This memorandum responds to the Committee's further questions on cyber security:

Q.   What is the contribution of MoD to national resilience against cyber attack? What work is currently taking place?

  1.  The MoD is responsible for the protection, resilience and continuity of its own businesses and information networks. This includes military systems, such the UK's air defence systems, which maintain the UK's territorial integrity.

  2.  The MoD provides technical advice and expertise to the civilian agencies responsible for the UK's national information infrastructure. It is closely involved in the cross-Departmental project led by the Cabinet Office to consider the UK's overall approach to cyber security and develop a National Cyber Security Strategy.

  3.  As in the case of more traditional forms of attack, the Government would be able to draw on a range of instruments of national power in responding to a cyber attack. Along with technical, legal, political, economic and other instruments, the threat or use of military force is also of course an option in cases of very serious attack.

Q.   What sections or bodies within the MoD have responsibility for cyber security?

  4.  Cyber security is an essential part of almost every MoD activity, and an important responsibility for both individual users and operational commanders.

  5.  Overall cyber security policy and operations are jointly the responsibility of the Assistant Chief of Defence Staff (Operations) (ACDS(Ops)), the MoD's Chief Information Officer (CIO) and Director Business Resilience (DBR). ACDS(Ops) and CIO together oversee the development and implementation of cyber security policy. CIO and DBR together manage the Information Assurance (IA) framework, which provides for the security of the MoD's information against a range of threats including cyber attack. The Chief of Defence Materiel (CDM) has responsibility for operating many of MoD's networks and hence for maintaining the standards of MoD defences and taking immediate action in the event of an incident.

  6.  The MoD's equipment capability, Defence Intelligence (DIS), and Scientific and Technical (S&T) staffs provide important support.

  7.  This division of responsibilities reflects the way that cyber security is a complex and cross-cutting issue, affecting a range of different MoD policy areas and activities. In order to provide coherence, Director General Strategy coordinates cyber security policy work across the Department as required.

Q.   Will the Government be publishing a cross-governmental policy on cyber security? If so, when?

  8.  A National Cyber Security Strategy will be published following further consultation with Ministers. As noted in paragraph 3 above, this project is led by the Cabinet Office.

19 May 2009