Question to the Cabinet Office:

To ask the Minister for the Cabinet Office, what assessment he has made of the potential impact of the a) National Security Strategy and b) Cyber Security and Resilience (Network and Information Systems) Bill on private sector Critical National Infrastructure operators.

The government is working tirelessly with groups across society, including operators of critical national infrastructure, to make the UK a harder target for hostile actors and to deliver growth.

Strategies such as the National Security Strategy 2025, which consolidated several national security reviews and audits including the Resilience Action Plan into one framework, are critical to this work. The government engages with a range of stakeholders, considers assessments and analysis from think-tanks, academics, industry and parliamentary reports, to ensure the ambitions of these strategies are deliverable for industry and other groups across society.

The Cyber Security and Resilience (Network and Information Systems) Bill will strengthen the UK’s cyber defences and ensure the essential and digital services the public relies on are more secure. The government is continuing to engage closely with industry to ensure the Bill is robust and deliverable, and we will consult stakeholders on our plans for secondary legislation in due course. In addition, the Resilience Action Plan included a commitment to map standards across the CNI landscape, which will provide an overview of the resilience requirements placed on CNI sectors and their cumulative impacts.