Legal Aid Agency: Cyber-security Incident Debate
Full Debate: Read Full DebateDepartment: Ministry of Justice
Lauren Edwards
Main Page: Lauren Edwards (Labour - Rochester and Strood)Department Debates - View all Lauren Edwards's debates with the Ministry of Justice
Legal Aid Agency: Cyber-security Incident
Lauren Edwards Excerpts(1 day, 22 hours ago)
Commons ChamberRead Full debate Read Hansard Text Watch Debate Read Debate Ministerial Extracts
Sarah Sackman
The hon. Gentleman is absolutely right that incidents such as this perpetrated by cyber-criminals represent an attack on our justice system and are corrosive of trust. He is also absolutely right that, in so doing, they are hitting some of the most vulnerable in our society. That angers me, frankly, and the response needs to be commensurate to the damage that they have done not just in stealing people’s private data, but to the wider system in undermining trust.
We are taking a proactive approach to communicating with people and with the sector. As soon as the risk and the exposure of the system to these hackers was identified, legal aid providers were updated on their exposure and told to take proactive security steps. That communication has been updated, and, as well as today’s public statement, we are in constant communication with those legal aid providers. They are really the most important point of contact, because they have a relationship of trust with their clients, and they will be invited to pass on the warnings and messages coming from the Government. Where we know of particular individuals whose data may have been exposed and who may be particularly vulnerable, we are communicating directly with them. I will take away the hon. Gentleman’s suggestion of an advice line, but for now what I have described will be the most important and effective way of disseminating the warnings and keeping people up to date as the situation evolves.
Turning to the wider security threat to Government and other vulnerabilities, before this attack we had indicated in any event that we would have a new national cyber strategy across Government by the end of the year. Obviously, we also intend to introduce the cyber-security and resilience Bill, which aims to improve and strengthen Government cyber-defences and Government responses to attacks just like this one. All of that is going to be important to improving the resilience not just of the Legal Aid Agency but of cyber-systems right across Government.
Lauren Edwards (Rochester and Strood) (Lab)
A recent Public Accounts Committee inquiry found that the Government still have substantial gaps in their understanding of how resilient their IT estate is to cyber-attack. It was really helpful to hear from the Minister about the work that is ongoing, but in the light of this very serious incident, will she and all Departments urgently assess the robustness of cyber-defences, not only in arm’s length bodies such as the Legal Aid Agency but in legacy IT systems and the supply chain—which the Committee found to be known areas of weakness—to ensure that our cyber-defences in Whitehall are as strong as possible?
Sarah Sackman
My hon. Friend is absolutely right. Whether in Government, local authorities or other bodies such as universities and businesses big and small—as we know, some of the most famous businesses in this country have recently been exposed to these sorts of risks—and whether the cyber-attacks come from state actors or from organised crime, as appears to be the case in this instance, legacy IT systems are one of the most serious vulnerabilities. That is precisely what today’s incident highlights, and it is why that national cyber strategy is going to be so important. It will identify how we build up our resilience at pace and protect against these vulnerabilities, which are system-wide and affect public and private actors alike.