Question to the Department for Science, Innovation & Technology:

To ask the Secretary of State for Science, Innovation and Technology, what assessment her Department has made of the systemic risks posed to the UK economy and critical services by reliance on two dominant hyperscale cloud providers, following recent outages on Microsoft Azure and Amazon Web Services.

The Department for Science, Innovation and Technology (DSIT) continues to monitor systemic risks to UK critical national infrastructure from reliance on cloud providers, including resilience measures and contingency planning following recent service outages. DSIT works closely with each cloud provider during and after any incident to ensure improved resilience and lessons learnt are shared across Government. For example, following earlier global digital resilience incidents, we are working to strengthen our capability to coordinate this kind of incident across Government.

Government recommends that public sector organisations adopt a multi-region approach, in which they make controlled, considered use of regions in a way which is compatible with UK law. This helps improve resilience by removing the reliance on any one region.

DSIT will publish the Government Cyber Action Plan this Winter, which sets out a clear approach for Government and the public sector to manage cyber security and resilience incidents impacting Government services.

Government also recognises the importance of robust protections for the services essential to our society and economy – that is why we introduced the Cyber Security and Resilience Bill on 12 November.