Lord Rosser

- Hansard -

Copy Link

-

My Lords, I am the final warm-up act before the much referred to and much awaited speech by the Minister. I wish to add my thanks to those already expressed to the noble Lord, Lord Jopling, for the work that he and his sub-committee have undertaken in producing such an informative report into a subject of ever increasing importance and concern. Those concerns have been reflected by every Member of your Lordships' House who has spoken with authority in this debate. I also congratulate my noble friends Lord Reid of Cardowan and Lord Browne of Ladyton on their, as anticipated, impressive and thought-provoking speeches, which gave us the benefit of their considerable and real expertise and knowledge in this field.

The noble Lord, Lord Jopling, in his helpful and informative opening speech, drew attention to the key findings in the report, including the issue of the part that the European Union can usefully play in protecting Europe against large-scale cyberattacks. It was certainly of some comfort to read that the committee did not feel that this was an area where our Government, in relation to our own country, were being complacent. As the noble Lord, Lord Hannay of Chiswick, said, the witnesses from whom the committee took both oral and written evidence generally thought that the United Kingdom had sophisticated defences compared to most other states.

To quote from the report, the European Network and Information Security Agency, referring to mechanisms for dealing with internet incidents, had stated that,

“the UK, along with a limited number of other Member States, is considered a leader in this area with developed practices that set benchmarks for others to adopt”.

Continued vigilance and development will be necessary to ensure that that continues to remain the case.

There has, of course, been a change of Government since the report was concluded. While we have read their written response, I hope that we will hear more from the Minister when she responds about the views of the new Government on the report and the serious issues it raises, and the extent to which the Government do or do not agree with the stance adopted by the previous Administration in their evidence to the sub-committee. In their reply of 6 July 2010 to the report, the Government state:

“While we are in agreement that cyber security is a significant and increasing facet of national security, the present Government is in the process of reviewing whether there are things we can do better or differently to achieve the same national security goal; that this is likely to extend to the European Union”.

It would be helpful if the Minister could explain what that statement means in practical terms. When did the review start? Who is undertaking the review? When will the review be complete? Will its findings be made public? What “things”—that is the word that the Government use—are being looked at to see if they can be done better or differently to achieve what is referred to as the “same national security goal”? Finally on that paragraph, what exactly is it that is,

“likely to extend to the European Union”?

A number of UK organisations and bodies with independent expertise are referred to in the report and in the Government’s response. Will the Minister confirm that these bodies will survive the forthcoming cull?

In their response, the Government say that they will remain actively involved in the discussions under way at the European level on the role for the European Union and that they support the committee’s recommendation that this should be focused on the promotion of best practice and on reducing the gap between the most advanced and the less advanced member states. As has been said on more than one occasion today, cyber does not recognise national or European Union boundaries but is also a global threat. We need our international partnerships and alliances, since we have common interests with other responsible nations in sharing information on threats and vulnerabilities.

The Government recognise that the prevention of cyberattacks has an important international dimension. They state:

“In developing a new cyber security strategy, the Government is putting significant resource into having a strong and proactive role in this”.

What are the objectives of this new cybersecurity strategy that it is felt may not currently be being addressed or need updating? Is it part of the “process of reviewing” referred to in the third paragraph of the Government’s response, to which I referred earlier?

The importance of this debate and the importance and relevance of the committee’s report has been further enhanced in the light of the speech the other day, to which the noble Lord, Lord Jopling, referred, by the director of GCHQ on cybersecurity. He said, as did the committee in its report, that this was not solely a national security or defence issue but went to the heart of our economic well-being and national interest. The committee’s report, as the noble Lord, Lord Jopling, highlighted, gives examples of cyberattacks that have occurred which seek to strike at the heart of a country’s ability to function. The GCHQ director added further weight to this point in relation to our own country when he said that the threat of cyberattacks to disrupt seriously critical national infrastructure,

“is a real and credible one”.

He also said that:

“There are over 20,000 malicious emails on Government networks each month, 1,000 of which are deliberately targeting them ... that we have seen the use of cyber techniques by one nation on another to bring diplomatic or economic pressure to bear ... we have seen the theft of intellectual property on a massive scale, some of it not just sensitive to the commercial enterprises in question but of national security concern too ... and that the risks in all these areas are growing along with the enormous growth of the Internet. At the moment it’s expanding by about 60% a year”.

This includes growth stimulated by the Government as they seek to get services online, not least in response to an increasing public expectation that services will be available in this way. The expectation is that within the next few years, online tax and benefit payment systems could be processing over £100 billion-worth of payments at a time when the increasing cost of e-crime to the economy runs into billions of pounds and organised groups attack not just commercial targets but also online tax systems across Europe.

The GCHQ director commented that cyberspace is contested every day, every hour, every minute, every second, and that he could vouch for that from the displays in his own operations centre of minute-by-minute cyberattempts to penetrate systems around the world. He went on to say that:

“Ministers are looking, in the context of the Strategic Defence and Security Review and the Spending Review, at what capabilities the United Kingdom needs to develop further”,

and added that:

“Clearly they will also be deciding how they trade off against other spending priorities”.

Perhaps the Minister could answer the question that the director in effect posed—namely, how high a priority compared with other spending priorities does this Government give to providing the necessary resources to ensure that this country continues to be protected effectively from cyberattacks?

I conclude by congratulating the noble Lord, Lord Jopling, and his committee on a thorough, thoughtful and informative report which has rightly raised the profile of this important and, indeed, worrying issue.