My Lords, it is obviously of huge concern that top secret US documents were leaked, including files purporting to be on the war in Ukraine. In assessing what damage this may have done, are the Government looking into why the Wall Street Journal reported last week that the leak was first put out in January among a small group of posters on a messaging channel that trafficked in memes, jokes and racist talk? This posting in January of top secret files went, according to the Wall Street Journal, unnoticed for weeks by the outside world. If accurate, this is a very concerning matter, so can the Minister look into what did happen and whether that report is accurate? In the light of all this, can the Minister tell us what the MoD is doing to improve security, including data breaches?
I thank the noble Lord for his Question. I am not privy to the content and detail of the article to which he refers, and even if I were, I would be reluctant to comment. As the noble Lord is aware, an internal United States investigation is now taking place and the broader issue is now the subject of investigation by the United States criminal justice system and is sub judice, therefore I am unable to comment further on that. On data breaches, our MoD takes information and data-handling responsibilities very seriously. Following previous investigations, we have introduced measures to prevent breaches recurring—that is a targeted campaign of re-education and retraining. It might be helpful to the noble Lord to know that, for example, when I log on to my MoD desktop I am now immediately presented with an automatic message about keeping equipment safe, and we are now unable to send an email on MoD equipment without being prompted to add a sensitivity label. I must say that that makes me think very carefully about what I am sending and to whom I am sending it.
My Lords, I welcome the comments that the Minister made regarding some of the improvements. However, given the seriousness of the security breaches which have occurred within our MoD, what further improvements can she highlight today that have been made to combat this happening again?
I think the most uncomfortable security breach for the MoD was in 2021, when papers were left at a bus stop. Following that event, the Secretary of State sent a metaphorical dose of syrup of figs through the department. That involved re-education and retraining, with an online security test to be sat, in which Ministers had to participate—I shall not share the results with the Chamber but it was a very pertinent wake-up call—and random bag searches were introduced in the main building for people accessing and leaving the department. I would also say to my noble friend that a risk assessment/risk evaluation exercise, introduced before the security leak in the United States of America, is currently ongoing, and that will be an important contributor to how we can improve further.
My Lords, in the other place Dan Jarvis asked the Minister whether he was able to give assurances that data on our Armed Forces held by private sector contractors was fully secured. The Minister said that he assumed so but would go away, find out and write to Mr Jarvis. Can the Minister inform this House whether there is yet an answer to the question? If such data is not securely held, what work will the MoD be doing to ensure that security is improved?
I do not have the response which my right honourable colleague promised in the other place, but I undertake to ensure that a copy is forwarded to the noble Baroness whatever that response is. Our private contractors operate under a very strict regime, not just in terms of vetting the people they have who have access to sensitive material, but also, in terms of undertakings, those individuals must comply with the Official Secrets Act and with the rules, protocols and all the security practices which we expect. There have been instances where these have been breached and prosecutions have ensued. Therefore measures are in place, but I will make the further detail promised by my right honourable friend in the other place available to the noble Baroness.
My Lords, the leaks reveal the US assessment that there will be an imminent vulnerability of Ukraine to Russian aircraft. What lessons have we learned in terms of early provision of aircraft and countermeasures to Ukraine?
As I indicated yesterday in responding to a question about Ukraine, we are working in lockstep with our allies through forums such as the G7 and NATO and efforts such as the UK-led International Fund for Ukraine to get Ukraine the firepower it needs to rapidly regain its territory. We are in daily contact. Tomorrow the Secretary of State for Defence will be at Ramstein, the airbase in Germany, at a meeting hosted by the United States. We are also anticipating the NATO summit in Vilnius in July, and we have constant bilateral engagement with our other partners. Everything is being done to ensure that we can respond as meaningfully as possible to what Ukraine thinks it needs.
Media reports suggest that the individual originally responsible is an American of considerable youth who still had access to a great number of very sensitive files. Can the Minister confirm that that indeed is the case and further confirm, as regards the Ministry of Defence and our coverage, that it is not as exposed as the American one seems to have been?
I can confirm to the noble and gallant Lord that the American criminal justice system has identified an individual, who I understand has been arrested and I presume is detained. On sharing information within our own MoD, we are very careful about where that information is, where it is stored and to whom it is transmitted. As I said in response to an earlier question, very detailed procedures are now in place to ensure that the correct balance is struck. We have to be careful not to obstruct this vital sharing of information, which may be incredibly important to inform discussion and decisions, while ensuring that we balance that with the need to store and manage the transmission of material responsibly and securely.
My Lords, given the increased threat from Russia, including recently in the Moray Firth area, which the Minister may wish to comment on, as well as from China, Five Eyes co-operation is even more important. Can the Minister give us an assurance that this unfortunate incident in the United States will not undermine and reduce our Five Eyes co-operation?
I thank the noble Lord. On the Moray Firth, we have been careful to ensure that our surveillance of maritime activity by Russia is extensive, and we take the security and resilience of our national infrastructure very seriously. As the noble Lord will be aware, we have increased Royal Navy presence patrols and have invested £65 million in the first of our two multi-role ocean surveillance ships. On the relationships with our important allies such as Five Eyes, other NATO partners or other security organisations, going back to the question from the noble and gallant Lord, Lord Craig, we are absolutely clear that our ability to protect our own sovereign states and to act in concert to protect global security depend on acquiring and sharing sensitive information. We all understand the importance of that, but equally we all understand the obligations which attach to it, and the balance to which I refer is one of which all our allies and partners are cognisant.
My Lords, further to the question from the noble and gallant Lord, my former constituent, the point he made goes to the absolute core of this crisis. The perpetrator, Jack Teixeira, was 21 years old, an airman in the Massachusetts Air National Guard, hardly a key unit at the very heart of the fight against terrorism and the war in Ukraine. He had access to top secret files and substantial Five Eyes intelligence but was a very junior official. Can the Minister make it clear that our Government will do all they can to impress upon the United States and Five Eyes partners that allowing this type of security intelligence to be dealt with by someone so junior is incredibly concerning?
I do not think anybody would disagree with my noble friend’s assessment. As he will be aware, the Secretary of State for Defence was scheduled to be in Washington—that had been prearranged—but an opportunity will be taken to speak directly about this issue. As always with cases like this, there is something which every state can learn, whether it is a state directly involved or a partner or ally of that state. The gravity of what has happened is completely understood, and certainly we are very sensitive to that within our own MoD. I have indicated some of the measures that have been taken and, following the American incident, our Permanent Secretary immediately instigated action to check that the highest standards were being observed.