Source · Select Committees · Public Accounts Committee
Recommendation 8
8
Accepted
Nation states pose increasing risk of espionage and disruptive cyber attacks on essential services.
Conclusion
The Cabinet Office highlighted concerns about nation states’ intent to conduct espionage and disrupt essential services.8 It described a campaign of espionage by Russian military intelligence that involved stealing and leaking data, and defacing websites. The Cabinet Office considered disruptive cyber attacks to be an increasing risk. It gave the example of Volt Typhoon, a Chinese state–affiliated group, which had targeted US critical national infrastructure with the intention of disrupting essential services.9
Government Response Summary
The government agrees with the concern about nation-state cyber threats, noting it has committed to a more interventionist approach and moved responsibility for public sector cyber security to DSIT. DSIT will publish a Government Cyber Security Strategy Implementation Plan in Winter 2025 to drive resilience.
Government Response
Accepted
HM Government
Accepted
1.1 The government agrees with the Committee’s recommendation. Target implementation date: Autumn 2026 1.2 The government has committed in the Blueprint for Modern Digital Government to resetting the relationship with cyber and technology risk, and taking a stronger and more interventionist approach to drive transformation across government. This approach is needed to achieve a step change in resilience across government, arm’s–length bodies and the wider public sector. 1.3 The government has taken immediate action to address this and moved responsibility for government and public sector cyber security from the Cabinet Office to the Department for Science, Innovation and Technology (DSIT). This change will strengthen technology resilience and policymaking across the public sector, by better integrating cyber security responsibilities and expertise into the Government Digital Service. 1.4 In winter 2025, DSIT will publish a Government Cyber Security Strategy Implementation Plan (GCSS IP) which will set out the approach to driving cyber and technology resilience. DSIT will write to the Committee to update them on implementation in one year’s time.