Question to the Department for Energy Security & Net Zero:

To ask the Secretary of State for Energy Security and Net Zero, whether his Department will require a cyber incident database with compulsory fixes to be created for attacks on the energy system.

The Department for Energy Security and Net Zero takes the security and resilience of UK energy infrastructure extremely seriously, including the cyber security of critical infrastructure. Maintaining a secure and reliable energy supply is a key priority. The Network and Information Systems (NIS) Regulations, impose strict incident-reporting obligations on critical energy operators.

The Government has recently introduced the Cyber Security and Resilience (Network and Information Systems) Bill. The Bill proposes expanding incident-reporting requirements, broadening the scope of reportable events, and enhancing the powers of regulators to oversee compliance and require remedial actions where necessary.