The Joint Committee on the National Security Strategy (JCNSS) is to launch an inquiry into cyber security with a focus on the UK's critical infrastructure.
In January 2017, the previous Committee launched an inquiry entitled ‘Cyber Security: UK National Security in a Digital World’, focussing on the 2016 National Cyber Security Strategy (NCSS). The inquiry was halted by the 2017 general election.
Since Dissolution, there have been numerous cyber attacks of significance to the UK, especially to its Critical National Infrastructure:
- WannaCry, most notably affecting the NHS;
- The attack on the UK Parliament;
- The attack on the Scottish Parliament.
The first Annual Report for the National Cyber Security Centre (NCSC), published in October 2017, revealed it had received more than 1100 cyber incident reports in the previous year, of which 590 were classed as significant. More than 30 of these were assessed as being sufficiently serious to require a cross-government response process, co-ordinated by the NCSC.
Chair of the Joint Committee, Dame Margaret Beckett MP, commented:
"These incidents have highlighted the need for improved cyber security and the challenges involved in achieving this objective. The attacks have also raised awareness among the media and wider population, making it an opportune moment for an inquiry to have a lasting impact.
Our critical national infrastructure must be prepared for these attacks, which are becoming more frequent in nature. The threat to the UK is real. We must be ready—the question is how."
Scope of the inquiry
The Committee will draw from the work by the previous inquiry but wishes to call for evidence on the following terms of reference:
- The types and sources of cyber threats to Critical National Infrastructure (CNI) in the UK;
- The extent to which the Government’s definition of 'critical national infrastructure' is still valid in an interconnected economy;
- Learning points drawn from the 2011 Cyber Security Strategy and the fitness for purpose of the 2016 Cyber Security Strategy in relation to CNI;
- The effectiveness of the strategic lead provided by the National Security Council, Government Departments and agencies, and the National Cyber Security Centre, and the coherence of cross-government activity;
- The effectiveness of the Government's relationships with, respectively, private-sector operators and regulators in protecting CNI from cyber attack;
- The balance of responsibilities between the Government and private-sector operators in protecting CNI against cyber attack;
- The consistency of approach in the UK to legislation, regulation and standards governing each CNI sector and cyber security;
- The availability of skills and expertise to the relevant Government Departments and agencies, to regulators and to private-sector operators of CNI;
- The extent to which the UK’s approach to the cyber security of CNI draws on or represents international best practice.
Written evidence can be submitted using the Committee's web portal. The deadline is Wednesday 17 January 2018.