asked Her Majesty's Government:
Which elements of the critical national infrastructure are protected by an air gap; and which are connected to the internet. [HL5203]
It is not in our national security interests to provide the specific information requested on elements of our critical national infrastructure. In general terms, it is the responsibility of the businesses and organisations that comprise the UK’s critical national infrastructure to identify and implement appropriate protective measures relating to information security, in proportion to the risks they face.
To help them to achieve this, protective security advice about the steps they can take to protect themselves against instances such as electronic attack is provided to the critical national infrastructure through the Government's Centre for the Protection of National Infrastructure (CPNI) and by CESG, the UK National Technical Authority for Information Assurance.