Parliament’s science and tech committee has announced a new inquiry to examine the current resilience of national systems, with a view to understanding the possible impact of a major attack
Parliament’s Science and Technology Committee has launched an inquiry examining the cyber resilience of the UK’s energy, telecommunications and other critical national infrastructure (CNI).
The committee will look into efforts to make the computer systems underpinning CNI – which it defines as “infrastructure whose disruption would have significant national impact” – more secure. The MPs will consider whether the UK’s CNI is on track to meet recently announced resilience targets by 2025, and examine the adequacy of the government’s approach to supply chain access, trusted partners, and cyber resilience and readiness standards and regulations.
It will also look at the strengths and weaknesses of the government’s National Cyber Strategy 2022 and Government Cyber Security Strategy 2022-30 in relation to CNI for the digital economy; whether the National Security Council, government departments and agencies and the National Cyber Security Centre are providing effective strategic leadership, and whether cross-government activity on CNI is coherent; and the role of “secure by design” and emerging technologies in the cyber resilience of CNI.
Digital infrastructure was highlighted in the 2023 Integrated Review refresh as vital to UK national security, the committee said in its announcement of the inquiry. The UK is the third most cyberattack-targeted country globally, after the US and Ukraine, the committee said.
- ‘The prospect of a category-one cyberattack is not receding’
- Officers pose as attackers for hire as NCA doubles number of ‘major cyber disruptions’ in FY23
- Regulator reveals cyberattackers accessed emails and electoral register data for over a year undetected
It is also essential for supporting economic growth and transforming public service delivery, they said, as well as being a cornerstone of the development of critical and emerging technologies as set out in the Department for Science, Innovation and Technology’s Science and Technology Framework, published earlier this year.
“Much of the UK’s CNI is underpinned by this digital infrastructure, which must be resilient to cyberattack if it is to fulfil such fundamental roles in the UK economy,” the committee said.
The inquiry will also consider how effectively the government works with private-sector operators and regulators in protecting and preparing CNI organisations from cyber-attacks.
Much of the UK’s CNI is largely private-sector owned, and there have been growing concerns about competing priorities between the government and private companies regarding cyber resilience strategies and the speed at which a service is restored after a detected cyberattack.
The 2017 WannaCry ransomware attack – the most well-known, complex cyberattack that has affected CNI – heavily disrupted NHS medical services.
The committee is seeking submissions from experts on sources of cyber threats to the CNI that is most essential to the function of the UK digital economy, including communications, energy, government, and finance infrastructure.
MPs encourage concise submissions of up to 3,000 words with an included short summary of the candidate and their organisation with a reason for submitting evidence. The committee also said they want to hear a wide variety of views, and welcome submissions from anyone with answers to the questions in the call for evidence.
Evidence submissions are open until Friday 10 November 2023.