Source · Select Committees · Public Accounts Committee
Recommendation 10
10
Accepted
Cyber threats and security constantly evolve; adversaries already leveraging AI to probe defences.
Conclusion
Both the cyber threat and government’s cyber security are continuing to evolve as technology develops.14 The Cabinet Office described this to us as a “technology race” that required government to adapt its approach constantly.15 We asked how government thought artificial intelligence (AI) would affect cyber security. The witnesses argued that AI was a huge opportunity, but that it needed to be introduced securely. The Cabinet Office’s assessment was that adversaries were already using AI to probe its cyber defences.16
Government Response Summary
The government agrees and states it has already moved cyber security responsibility to DSIT and will publish a Government Cyber Security Strategy Implementation Plan in Winter 2025 to outline its approach to driving cyber and technology resilience, with an update to the committee in one year.
Government Response
Accepted
HM Government
Accepted
1.1 The government agrees with the Committee’s recommendation. Target implementation date: Autumn 2026 1.2 The government has committed in the Blueprint for Modern Digital Government to resetting the relationship with cyber and technology risk, and taking a stronger and more interventionist approach to drive transformation across government. This approach is needed to achieve a step change in resilience across government, arm’s–length bodies and the wider public sector. 1.3 The government has taken immediate action to address this and moved responsibility for government and public sector cyber security from the Cabinet Office to the Department for Science, Innovation and Technology (DSIT). This change will strengthen technology resilience and policymaking across the public sector, by better integrating cyber security responsibilities and expertise into the Government Digital Service. 1.4 In winter 2025, DSIT will publish a Government Cyber Security Strategy Implementation Plan (GCSS IP) which will set out the approach to driving cyber and technology resilience. DSIT will write to the Committee to update them on implementation in one year’s time.