Question to the Department for Transport:

To ask His Majesty's Government what steps they are taking to strengthen cybersecurity across the railway sector.

The Department for Transport (DfT) works across Government to introduce relevant standards, guidance, and policy to ensure the cyber security and resilience of our essential services.

DfT uses both policy and regulatory levers to support the rail sector to effectively manage cyber risk and assist the sector to secure its networks and systems. We work closely with the National Cyber Security Centre (NCSC), the rail industry, and others to continuously assess and mitigate emerging cyber threats to the sector.

As Competent Authority under the Network and Information Systems (NIS) Regulations 2018, DfT regulates rail Operators of Essential Servies (OES) to ensure that rail services which are most critical to the British public are compliant with relevant cyber standards. We will use the forthcoming Cyber Security and Resilience Bill (CSRB) to strengthen our regulatory powers, improve incident reporting, and expand the type of entities in scope.