Jaguar Land Rover Cyber-attack Debate
Full Debate: Read Full DebateDepartment: Department for Business and Trade
Harriett Baldwin
Main Page: Harriett Baldwin (Conservative - West Worcestershire)Department Debates - View all Harriett Baldwin's debates with the Department for Business and Trade
Jaguar Land Rover Cyber-attack
Harriett Baldwin Excerpts(1 day, 20 hours ago)
Commons ChamberRead Full debate Read Hansard Text Watch Debate Read Debate Ministerial Extracts
Urgent Questions are proposed each morning by backbench MPs, and up to two may be selected each day by the Speaker. Chosen Urgent Questions are announced 30 minutes before Parliament sits each day.
Each Urgent Question requires a Government Minister to give a response on the debate topic.
This information is provided by Parallel Parliament and does not comprise part of the offical record
Dame Harriett Baldwin (West Worcestershire) (Con)
I congratulate the hon. Member for Widnes and Halewood (Derek Twigg) on securing this important urgent question. I welcome the Minister to his new role, although I will never be able to rival his literary quotations.
This attack on Jaguar Land Rover is extremely concerning. The impact on that world-leading business, and on its suppliers and workers, has been significant. I hope that the whole House agrees that we must use the full force of the state to crack down on cyber-criminals. I appreciate that the Minister is constrained in what he can say, but when were the Government and the National Cyber Security Centre informed of the attack? What kind of support are the Government and law enforcement agencies able to offer Jaguar Land Rover? How much longer do the Government expect the disruption, which is impacting on the supply of vehicles, to continue?
The attack is just another in a series against British brands and iconic institutions—the Minister says that 40% of our businesses have been affected—including the attack earlier this year on Marks & Spencer. Will he elaborate on what the Government are doing to prevent future attacks? Has he identified who is responsible for the attack? Can he rule out its being a state-sponsored attack? If the group responsible for the attacks on Jaguar Land Rover and Marks & Spencer are linked, what progress have law enforcement agencies made in pursuing them?
Chris Bryant
I am not sure whether the shadow Minister is in a new role—
Chris Bryant
She is not; I will not welcome her to her new role, then—I welcome her to the Dispatch Box none the less. She asked a series of questions, and I will try to answer those that I can as precisely as possible.
First, the shadow Minister asked when the NCSC was notified and engaged. It has been engaged since last Wednesday. We have an undertaking that when people get in touch with the NCSC, the response will be very immediate.
The shadow Minister asked what engagement there is from the Government. The primary engagement is through the NCSC, which is fully engaged and devoted to the work. It is also in the public domain that the Information Commissioner’s Office was notified. I should clarify that that was not because JLR was certain that there had been a data breach, but it wanted to ensure that it had dotted every i and crossed every t, which is why it notified the Information Commissioner’s Office.
The shadow Minister asked about a timeline for getting this resolved. I wish that I could provide one, but I cannot. I think she will understand why: this is a very live situation that has been ongoing for a week. I note the points that JLR has been making. As I say, there will be an invitation for all local MPs—my hon. Friend the Member for Widnes and Halewood (Derek Twigg) should already have had one—for a Q&A session on Friday morning, when JLR hopes that it will be able to provide more information.
The shadow Minister asked what else we are doing. This summer, the Home Office undertook a consultation on our policy on ransomware. I am not saying that that relates specifically to this case—we do not know that yet and I am not coming to any foregone conclusions—but that is one of the things that we must address, and it was heartening to see resolute support from the vast majority of companies in the UK for our ransomware policy. Maybe we will come to that later.
The hon. Lady asked whether I can say who is responsible. I am afraid that I cannot. I note what is in the public domain, but I have no idea whether that is accurate and I do not want to impede the investigation. She asked whether the attack was state sponsored. Again, I do not want to jump to conclusions, and I can neither confirm nor deny anything. She also asked whether the case is linked with that of M&S. Again, I cannot answer that as fulsomely as I would wish, simply because I do not know, and I do not think anybody has come to any secure decisions on that. In one sense, all cyber-attacks are linked, in that it is the same problem, which is relatively new. The previous Government were seeking to tackle it, and we are seeking to tackle it in broadly the same way. Some of the techniques used are remarkably old-fashioned, such as ringing up helplines, which are designed to be helpful. That is exactly the same as when News of the World was ringing up mobile companies and trying to get PINs to hack other people’s phones. This is an old technique. The new bit is that sometimes people use AI-generated voices, which are remarkably accurate and can lead to further problems. I am not saying that that is what happened in this case, but some of the patterns are across the whole sector.