The cross-bench Science and Technology Committee (SITC) has launched an inquiry into the cyber resilience of the UK's critical national infrastructure sector (UK CNI).

UK CNI constitutes critical elements of infrastructure of which the loss or compromise could result in major detrimental impact on essential public services, national security, defence, or the functioning of the state. Examples of sectors within UK CNI include Food, Energy, Transport or Health.

As it stands, the inquiry identifies the UK as the third most targeted country worldwide for cyber-attacks, after the US and Ukraine. It emphasises that the UK’s CNI relies heavily on digital infrastructure; accordingly, it must be resilient to cyber-attack.

This inquiry follows the publication of the UK Government’s National Cyber Strategy 2022 and the Government Cyber Security Strategy 2022-2030, which also highlighted the cyber threat to UK CNI as an area of particular concern.

STIC has published a call for evidence from key stakeholders, which will close on 10 November 2023. It welcomes submissions on:

The types and sources of cyber threats to UK CNI, including communications, government, energy and finance.

The strengths and weaknesses of the UK Cyber Strategies in relation to UK CNI.

The effectiveness of the strategic lead provided by the National Security Council, government departments and agencies, and the National Cyber Security Centre, and the coherence of cross-government activity.

The effectiveness of the government's relationships with private-sector operators and regulators in protecting UK CNI from cyber-attacks.

Additionally, the inquiry will consider what interventions might be required to ensure that the Government’s cyber resilience targets are achieved by 2025. It will also explore the support that the sector needs to make computer hardware architecture more secure by design to protect CNI.

If you have any questions or would otherwise like to discuss any issue raised in this article, please contact David Varney or a member of Burges Salmon's cybersecurity team.

This article was written by Victoria McCarron