(9 years, 1 month ago)
Lords Chamber
To ask Her Majesty’s Government what is their assessment of the vulnerability of the United Kingdom to organised cyber-attack.
My Lords, as the Chancellor of the Exchequer said in his speech to GCHQ on 17 November, despite a huge amount of investment, effort and world-class tools and capabilities, we are not where we need to be, particularly given the pace of innovation in cyberspace. Since 2011, we have invested £860 million in a national cybersecurity programme. As announced in the national security strategy and strategic defence and security review 2015, we plan almost to double investment in cybersecurity over the next five years.
My Lords, I thank the Minister for that very helpful reply. One of the most serious threats we face is that of a co-ordinated cyberattack against the UK financial sector. The Bank of England has shown that individual banks, especially the large banks, are pretty well protected but there are huge vulnerabilities in the connections between the banks and the rest of the economy, which some people say could lead to panic. One quite seasoned observer described the possibility of financial Armageddon—the meltdown of the system—given that most money today is electronic and no longer held in the form of cash. This is a matter for the Government, not just for the Bank of England, so what concrete steps are the Government taking to address this issue?
I pay tribute to the work of the noble Lord and a number of other of your Lordships in this area. On the specific point, the financial sector, including the City of London, has undertaken a number of exercises in recent years: Waking Shark I, Waking Shark II and the Market Wide Exercise, as well as the more recent Resilient Shield exercise between the US and the UK last month. In June, the FPC agreed that the Bank, the PRA and the FCA should also establish arrangements for CBEST tests to become one component of regular cyber resilience assessment within the UK financial system.