Lord Harris of Haringey
Main Page: Lord Harris of Haringey (Labour - Life peer)Department Debates - View all Lord Harris of Haringey's debates with the Cabinet Office
Amazon Web Services
Lord Harris of Haringey Excerpts(1 day, 20 hours ago)
Lords ChamberRead Full debate Read Hansard Text Watch Debate Read Debate Ministerial Extracts
Lord Harris of Haringey
To ask His Majesty’s Government what assessment they have made of the outage affecting Amazon Web Services.
Lord Harris of Haringey (Lab)
My Lords, I beg leave to ask a Question of which I have given private notice, and in so doing I refer to my interest in the register as chair of the National Preparedness Commission.
Lord in Waiting/Government Whip (Lord Leong) (Lab)
My Lords, the Department for Science, Innovation and Technology is leading the Government’s response to the Amazon Web Services outage that took place yesterday. DSIT continues to work across government and with businesses to understand the full impacts of the outage. All AWS services were restored yesterday evening, and DSIT is in contact with AWS to understand how such events can be mitigated in future.
Lord Harris of Haringey (Lab)
My Lords, I am grateful to my noble friend for that response. I notice that he did not say whether the outage was precipitated by hostile state activity. Given the impact on UK critical services, including those run by the Government, should we have more variety in cloud producers and more sovereign capability? What additional guidance are the Government intending to give to enable the public and private sectors, as well as individuals, to prepare for such disruptions in future?
Lord Leong (Lab)
My Lords, I thank my noble friend for those questions. There is no evidence that this was caused by any malicious activity, and we have to be very careful that we do not speculate otherwise. AWS has publicly stated that the outage was initially caused by an issue with its configuration of the domain name system, or DNS, and some wider related complications. Departments independently determine which suppliers to use based on their use cases. Some cloud providers are strategic suppliers, but departments make decisions on adoption based on not only reliance but cost, capability and their staff’s expertise. We are working to diversify the UK’s cloud ecosystem and encourage greater participation by UK-based and European providers, as well as promoting innovation through our digital infrastructure and cybersecurity programmes. At the same time, the NCSC offers advice and guidance on how businesses and organisations can make themselves more cyber resilient, and this advice is also broadly applicable to digital resilience issues.
As I mentioned in Oral Questions last week, businesses should also take it upon themselves to ensure that they have sufficient cyber resilience systems in place by ensuring that their software and hardware are up to date and, if they can, seeking certification so that their systems are Cyber Essentials certified. Businesses should also be encouraged to have a business continuity plan so that, if anything happens, they have a plan in place.
Lord Leong (Lab)
I thank the noble Baroness for that. As for a debate, I leave it to Members of the House to table it accordingly. I would welcome a debate to look at this in further detail. As far as the Bill is concerned, we have been working on it for some time, as most noble Lords know. The Bill itself will ensure that the UK economy and information systems relied on by most important digital services and suppliers are better protected. As a result, businesses and public services that rely on them will also benefit. The Bill will include powers for the Secretary of State to update the security requirements that companies in scope of the regime must have in place to protect their systems from any further disruption, whether because of a cyberattack or for other reasons, even simple things such as human error, system outage or physical damage.
Lord Harris of Haringey (Lab)
My Lords, if it is not hostile activity, is that not possibly slightly more concerning in that we are putting our faith in these very large companies and the amount that they can invest because they are secure and less likely to fall over? The noble Lord has just talked about the cybersecurity and resilience Bill. Can he tell us when it will come forward? Will its provisions apply more generally—broader than the critical national infrastructure—to all the key suppliers, some of which will not be at the level of critical national infrastructure, and require that they invest more in their resilience and their cyber capacity?
Lord Leong (Lab)
I refer my noble friend to what I said in last week’s Oral Question. I hope the Bill will be published very soon, before the end of the year. At this stage I cannot go into too much detail as to what is in the Bill, but I hope to soon be able to share the Bill itself with noble Lords.