Speeches by Spencer.

“Q What conversations have you had with the Secretary of State regarding guardrails on the extensive powers in this Bill that were referred to earlier? Kanishka Narayan: I have spoken to the Secretary of State about the Bill, including the reserve powers, and we have agreed that the policy objective is very clear. I do …”

“Q Do you not think that, as the Minister taking this through the Commons, you should have also had some of those meetings and consultations? Kanishka Narayan: I have had some meetings but, as the Minister in charge of this Bill, she has been very engaged with businesses, so I think that is fitting. We have obviously wo…”

“Q I assume that you are referring to the previous Minister, who you took over from? Kanishka Narayan: I am referring to the Minister for Digital Economy, who is in the other place.”

“Q Thank you, Minister, for giving evidence this afternoon. I have a couple of questions. The first is about the definitions in the Bill, whether of MSPs or otherwise. All day long we have heard from representatives of different sectors of the industry, and pretty much everyone has talked about the importance of consult…”

“Q I would also like to ask some questions on this definition of critical supplier. I know you will have heard the questions I had for the other panel. Is there a danger, in the way this Bill is approaching definitions of critical suppliers, that a supplier may end up being deemed critical solely by virtue of supplying …”

“Q Thank you, Minister, but I am not sure that you answered my question. What engagement have you had in terms of consulting with industry in setting those definitions? Kanishka Narayan: I have met a number of companies, but the relevant Minister has also had extensive engagement with both companies and regulators, incl…”

“Q Does that also exist for local government? Does adult social care and so on have that integration too? Stewart Whyte: Yes, there is integration between ourselves and the local authorities.”

“Q Do you have integration with your local primary care IT systems? For example, GPs have the old EMIS system and so on; is that integrated into your network? From your perspective, would that be a critical supplier that would need to be regulated? Stewart Whyte: Yes. There is a lot of information sharing between acute …”

“Q Your evidence is really helpful. To help with my understanding, if you look across all the suppliers in your service, are there any that you would not consider to be critical, such that if you clicked your fingers now and one of them disappeared, it would not have a material impact on your ability to maintain patient…”

“Q Presumably, all suppliers are in some way linked to your IT systems to some degree. I know the NHS sometimes uses faxes still, but we do not live in a world where things are done by paper and pen—it is all integrated into IT systems. Brian Miller: Sometimes, but sometimes not. I do not think we had any physical links…”

“Q What are the arguments against amending the CMA, and how would you deal with them? Professor John Child: There are obviously a number. It is always more comfortable when you have a beginning point of criminalisation. The argument to decriminalise in an environment where you want to protect against threats is sometime…”

“Q Thank you for giving evidence to us. I want your help to get my head around what could fall under the Bill’s discretionary power on the designation of critical supply chain entities. Synnovis is used as the exemplar of why such a power is needed. From your perspective in the NHS, what do you think would come into sco…”

“Q Thank you, Richard, for giving evidence this afternoon. I have a couple of questions. First, in your view, was the regulatory enforcement regime under NIS1 effective, and does the Bill, as drafted, tackle those challenges? Secondly, could you explain how information sharing and analysis centres improve cyber-resilien…”

“Q Thank you for coming to give evidence this afternoon. I have a couple of questions. First, how can industry and cyber-security researchers collaborate more effectively to increase cyber-resilience in the network and information systems of regulated sectors? Secondly, and building on that, are there any model schemes …”

“Q Thank you for coming to give evidence this afternoon. I have two questions. First, what more could the Government be doing to make regulated sectors aware of the risks you have just laid out and what they can do to address them? Secondly, it has been reported recently that communications of senior Government aides we…”

“Q Thanks for coming to give evidence this afternoon. I have two questions—one for each of you. Chris, from Fortinet’s perspective, what more do you think the Government can do to support SMEs to improve their cyber-resilience, while at the same time ensuring that the burden of regulation remains proportionate, particul…”

“Q Notwithstanding other components to the criteria one may seek to use or will use, is there a danger that—although this is clearly not the intention in the drafting—through the back door, our entire economy ends up being in scope of this Bill? Carla Baker: I think that is part of the issue about not having clear crite…”

“Q It was about China’s super-embassy in London. What cyber-security risks do you think that poses, given your experience and background? Chung Ching Kwong: There is not a lot of publicly available information on the sensitive cabling that is around the area, so I cannot confidently say what is really going to happen if…”

“Q From all three of your perspectives, are you quite clear about where your individual institutional responsibilities lie? Is there clear water between the organisations? When Ian Levy from Amazon gave evidence this morning, I was struck when he said that Amazon is regulated in the cyber-security space by four regulato…”

“Q Thank you, Jen and David, for coming to give evidence to us morning. Two questions. First, one to you, Jen. Lots of UK corporations have been the subject of recent major cyber-attacks, such as Jaguar Land Rover and M&S. Under the Bill as drafted, these remain outside the scope of the regulation. In your view, wha…”