Speeches by Spencer.

“Q Your evidence is really helpful. To help with my understanding, if you look across all the suppliers in your service, are there any that you would not consider to be critical, such that if you clicked your fingers now and one of them disappeared, it would not have a material impact on your ability to maintain patient…”

“Q Presumably, all suppliers are in some way linked to your IT systems to some degree. I know the NHS sometimes uses faxes still, but we do not live in a world where things are done by paper and pen—it is all integrated into IT systems. Brian Miller: Sometimes, but sometimes not. I do not think we had any physical links…”

“Q Thank you for giving evidence to us. I want your help to get my head around what could fall under the Bill’s discretionary power on the designation of critical supply chain entities. Synnovis is used as the exemplar of why such a power is needed. From your perspective in the NHS, what do you think would come into sco…”

“Q Thank you, Richard, for giving evidence this afternoon. I have a couple of questions. First, in your view, was the regulatory enforcement regime under NIS1 effective, and does the Bill, as drafted, tackle those challenges? Secondly, could you explain how information sharing and analysis centres improve cyber-resilien…”

“Q Thanks for coming to give evidence this afternoon. I have two questions—one for each of you. Chris, from Fortinet’s perspective, what more do you think the Government can do to support SMEs to improve their cyber-resilience, while at the same time ensuring that the burden of regulation remains proportionate, particul…”

“Q What are the arguments against amending the CMA, and how would you deal with them? Professor John Child: There are obviously a number. It is always more comfortable when you have a beginning point of criminalisation. The argument to decriminalise in an environment where you want to protect against threats is sometime…”

“Q Thank you for coming to give evidence this afternoon. I have a couple of questions. First, how can industry and cyber-security researchers collaborate more effectively to increase cyber-resilience in the network and information systems of regulated sectors? Secondly, and building on that, are there any model schemes …”

“Q It was about China’s super-embassy in London. What cyber-security risks do you think that poses, given your experience and background? Chung Ching Kwong: There is not a lot of publicly available information on the sensitive cabling that is around the area, so I cannot confidently say what is really going to happen if…”

“Q Natalie, I am going single out Ofcom, which has a lot on its plate at the moment, particularly when it comes to the implementation of the Online Safety Act 2023 and all its other duties. Are you set up to administer your duties under the Bill? Are your resources siloed, given Ofcom’s competing considerations, particu…”

“Q From all three of your perspectives, are you quite clear about where your individual institutional responsibilities lie? Is there clear water between the organisations? When Ian Levy from Amazon gave evidence this morning, I was struck when he said that Amazon is regulated in the cyber-security space by four regulato…”

“Q The issues about complexity and how loosely the Bill is drafted have come up quite a few times, and you have given good evidence regarding your concerns. What cost to business do you anticipate if the Bill stays so loose, with so much left to secondary legislation? Jill Broom: There is probably a broader point around…”

“Q Thank you for coming to give evidence this afternoon. I have two questions. First, what more could the Government be doing to make regulated sectors aware of the risks you have just laid out and what they can do to address them? Secondly, it has been reported recently that communications of senior Government aides we…”

“Q Thank you for giving evidence this morning. The Bill would not have prevented recent attacks on high-profile parts of UK industry such as Co-op, Marks and Sparks, and Jaguar Land Rover. What more do you think can be done to mitigate the risk to jobs, supply chains and the UK economy from further large-scale cyber-att…”

“Q That sounds slightly like an argument for having a single regulator, as opposed to multiple sector regulators. I apologise if I am putting words into your mouth. Natalie Black: That is definitely not what I am saying. You can cut the cake in many different ways. From where I sit—from my experience to date—you need sp…”

“Q Notwithstanding other components to the criteria one may seek to use or will use, is there a danger that—although this is clearly not the intention in the drafting—through the back door, our entire economy ends up being in scope of this Bill? Carla Baker: I think that is part of the issue about not having clear crite…”

“Q38 Thank you for giving your time this afternoon. I have a couple of questions, which I will deal with in one go. The first is for Natalie. Ofcom’s role in cyber-security regulations will be expanded significantly under the Bill. What preparation has Ofcom undertaken to ensure it has sufficient capacity for effective …”

“Q Thank you, Jen and David, for coming to give evidence to us morning. Two questions. First, one to you, Jen. Lots of UK corporations have been the subject of recent major cyber-attacks, such as Jaguar Land Rover and M&S. Under the Bill as drafted, these remain outside the scope of the regulation. In your view, wha…”

“Q Thank you for coming to speak to us this morning. I have a different question for each of you, so I will rattle them off and ask you to go through them. Starting with Ben from Darktrace, how are developing and emerging technologies such as AI and post-quantum crypto changing the nature of cyber-security threats? Do y…”

“Q Do you think there is a potential need for guardrails? Kanishka Narayan: I think the guardrails in the Bill are very important, absolutely. The Bill provides that, where there is an impact on organisations or regulators, there is an appropriate requirement for both deep consultation and an affirmative motion of the H…”

“As always, Mrs Cummins, it is a pleasure to serve under your chairmanship. I rise to speak to new clause 2, which stands in my name and is supported by many other Conservative Members. I declare again that I am now a non-practising doctor and my wife is a doctor. I believe that ambition should be encouraged, and succes…”