Parliament's Science and Technology Committee has launched an inquiry examining the cyber resilience of the UK’s energy, telecommunications and other critical national infrastructure (CNI).
The committee will look into efforts to make the computer systems underpinning CNI – which it defines as “infrastructure whose disruption would have significant national impact” – more secure.
The MPs will consider whether the UK’s CNI is on track to meet recently announced resilience targets by 2025, and examine the adequacy of the government's approach to supply chain access, trusted partners, and cyber resilience and readiness standards and regulations.
It will also look at the strengths and weaknesses of the government’s National Cyber Strategy 2022 and Government Cyber Security Strategy 2022-30 in relation to CNI for the digital economy; whether the National Security Council, government departments and agencies and the National Cyber Security Centre are providing effective strategic leadership, and whether cross-government activity on CNI is coherent; and the role of “secure by design” and emerging technologies in the cyber resilience of CNI.
Digital infrastructure was highlighted in the 2023 Integrated Review refresh as vital to UK national security, the committee said in its announcement of the inquiry.
The UK is the third most cyberattack-targeted country globally, after the US and Ukraine, the committee said.
It is also essential for supporting economic growth and transforming public service delivery, they said, as well as being a cornerstone of the development of critical and emerging technologies as set out in the Department for Science, Innovation and Technology’s Science and Technology Framework, published earlier this year.
“Much of the UK’s CNI is underpinned by this digital infrastructure, which must be resilient to cyberattack if it is to fulfil such fundamental roles in the UK economy,” the committee said.
The inquiry will also consider how effectively the government works with private-sector operators and regulators in protecting and preparing CNI organisations from cyber-attacks.
Much of the UK's CNI is largely private-sector owned, and there have been growing concerns about competing priorities between the government and private companies regarding cyber resilience strategies and the speed at which a service is restored after a detected cyber attack.
The 2017 WannaCry ransomware attack – the most well-known, complex cyber-attack that targeted CNI – heavily disrupted NHS medical services and stayed undetected for more than a year. In August this year, the Electoral Commission revealed that hackers had acquired the information of tens of millions of British voters.
There is limited information available publicly on the extent of cyberattacks against the UK, as ministers in the past have declined to provide data on the number of cyberattacks attacking government or malware infections that have impacted departments during the last year.
Cabinet Office minister Baroness Lucy Neville-Rolfe recently declined to provide information on the amount of “individual devices issued by government departments” that have been “identified as containing malware” and the number of successful and unsuccessful cyberattacks identified in each department in the past year.
Government departments provide some data on security incidents in their yearly reports, which offer comparative information on the number, type, and consequences of data breaches that occurred in the previous year.
The committee is seeking submissions from experts on sources of cyber threats to the CNI that is most essential to the function of the UK digital economy, including communications, energy, government, and finance infrastructure.
MPs encourage concise submissions of up to 3,000 words with an included short summary of the candidate and their organisation with a reason for submitting evidence. The committee also said they want to hear a wide variety of views, and welcome submissions from anyone with answers to the questions in the call for evidence.
Evidence submissions are open until Friday 10 November 2023.