CPNI in context
CPNI's protective security advice is aimed at reducing the vulnerability of the critical national infrastructure to national security threats such as terrorism and espionage. The context in which these threats are addressed at national level is outlined below. Advice covers physical, personnel and information security, and includes cyber security.
National Security Strategy
The UK Government's National Security Strategy sets out the strategic choices on ensuring the UK's security and resilience.
Acts of terrorism and hostile attacks in UK cyber space are two of the highest priority risk types identified in the strategy that need to be addressed.
Strategic Defence and Security Review
The Strategic Defence and Security Review sets out how the objectives of the National Security Strategy are to be pursued. These include:
- ensuring that our key counter-terrorist capabilities are maintained and in some areas enhanced, while still delivering efficiency gains,
- developing a transformative programme for cyber security, which addresses threats from states, criminals and terrorists, and seizes the opportunities which cyber space provides for our future prosperity and for advancing our security interests.
Counter terrorism strategy
The UK Government's counter terrorism strategy (known as CONTEST) aims to reduce the risk from international terrorism so that people can go about their business freely and with confidence. Developing and delivering CONTEST involves stakeholders from across government departments, the emergency services, voluntary organisations, the business sector and partners from across the world. The strategy is divided into four principal strands: Prevent, Pursue, Protect and Prepare. CPNI's work falls within the Protect strand.
The Protect strand is concerned with reducing the vulnerability of the UK and UK interests overseas to a terrorist attack. This covers a range of issues including:
- protecting key utilities by working with the private sector
- strengthening border security, so that terrorists and those who inspire them can be prevented from travelling here and we can get better intelligence about suspects who travel, including improving our identity management
- reducing the risk and impact of attacks on the transport system through security and technological advances
- protecting people going about their daily lives in crowded places
Cyber Security Strategy
The UK's first national Cyber Security Strategy was published in 2009 Among other things it announced the establishment of an Office of Cyber Security (now called the Office of Cyber Security and Information Assurace) and a Cyber Security Operations Centre (CSOC). CPNI works closely with both these bodies on cyber security issues.
National Risk Register
The most significant emergencies that the United Kingdom and its citizens could face over the next five years are monitored by Government through the National Risk Assessment (NRA). This is a confidential assessment that is conducted annually, drawing on expertise from a wide range of departments and agencies of government. The National Risk Register (NRR) is the public version and the 2010 edition reflects the latest iteration of the National Risk Assessment.
The NRA and NRR capture events which could result in significant harm to human welfare: casualties, damage to property, essential services and disruption to everyday life. The risks cover three broad categories: natural events, major accidents and malicious attacks.
Resilience of infrastructure from natural hazards
The Civil Contingencies Secretariat within the Cabinet Office has developed a cross-sector Critical Infrastructure Resilience Programme (CIRP), with the aim of improving the resilience of critical infrastructure and essential services to severe disruption from natural hazards. The process, timetable and expectations for the programme are detailed in its Strategic Framework and Policy statement.