Written questions by Reed.

Whether his Department will require a cyber incident database with compulsory fixes to be created for attacks on the energy system.

The Department for Energy Security and Net Zero takes the security and resilience of UK energy infrastructure extremely seriously, including the cyber security of critical infrastructure. Maintaining a secure and reliable energy supply is a key priority. The Network and Information Systems (NIS) Regulations, impose strict incident-reporting obligations on critical energy operators. The Government has recently introduced the Cyber Security and Resilience (Network and Information Systems) Bill. The Bill proposes expanding incident-reporting requirements, broadening the scope of reportable events, and enhancing the powers of regulators to oversee compliance and require remedial actions where necessary.

What assessment his Department has made on the potential security impacts of cyber attacks on the energy system.

The Department takes the security and resilience of UK energy infrastructure extremely seriously, including the cyber security of critical infrastructure. Maintaining a secure and reliable energy supply is a key priority. The Department works closely with partners, including industry, to assess potential risks from cyber threats and their possible impacts on the availability and integrity of energy systems. These risks are reflected in the National Risk Register, which includes three cyber-related risks owned by the Department. In partnership with the National Cyber Security Centre, the Department ensures threats are understood and appropriate mitigations implemented to maintain robust protections and resilience.