Question to the Cabinet Office:

To ask the Minister for the Cabinet Office, what steps his Department is taking to protect critical national infrastructure from cyber attacks.

The Government works constantly to strengthen the security and resilience of UK Critical National Infrastructure (CNI).

The Cabinet Office works closely with Lead Government Departments to understand, manage and mitigate the impacts of cyber risk to their corresponding CNI sectors. Each CNI sector's security and resilience is overseen by a Lead Government Department, and it is that Department's Minister that will hold overall accountability for that CNI sector. The UK Government also works closely with the National Cyber Security Centre (NCSC), the UK's national technical authority. NCSC are working with CNI operators to help them find the cyber exercising and incident management services they need from the marketplace by expanding the NCSC’s accredited scheme for Cyber Incident Response and introducing a new scheme for exercising.

At Cyber UK 2023, the Deputy Prime Minister announced that we have set specific and ambitious cyber resilience targets for all critical national infrastructure sectors to meet by 2025. This is alongside examining plans to bring more private sector businesses working in critical national infrastructure within the scope of cyber resilience regulations. This work will further our ambition to understand and manage cyber risk.

Through the National Cyber Strategy, the Government is working to improve resilience to cyber risks across the UK economy and drive organisations to take action themselves as part of a whole of society approach. Over the past year, the Cabinet Office has been progressing foundational work to support the creation of common but flexible resilience standards across CNI and do more on the assurance of CNI, including cyber assurance preparedness by 2030.