Source · Select Committees · National Security Strategy (Joint Committee)
Recommendation 8
8
Not Addressed
The Government’s resilience concept focuses too much on ‘having lots of cables’.
Conclusion
The Government’s resilience concept focuses too much on ‘having lots of cables’. This pays insufficient attention to the network’s actual capacity to absorb shocks and does not account for onshore vulnerabilities and long-term trends towards a more brittle system. There is also limited understanding of much damage the system can sustain before data stops rerouting properly, triggering temporary systemic connectivity failure. This does not appear to feature as a serious consideration in the Government’s contingency planning. (Conclusion, Paragraph 62)
Government Response Summary
The government's response addresses emergency services' business continuity plans and their reliance on foreign internet servers, which does not engage with the committee's conclusion about the government's overall resilience concept regarding network capacity, shocks, and onshore vulnerabilities.
Government Response
Not Addressed
HM Government
Not Addressed
The Government agrees with the Committee’s recommendation that emergency services should ensure their business continuity plans explicitly identify any critical reliance on foreign internet servers and account for temporary internet disruption in the event of a security crisis. Departments and agencies have reviewed, or are in the process of reviewing and strengthening, their planning frameworks to reflect this, ensuring that operational resilience is maintained across all emergency services. The majority of NHS digital infrastructure—clinical systems, patient records, and operational platforms—is hosted within the United Kingdom, significantly reducing exposure to foreign internet server risks. Where services rely on international vendors or cloud platforms, these providers typically operate with geographically distributed data centres and robust failover mechanisms. NHS organisations are expected to identify and manage these dependencies within their business continuity plans. While a major subsea cable disruption could have some impact, the impact is likely to be manageable. UK police forces maintain business continuity plans that include assessments of digital infrastructure dependencies, and any reliance on foreign-hosted services. These plans are structured to ensure operational resilience across a wide range of scenarios, including internet disruption. In the event of a major incident, Strategic Co-ordination Groups (SCGs) are stood up under well-tested local resilience frameworks, typically chaired by senior police commanders. These structures are equipped to respond to internet outages and maintain critical policing functions. Critical data and communications infrastructure for the UK’s Fire and Rescue Service (FRS) is hosted within the UK. There is no dependency on foreign internet servers or subsea cables for essential communications or operational response, and the FRS have well-tested business continuity plans that include fallback procedures in the event of internet disruption. HM Coastguard regularly tests its critical systems to ensure they are resilient and ready to operate in the event of a security crisis or internet disruption. It has procedures in place to assess the security of suppliers during procurement and is introducing new tools to strengthen this process across the organisation. HM Coastguard is currently reviewing its key systems and infrastructure to better understand any reliance on foreign internet servers. This work is helping to improve business continuity planning and reduce vulnerability to internet outages.