Page:ISC-China.pdf/187

Rh

So I think what they can do is buy you a bit of assurance over a period of time, for example with Hinkley it could have been that ministers chose to take a special share to see them through the construction phase until the Enterprise Act could have been activated, if necessary, on national security grounds.

As it was, I think EDF offered a letter of assurance around ownership up until the point of construction, which meant Ministers were not minded to pursue the special share but could have done, but I think you are right to say they are limited in what they can find. }}

Advice to support the protection of the UK's CNI falls to the NCSC, which provides advice and assessments on cyber security, and CPNI, which is the UK's national technical authority for personnel and physical security advice. Around a third of CPNI's work is directed towards countering HSA, with a focus on work which is sector-specific and actor-agnostic.

HMG considers that it is impractical and disproportionate to try to detect and disrupt all HSA threats to the UK's CNI. There is therefore a focus on countering threats before they materialise through "hardening" HMG and UK Industry (i.e. making UK CNI a hard target) by providing thorough protective security advice for them to follow. CPNI and NCSC expend considerable effort on a proactive approach to briefing and engagement with Industry, as described in the earlier Industry Case Study.

Representatives from the UK's Civil Nuclear and Energy sectors have access to dedicated CPNI and NCSC advisers who provide them with guidance and information on how to reduce the threat: CPNI have *** dedicated advisers for Civil Nuclear and Energy ***; NCSC have *** dedicated advisers for Civil Nuclear and *** for Energy. CPNI and NCSC also host regular information exchanges, ***, at which industry representatives can receive HSA threat briefings and mitigation advice.

We were told that this element of the UK Intelligence Community's advisory work was in support of BEIS, as the lead Government department—and therefore the key decision-maker—for policy on the Civil Nuclear and Energy sectors.

CPNI and NCSC have provided specific advice to the Civil Nuclear sector on insider threats—including the need for robust screening and vetting controls, promoting workforce security awareness and an effective security culture, and ensuring appropriate controls of access to sensitive assets. Given the long lifespan of nuclear reactors, NCSC is conscious that the range of threats may change during that time, and explained: