Lord Browne of Ladyton
Main Page: Lord Browne of Ladyton (Labour - Life peer)Department Debates - View all Lord Browne of Ladyton's debates with the Cabinet Office
(2 months, 1 week ago)
Lords ChamberThe government model services contract is one of three template contracts for use by government departments and wider government when procuring complex outsourced services. Value for money for taxpayers is central to good government procurement. The Government recognise the potential risk of data offshoring taking place without the explicit consent of public sector buyers. New standard security schedules for all government contracts include greater controls over data offshoring and stronger security requirements.
My Lords, thanks to a whistleblower, we learned on 4 August from the Daily Telegraph that, up to 2021 when it was discontinued, a chain of outsourcing resulted in software for our nuclear submarine engineers being developed by private companies in Minsk and Siberia. The Telegraph reported Ben Wallace, the then Defence Secretary, as saying that the breach left the UK’s national security “vulnerable to undermining”. Can my noble friend tell us whether this story is true? If it is true, where can we find a credible, comprehensive rebuttal? Otherwise, is it not likely that our deterrent will be undermined?
As my noble friend will appreciate, the Ministry of Defence took these reports extremely seriously. In response, on 6 September this year, Maria Eagle, the Minister of State for Defence, confirmed that both the MoD and Rolls-Royce Submarines had conducted an investigation into the matter. The Minister assured that the investigation found no evidence that Belarusian nationals had access to sensitive information and concluded that no change to the MoD procurement policy was required. The Ministry of Defence has set a policy of using Secure by Design. This is a modern approach whereby senior responsible owners, capability owners and delivery teams are accountable and responsible for delivering systems that are cybersecure. This includes ensuring new systems being bought or built carry out due diligence on the security of their systems.