Labour - Weston-super-Mare)
Question to the Department for Business and Trade:
To ask the Secretary of State for Business and Trade, what discussions he has had with Meta on preventing the sale of illegal e-bikes on their marketplace platform.
Answered by Justin Madders - Parliamentary Under Secretary of State (Department for Business and Trade)
Product safety law requires that all consumer products placed on the UK market must be safe. The Office for Product Safety and Standards, in my Department, has a programme of work focused on making sure online platforms, including Meta, are aware of their responsibilities for preventing the supply of unsafe products to UK consumers, and requires them to remove unsafe or non-compliant products made available on their sites.
Asked by: Dan Aldridge (Labour - Weston-super-Mare)
Question to the Department for Business and Trade:
To ask the Secretary of State for Business and Trade, if he will make an assessment of the potential merits of including measures to require boards to report on cyber resilience in the draft Audit Reform and Corporate Governance Bill.
Answered by Justin Madders - Parliamentary Under Secretary of State (Department for Business and Trade)
All large and medium-sized companies are already required to report on their material risks within their annual strategic report, including on cyber risk where this is a material risk. Recognising the important strategic role that boards of directors play in risk management, the Government intends to launch a Cyber Governance Code of Practice, and cyber governance training, to support boards in governing cyber risks and building cyber resilience. We will bring forward the draft Audit Reform and Corporate Governance Bill shortly, with which we intend to provide the audit and governance regulator with important new powers and objectives relating to the audit and reporting duties of directors.
Asked by: Dan Aldridge (Labour - Weston-super-Mare)
Question to the Department for Work and Pensions:
To ask the Secretary of State for Work and Pensions, what steps her Department is taking to (a) reduce waiting times on her Department's helplines and (b) prevent calls from being cut off after long waiting periods.
Answered by Andrew Western - Parliamentary Under-Secretary (Department for Work and Pensions)
(a) Reduce waiting times on Department's helplines
DWP reviews forecasted telephony demand and plans resourcing accordingly to keep wait times down. Wait time performance is frequently reviewed and where DWP’s telephony is delivered by an outsourced provider we use the Key Performance Indicator of percentage of calls answered. All DWP customer telephone lines are Freephone numbers.
The Department is investing in a new capability that aims to better route customers to the right offer at the right time. This will help to reduce waiting times by supporting customers to utilise digital alternatives where appropriate and enables telephony agents to speak to our customers that really need to speak to someone. If a customer indicates they may be at risk of physical or mental harm e.g. suicide, terminal illness, homelessness, and clinical mental health, they will be routed to a telephony agent in as short a journey as possible.
The Department offers a wide range of reasonable adjustments for customers, including production of communications in a range of alternative formats. We are currently testing further digital solutions for British Sign Language interpreter connectivity within our jobcentre environment.
(b) Prevent calls from being cut off after long waiting periods
Regarding disconnections, while mobile phone contracts may disconnect after a certain time period, we do not intentionally cut off customers after long wait times. We do not have anything configured in our Contact Centre platform to automatically cut customers off after any time threshold, or period of waiting.
We do, however, inform customers when they are in a queue and we know their call won't be answered before the line closes, and request that they call back.