Question to the Department for Science, Innovation & Technology:

To ask the Secretary of State for Science, Innovation and Technology, what assessment he has made of the level of preparedness in the event of a coordinated cyber-attack on public service infrastructure.

Government is working tirelessly to improve the cyber resilience of the public sector, which includes some of the UK’s Critical National Infrastructure (CNI). Cyber risks are kept under review, through the internal, classified National Security Risk Assessment (NSRA), and the external facing version, the National Risk Register (NRR), to ensure that we effectively plan at the national and local levels. The NSRA assesses a number of cyber risks, including the impact of a cyber-attack against government systems on the delivery of public services.

We face a persistent and evolving threat landscape, the intent and capability of both state and non-state threat actors is increasing, and the pace of this change has accelerated considerably over the last 24 months. Public service infrastructure and systems remain an attractive target for our adversaries and criminals, with recent incidents clearly highlighting the risk posed by cyber attacks on both private and public sector organisations.

Responding to a cyber incident is a cross-government responsibility with roles and responsibilities identified in the National Cyber Incident Management Framework. As well as developing a more sophisticated understanding of cyber risk across UK CNI, the Government is focussed on ensuring that CNI operators are prepared to respond to and recover from incidents through better planning and regular exercises across Government and as part of the National Exercising Programme. The National Cyber Security Centre (NCSC) also works with partners to help public and private CNI operators detect and respond to attacks.