Public Procurement: Data Offshoring Debate

Full Debate: Read Full Debate
Department: Cabinet Office

Public Procurement: Data Offshoring

Lord Browne of Ladyton Excerpts
Tuesday 8th October 2024

(2 months, 1 week ago)

Lords Chamber
Read Full debate Read Hansard Text Watch Debate Read Debate Ministerial Extracts
Baroness Twycross Portrait Baroness Twycross (Lab)
- View Speech - Hansard - - - Excerpts

The government model services contract is one of three template contracts for use by government departments and wider government when procuring complex outsourced services. Value for money for taxpayers is central to good government procurement. The Government recognise the potential risk of data offshoring taking place without the explicit consent of public sector buyers. New standard security schedules for all government contracts include greater controls over data offshoring and stronger security requirements.

Lord Browne of Ladyton Portrait Lord Browne of Ladyton (Lab)
- View Speech - Hansard - -

My Lords, thanks to a whistleblower, we learned on 4 August from the Daily Telegraph that, up to 2021 when it was discontinued, a chain of outsourcing resulted in software for our nuclear submarine engineers being developed by private companies in Minsk and Siberia. The Telegraph reported Ben Wallace, the then Defence Secretary, as saying that the breach left the UK’s national security “vulnerable to undermining”. Can my noble friend tell us whether this story is true? If it is true, where can we find a credible, comprehensive rebuttal? Otherwise, is it not likely that our deterrent will be undermined?

Baroness Twycross Portrait Baroness Twycross (Lab)
- View Speech - Hansard - - - Excerpts

As my noble friend will appreciate, the Ministry of Defence took these reports extremely seriously. In response, on 6 September this year, Maria Eagle, the Minister of State for Defence, confirmed that both the MoD and Rolls-Royce Submarines had conducted an investigation into the matter. The Minister assured that the investigation found no evidence that Belarusian nationals had access to sensitive information and concluded that no change to the MoD procurement policy was required. The Ministry of Defence has set a policy of using Secure by Design. This is a modern approach whereby senior responsible owners, capability owners and delivery teams are accountable and responsible for delivering systems that are cybersecure. This includes ensuring new systems being bought or built carry out due diligence on the security of their systems.