Should our successor Committee wish to examine the cyber security and resilience of the UK’s critical national infrastructure, we recommend it considers: • Following up how the Government is monitoring the emerging threats from nation states, state-sponsored actors, and criminal organisations on the UK’s critical national infrastructure. This should include the threat from pre- positioning; • considering how the Government is protecting and strengthening critical national infrastructure supply chains and interdependencies; • Scrutinising the Government’s ability to meet their targets for the UK’s CNI to be significantly hardened to cyber-attacks by 2025, with all government organisations across the whole public sector being resilient to known vulnerabilities and attack methods no later than 2030; • Exploring how emerging technologies, such as artificial intelligence and quantum computing, may bring both unprecedented opportunities and threats to cyber security and resilience; • Exploring whether there is a need for a general duty for cyber resilience and it would apply to critical national infrastructure; • Investigating Whether the payment of ransoms should be made illegal for critical national infrastructure; • Scrutinising the Government’s work around improving cyber literacy across all levels; • Scrutinising the commercial viability of secure by design technologies; and 74 Legacy – Parliament 2019–24 • Considering the need to update cyber security legislation such as the Network and Information Systems regulation and the Computer Misuse Act 1990. (Paragraph 74) Energy Recommendations for future work