Question to the Department for Transport:

To ask the Secretary of State for Transport, what steps her Department is taking to mitigate the risk of cyber-attacks affecting the rail sector.

The Department for Transport (DfT) views the cyber security of the rail sector as a priority, working across Government to introduce relevant standards, guidance, and policy to ensure the cyber security and resilience of our essential services.

DfT uses both policy and regulatory levers to support the rail sector to effectively manage cyber risk and assist the sector to secure its networks and systems. We work closely with partners across UK government and law enforcement, the rail industry, and others to continuously assess and mitigate emerging cyber threats to the sector.

As Competent Authority under the Network and Information Systems (NIS) Regulations, DfT is committed to working with rail operators to strengthen protection against cyber threats and improve preparedness. We will use the implementation of the Cyber Security and Resilience (NIS) Bill to further strengthen our regulatory powers, improve incident reporting, and expand the type of entities in scope.