Speeches by Chadwick.

“New clauses 8 and 9 would close a dangerous gap at the heart of the Government’s cyber-security strategy. Right now, the Bill creates a two-tier system. Private companies running critical national infrastructure face strict legal duties, enforcement and oversight, yet the very public institutions that hold our democrac…”

“I beg to move amendment 26, in clause 40, page 63, line 7, leave out “5” and insert “3”. This amendment would increase the frequency of the reports that must be published under Clause 40, from every five years to every three years.”

“Amendment 26, tabled by my hon. Friend the Member for Henley and Thame, seeks to ensure that the Bill keeps pace with the reality that it seeks to regulate. In the world of cyber-security, five years is a lifetime. In the past five years, the size and scale of cyber-attacks has continued to advance at pace, and we can …”

“Surely, we cannot pass a cyber-security and resilience Bill that ignores a crime that affects thousands of people. We know that cyber-security criminals across the world attack individuals to enable themselves to get into systems. Families are losing life savings, and small businesses are shutting down because of this …”

“I beg to move amendment 25, in clause 8, page 7, line 31, at the end insert— “(1A) In paragraph (1), after ‘risks’ insert ‘, including risks arising from fraud,’”. This amendment would explicitly include fraud as one of the risks to the security of network and information systems relevant digital service providers must…”

“Apologies for the preview.”

“Welsh Water’s chief executive has one of the highest paid jobs in Wales at almost £900,000 a year, and the company is hiking basic pay to get around the Government’s crackdown on executive bonuses, despite being a not-for-profit. That is even though Welsh Water presides over some of the worst sewage dumping and leaks i…”

“The hon. Member is quite right to say that American companies have captured most of the market that he is talking about, particularly the cloud providers. What does he think is stopping British cloud providers from getting a larger share of the market?”

“Currently, the law requires regulated persons to manage risks to the security of their systems. Amendment 28, tabled by the Liberal Democrats, explicitly inserts “risks arising from fraud” into that duty. It would make it clear that a system cannot be considered secure if it is easily exploited by scammers. Fraud shoul…”

“It is an honour to serve under your chairmanship, Mr Stringer. I commend the hon. Member for South Shropshire (Stuart Anderson) on securing this debate, and on his excellent speech. Last year, postal services became a source of real frustration, anxiety and, frankly, anger in Radnorshire. Across Brecon, Radnor and Cwm …”

“The hon. Lady is making an excellent speech, and we are all grateful for the opportunity to raise these cases. I have been contacted by a constituent who left the civil service in 1992 and, more than 30 years later, has still not received the pension that she is owed, despite providing proof of service from HMRC and ma…”

“Q I would like to continue the line of questioning on the importance of having a single regulator. Other countries, such as the Netherlands, have recently merged their cyber-security organisations. The Bill introduces expanded but sector-specific reporting requirements, to apply to regulators across different sectors. …”

“Q Do you know how you would do that information sharing at the moment? Ian Hulme: As we have already explained, the current regs do not allow us to share the information, which is a bit of a barrier for us. In the future, certainly, we will be working together to try to figure it out. I think that there is also a role …”

“Q We have heard concerns about definitions, particularly regarding incident reporting. What are your observations on the Bill as it stands, and those definitions? Richard Starnes: Throughout my career, I have been involved in cyber incidents from just about day one. One of the biggest problems that you run into in the …”

“Q Thank you for joining us. Reporting of several recent cyber-attacks has one thing in common: there were often insufficient security measures in place. British Airways in 2018 is just one example. Reportedly, the average tenure of a chief information security officer is 18 months. From your perspective, what do CISOs …”

“Q This feels like quite a big issue to be flagging up quite late in the day. In terms of the legislative process, do you think there has been a good enough consultation process between Government and business? Chris Parker: The consultation has been a best effort and I think it is a best effort as a function of three t…”

“Q What about workforce? One thing we have heard today from the regulators is that they are going to have to expand their teams. Reportedly, there are thousands of vacancies across cyber-security, and there is more regulation coming that they will have to comply with. What should the Government be doing to improve and e…”

“Q Got it. The other question is about board-level responsibility. Numerous witnesses said that they would like to see more on board-level responsibility and people working within organisations, particularly chief information security officers, to strengthen their hands and make sure cyber-security measures are in place…”

“Q I have two questions. Why have electoral services provided by local authorities not been considered as critical infrastructure? Kanishka Narayan: As I mentioned at the outset, the scope of the sectors is focused on a specific test: are they essential services, the disruption to which could cause an immediate threat t…”

“Q Thank you both for joining us. I have a very broad, open question: what other measures, both legislative and non-legislative, could the UK Government take to enhance the cyber-resilience of the UK’s critical national infrastructure? Chris Parker: That is an excellent question. The good news is that a lot is happening…”