In January last year, the previous Joint Committee on the National Security Strategy (JCNSS) launched an inquiry entitled ‘Cyber Security: UK National Security in a Digital World’, focusing in the main on the 2016 National Cyber Security Strategy. That inquiry was halted by the 2017 General Election.
Following on from the Dissolution of Parliament, there were numerous cyber attacks of significance perpetrated in the UK affecting elements of its Critical National Infrastructure (CNI). These have included the WannaCry attack, most notably affecting the NHS, in addition to the attack on the UK Parliament and that conducted against the Scottish Parliament.
The first Annual Report produced by the National Cyber Security Centre (NCSC), published last October, revealed that it had received more than 1,100 cyber incident reports in the previous year, of which 590 were classed as being ‘Significant’. More than 30 of these were assessed as being sufficiently serious to require a cross-Government response process co-ordinated by the NCSC.
With all of this in mind, the JCNSS has now determined to launch an inquiry into cyber security with a clear focus on the UK’s critical infrastructure.
Dame Margaret Beckett MP, chair of the Joint Committee, commented: “These incidents have highlighted the need for improved cyber security and the challenges involved in achieving this objective. The attacks have also raised awareness among the media and the wider population, making it an opportune moment for an inquiry to have a lasting impact. Our CNI must be prepared for these attacks, which are becoming more frequent in nature. The threat to the UK is extremely real. We must be ready, but the question is ‘How?'”
The Joint Committee will draw upon the work conducted by the previous inquiry, but has also issued a Call for Evidence on the following Terms of Reference:
*the types and sources of cyber threats to the CNI here in the UK
*the extent to which the Government’s definition of CNI is still valid in an interconnected economy
*learning points drawn from the 2011 Cyber Security Strategy and the fitness for purpose of the 2016 Cyber Security Strategy in relation to CNI
*the effectiveness of the strategic lead provided by the National Security Council, Government Departments and agencies and the NCSC, as well as the coherence of cross-Government activity
*the effectiveness of the Government’s relationships with, respectively, private sector operators and regulators in protecting the CNI from cyber attack
*the balance of responsibilities between the Government and private-sector operators when it comes to protecting the CNI against cyber attack
*the consistency of approach in the UK towards legislation, regulation and standards governing each CNI sector and cyber security
*the availability of skills and expertise to the relevant Government Departments and agencies, to regulators and, indeed, the private sector operators of CNI
*the extent to which the UK’s current approach to the cyber security of CNI draws on or otherwise represents international Best Practice