Asked by: Saqib Bhatti (Conservative - Meriden and Solihull East)
Question to the Department for Science, Innovation & Technology:
To ask the Secretary of State for Science, Innovation and Technology, what assessment she has made of the potential impact of the Cyber Security and Resilience (Network and Information Systems) Bill on the cyber resilience of energy infrastructure.
Answered by Kanishka Narayan - Parliamentary Under Secretary of State (Department for Science, Innovation and Technology)
The government's Cyber Security Breaches Survey shows that 43% of UK businesses reported experiencing a cyber breach or attack within the past year. Within the utilities sector this figure is 48%. The survey does not specifically detail cyber attacks on energy infrastructure.
The National Cyber Security Centre (NCSC) has warned there is a significant and enduring cyber threat faced by the UK’s critical national infrastructure. As part of its routine operations the NCSC works closely with all areas of the UK’s critical national infrastructure to highlight the cyber threat landscape and associated mitigation activities. As noted in its Annual Review (2025) the NCSC has undertaken a wide range of activities to enhance protections for the UK’s energy infrastructure, including delivering technical advice and guidance on cyber security challenges, working directly with key suppliers on cyber security initiatives, and providing additional support to operators of renewable energy assets. The annual review also notes how NCSC has deepened its understanding of cyber maturity in critical national infrastructure, enabling more targeted interventions and strengthening the UK’s ability to identify and eliminate sophisticated threat actors.
The Cyber Security and Resilience (Network and Information Systems) Bill updates the Network and Information Systems Regulations 2018, which includes essential services in the energy sector. The Bill will improve the cyber security of the energy sector and its infrastructure through better resourced regulators to respond to cyber threats, and a stronger mechanism for government to set priority outcomes for regulators to work to.
The incident reporting framework will also be updated through the Bill, including for the energy sector. Under the existing reporting regime, too many significant incidents do not need to be reported, and this creates a gap in the government’s knowledge and ability to protect the UK from harm. A wider range of significant incidents, such as successful ransomware and pre-positioning will need to be reported under the Bill. A light touch, initial notification will also be required within 24 hours of an incident being discovered will enable quicker and more effective support to be provided to organisations.
The Bill will keep pace with an increasingly digitalised and interconnected energy sector by bringing load controllers into scope of the NIS Regulations as a new essential service, where they meet the threshold, ensuring regulation is focused where the risk is greatest.
Asked by: Saqib Bhatti (Conservative - Meriden and Solihull East)
Question to the Department for Science, Innovation & Technology:
To ask the Secretary of State for Science, Innovation and Technology, what estimate her Department has made of the number of cyber attacks on energy infrastructure.
Answered by Kanishka Narayan - Parliamentary Under Secretary of State (Department for Science, Innovation and Technology)
The government's Cyber Security Breaches Survey shows that 43% of UK businesses reported experiencing a cyber breach or attack within the past year. Within the utilities sector this figure is 48%. The survey does not specifically detail cyber attacks on energy infrastructure.
The National Cyber Security Centre (NCSC) has warned there is a significant and enduring cyber threat faced by the UK’s critical national infrastructure. As part of its routine operations the NCSC works closely with all areas of the UK’s critical national infrastructure to highlight the cyber threat landscape and associated mitigation activities. As noted in its Annual Review (2025) the NCSC has undertaken a wide range of activities to enhance protections for the UK’s energy infrastructure, including delivering technical advice and guidance on cyber security challenges, working directly with key suppliers on cyber security initiatives, and providing additional support to operators of renewable energy assets. The annual review also notes how NCSC has deepened its understanding of cyber maturity in critical national infrastructure, enabling more targeted interventions and strengthening the UK’s ability to identify and eliminate sophisticated threat actors.
The Cyber Security and Resilience (Network and Information Systems) Bill updates the Network and Information Systems Regulations 2018, which includes essential services in the energy sector. The Bill will improve the cyber security of the energy sector and its infrastructure through better resourced regulators to respond to cyber threats, and a stronger mechanism for government to set priority outcomes for regulators to work to.
The incident reporting framework will also be updated through the Bill, including for the energy sector. Under the existing reporting regime, too many significant incidents do not need to be reported, and this creates a gap in the government’s knowledge and ability to protect the UK from harm. A wider range of significant incidents, such as successful ransomware and pre-positioning will need to be reported under the Bill. A light touch, initial notification will also be required within 24 hours of an incident being discovered will enable quicker and more effective support to be provided to organisations.
The Bill will keep pace with an increasingly digitalised and interconnected energy sector by bringing load controllers into scope of the NIS Regulations as a new essential service, where they meet the threshold, ensuring regulation is focused where the risk is greatest.
Asked by: Saqib Bhatti (Conservative - Meriden and Solihull East)
Question to the Department for Science, Innovation & Technology:
To ask the Secretary of State for Science, Innovation and Technology, what assessment her Department has made of the potential merits of creating a cyber incident database with compulsory fixes to be created for energy infrastructure.
Answered by Kanishka Narayan - Parliamentary Under Secretary of State (Department for Science, Innovation and Technology)
The government's Cyber Security Breaches Survey shows that 43% of UK businesses reported experiencing a cyber breach or attack within the past year. Within the utilities sector this figure is 48%. The survey does not specifically detail cyber attacks on energy infrastructure.
The National Cyber Security Centre (NCSC) has warned there is a significant and enduring cyber threat faced by the UK’s critical national infrastructure. As part of its routine operations the NCSC works closely with all areas of the UK’s critical national infrastructure to highlight the cyber threat landscape and associated mitigation activities. As noted in its Annual Review (2025) the NCSC has undertaken a wide range of activities to enhance protections for the UK’s energy infrastructure, including delivering technical advice and guidance on cyber security challenges, working directly with key suppliers on cyber security initiatives, and providing additional support to operators of renewable energy assets. The annual review also notes how NCSC has deepened its understanding of cyber maturity in critical national infrastructure, enabling more targeted interventions and strengthening the UK’s ability to identify and eliminate sophisticated threat actors.
The Cyber Security and Resilience (Network and Information Systems) Bill updates the Network and Information Systems Regulations 2018, which includes essential services in the energy sector. The Bill will improve the cyber security of the energy sector and its infrastructure through better resourced regulators to respond to cyber threats, and a stronger mechanism for government to set priority outcomes for regulators to work to.
The incident reporting framework will also be updated through the Bill, including for the energy sector. Under the existing reporting regime, too many significant incidents do not need to be reported, and this creates a gap in the government’s knowledge and ability to protect the UK from harm. A wider range of significant incidents, such as successful ransomware and pre-positioning will need to be reported under the Bill. A light touch, initial notification will also be required within 24 hours of an incident being discovered will enable quicker and more effective support to be provided to organisations.
The Bill will keep pace with an increasingly digitalised and interconnected energy sector by bringing load controllers into scope of the NIS Regulations as a new essential service, where they meet the threshold, ensuring regulation is focused where the risk is greatest.
Asked by: Saqib Bhatti (Conservative - Meriden and Solihull East)
Question to the Department for Science, Innovation & Technology:
To ask the Secretary of State for Science, Innovation and Technology, what assessment her Department has made of the risk of cyber attacks on energy infrastructure.
Answered by Kanishka Narayan - Parliamentary Under Secretary of State (Department for Science, Innovation and Technology)
The government's Cyber Security Breaches Survey shows that 43% of UK businesses reported experiencing a cyber breach or attack within the past year. Within the utilities sector this figure is 48%. The survey does not specifically detail cyber attacks on energy infrastructure.
The National Cyber Security Centre (NCSC) has warned there is a significant and enduring cyber threat faced by the UK’s critical national infrastructure. As part of its routine operations the NCSC works closely with all areas of the UK’s critical national infrastructure to highlight the cyber threat landscape and associated mitigation activities. As noted in its Annual Review (2025) the NCSC has undertaken a wide range of activities to enhance protections for the UK’s energy infrastructure, including delivering technical advice and guidance on cyber security challenges, working directly with key suppliers on cyber security initiatives, and providing additional support to operators of renewable energy assets. The annual review also notes how NCSC has deepened its understanding of cyber maturity in critical national infrastructure, enabling more targeted interventions and strengthening the UK’s ability to identify and eliminate sophisticated threat actors.
The Cyber Security and Resilience (Network and Information Systems) Bill updates the Network and Information Systems Regulations 2018, which includes essential services in the energy sector. The Bill will improve the cyber security of the energy sector and its infrastructure through better resourced regulators to respond to cyber threats, and a stronger mechanism for government to set priority outcomes for regulators to work to.
The incident reporting framework will also be updated through the Bill, including for the energy sector. Under the existing reporting regime, too many significant incidents do not need to be reported, and this creates a gap in the government’s knowledge and ability to protect the UK from harm. A wider range of significant incidents, such as successful ransomware and pre-positioning will need to be reported under the Bill. A light touch, initial notification will also be required within 24 hours of an incident being discovered will enable quicker and more effective support to be provided to organisations.
The Bill will keep pace with an increasingly digitalised and interconnected energy sector by bringing load controllers into scope of the NIS Regulations as a new essential service, where they meet the threshold, ensuring regulation is focused where the risk is greatest.
Asked by: Saqib Bhatti (Conservative - Meriden and Solihull East)
Question to the Department for Science, Innovation & Technology:
To ask the Secretary of State for Science, Innovation and Technology, what progress his Department has made with the Digital Poverty Alliance on providing re-purposed Government laptops to people who need them.
Answered by Chris Bryant - Minister of State (Department for Business and Trade)
The Government is implementing a device donation pilot by working with the Digital Poverty Alliance to refurbish end-of-life laptops from DSIT, DESNZ and DBT and distribute them to those who need them most. This pilot will be in effect until Autumn 2025.
We are also working closely with industry on a device donation charter, to encourage more organisations to set up their own device donation schemes. We are hoping to publish this in Spring 2025.
Asked by: Saqib Bhatti (Conservative - Meriden and Solihull East)
Question to the Department for Science, Innovation & Technology:
To ask the Secretary of State for Science, Innovation and Technology, whether he plans to publish the evidence from the Digital Inclusion Strategy Call for Evidence.
Answered by Chris Bryant - Minister of State (Department for Business and Trade)
The Government published the Digital Inclusion Action Plan in February, which sets out the first steps we are taking towards our ambition of delivering digital inclusion for everyone across the UK, regardless of their circumstances. The Government also published a call for evidence on the focus areas and invited contributions from individual citizens, charities, business, civil society, and subject matter experts. The call for evidence closed on 9 April and details on how the Government expects to respond will be shared in due course.
Asked by: Saqib Bhatti (Conservative - Meriden and Solihull East)
Question to the Department for Science, Innovation & Technology:
To ask the Secretary of State for Science, Innovation and Technology, what steps his Department is taking to tackle digital exclusion.
Answered by Chris Bryant - Minister of State (Department for Business and Trade)
The Government published the Digital Inclusion Action Plan in February, which sets out the first steps we are taking towards our ambition of delivering digital inclusion for everyone across the UK, regardless of their circumstances. The Government also published a call for evidence on the focus areas and invited contributions from individual citizens, charities, business, civil society, and subject matter experts. The call for evidence closed on 9 April and details on how the Government expects to respond will be shared in due course.
Asked by: Saqib Bhatti (Conservative - Meriden and Solihull East)
Question to the Department for Science, Innovation & Technology:
To ask the Secretary of State for Science, Innovation and Technology, how much money the Government has committed for the Digital Inclusion Fund; and how it will be allocated.
Answered by Chris Bryant - Minister of State (Department for Business and Trade)
Digital inclusion is a priority for Government. The Digital Inclusion Innovation Fund is designed to support initiatives that increase digital participation and to identify innovative best practice with an ambition to scale and replicate successful digital inclusion activities.
Further details of funding will be shared in due course.
Asked by: Saqib Bhatti (Conservative - Meriden and Solihull East)
Question to the Department for Science, Innovation & Technology:
To ask the Secretary of State for Science, Innovation and Technology, what progress he has made on the Digital Inclusion Innovation Fund, announced in February 2025.
Answered by Chris Bryant - Minister of State (Department for Business and Trade)
Digital inclusion is a priority for Government. The Digital Inclusion Innovation Fund is designed to support initiatives that increase digital participation and to identify innovative best practice with an ambition to scale and replicate successful digital inclusion activities.
Further details of funding will be shared in due course.
Asked by: Saqib Bhatti (Conservative - Meriden and Solihull East)
Question to the Department for Science, Innovation & Technology:
To ask the Secretary of State for Science, Innovation and Technology, what progress he has made on establishing the Digital Inclusion Action Committee.
Answered by Chris Bryant - Minister of State (Department for Business and Trade)
The Digital Inclusion Action Committee is an external advisory body that will work closely with the Department for Science, Innovation and Technology. It will be made up of national and local experts to tackle digital exclusion. Its role is to scrutinise, steer and help determine the work of the government in reducing digital exclusion in every part of the UK.
The Expression of Interest closed on 2nd April, and selection is underway, led by Baroness Armstrong. Attendees are expected to be announced in Spring 2025. The first meeting will take place shortly thereafter.