Question to the Cabinet Office:

To ask the Minister for the Cabinet Office, with reference to his oral contribution of 18 January 2024, Official Report, column 1003, what recent comparative assessment his Department has made of the effectiveness of steps being taken to understand the risks associated with (a) cyber security and (b) red-rated computer systems in (i) the UK and (ii) other countries.

The National Cyber Strategy 2022 sets out the Government’s ambitions to raise levels of resilience across all sectors by 2025, with a particular focus on our Critical National Infrastructure and making government an exemplar. We are also strengthening protections to online services and connected consumer devices to reduce the cyber security burden on UK citizens.

We continually assess cyber risk and the implementation of the National Cyber Strategy. In August 2023, we published the first Annual Progress Report for the National Cyber Strategy 2022. The report demonstrates our progress against the five strategic objectives, demonstrating how we have adapted to a significantly shifting geopolitical landscape. It supports our aim to be transparent in the way we work and reinforces the UK’s status as a leading, responsible and democratic cyber power. The report highlighted the success in improving cyber resilience through the NCSC Cyber Action Plan and Cyber Essentials as well as disruptions such as the first tranche of cyber sanctions and the takedown of the GENESIS marketplace, a go-to service for cyber-criminals.

During the formulation of the Legacy IT Assessment Risk Framework, input was sought from various commercial and governmental entities to gather insights. These comparative assessments, conducted during the framework's design phase, aimed to strike a balance between aligning with industry standards for user familiarity and addressing the specific requirements of a standardised cross-government framework for evaluating risks associated with legacy digital technology assets.