Defence Personnel Data Breach

Debate between Lord Harlech and Baroness Smith of Newnham
Wednesday 8th May 2024

(7 months, 2 weeks ago)

Lords Chamber
Read Full debate Read Hansard Text
Baroness Smith of Newnham Portrait Baroness Smith of Newnham (LD)
- View Speech - Hansard - - - Excerpts

My Lords, I agree with the noble Lord, Lord Coaker, that His Majesty’s Government have many questions to answer. I thank the Minister for taking the hospital pass and repeating the Statement to the House this afternoon.

The wording of the Statement is interesting. The Ministry of Defence has identified indications that a malign actor gained access. Did it identify these indications only after the leak to the media, or was it aware of this and trying to deal with matters behind the scenes? It would be helpful to understand whether the MoD has a handle on the data breach.

As the noble Lord, Lord Coaker, has pointed out, there are questions about prime contractors and subcontractors, and the eight-point plan raises some concerns about what is being asked of government departments and our contractors. Point four states:

“specialist advice and guidance on data security has been shared”

and is available now on GOV.UK. This is part of the eight-point plan—after the horse has bolted. Why on earth was this advice not available before the data breach? It is not good enough for the Secretary of State to refer the other place back to his Lancaster House speech and remind us that the world is a “more dangerous” place. We know the world is a dangerous place. We know that there are cybersecurity dangers, and if the MoD and its contractors cannot ensure that we are safe and secure from data breaches, who can? Can the average citizen of the United Kingdom feel secure if the MoD is not able to deal with its own cybersecurity? Why can it not? To say that this is a contractor and therefore separate from the MoD’s HR supply is not necessarily adequate, either. Are the requirements for our prime contractors and subcontractors adequate?

A question asked in the other place, and which the noble Lord, Lord Coaker, has also touched on this afternoon, is: which other government departments are using Shared Services Connected Ltd and to what extent should we be concerned? My understanding is that the Home Office, the MoJ and possibly the Cabinet Office are also part of these contracts, but the Secretary of State did not appear to be able to answer the question in the other place. I hope, with the additional 24 hours, that the noble Lord, Lord Harlech, may be able to give us some answers to this question.

Point six of the eight-point plan says that His Majesty’s Government are now

“providing a commercial personal data protection service for all service personnel”.

Why is it a commercial personal data protection service? Would it not now be appropriate to learn the lessons of outsourcing and think about whether we should provide our own HR and payroll? Would it not be appropriate for His Majesty’s Government to rethink that and for personnel data to be ensured by His Majesty’s Government and not outsourced?

I have two final points to make in my last 33 seconds. Given the Border Force issues yesterday, do we suspect that the same malign actors who hacked the data impeded people entering our country? Are other malign actors damaging UK infrastructure? Is that a further security concern? My final point concerns the noble and gallant Lord, Lord Craig of Radley. During questions on the response of Israel and its iron dome a couple of weeks ago, he asked whether, if London were faced with a similar issue, we would be able to defend ourselves. Should we not be concerned that, if the MoD cannot defend its personnel against hackers and malign actors, maybe our country is not as secure as it should be?

Lord Harlech Portrait Lord Harlech (Con)
- View Speech - Hansard - -

My Lords, I thank the noble Lord, Lord Coaker, and the noble Baroness, Lady Smith of Newnham, for the points which they raise and for their ongoing support, and that of their Benches in this House, for the Armed Forces. Our people are our strongest asset and the department is committed to taking appropriate action to investigate this matter thoroughly, in terms of both the contractor and the malign actor, and to ensuring that this does not happen again.

Since yesterday, I can confirm that 100% of the backlog of travel and expenses claims held up by the data compromise have now been paid and I can give assurance, on the advice of departmental officials, that the May pay run will be unaffected. I can also confirm, further to the Statement, that public guidance for affected personnel is now live. This can be found on the GOV.UK website by searching for “pay network compromise”.

On the issue of the contractor, as the Defence Secretary confirmed in the other place, a full security review of the contractor’s operations is under way and appropriate steps will be taken if it is found to have been negligent or in dereliction of its duties under contract. This is being co-ordinated with cross-government partners as the contractor, as the noble Lord and the noble Baroness indicated, does not work solely for defence. The contractor, SSCL, holds 12 contracts across nine government departments. The incident in question, however, is isolated to defence and there is currently no evidence of any risk to any other government services provided by the company.

As the Defence Secretary stated yesterday on several occasions, it is true to say that a malign actor is involved and it is possible that it is attached to a country, or a group based in a country. But I would ask that we refrain from turning media speculation into fact before the investigation has had a chance to conclude its important work. The Ministry of Defence is not trying to avoid giving the House this information; we need to be certain before we are able to do so. The Defence Secretary committed in the other place to return when he has further information which can be disclosed, if it is in our country’s interests to do so.

On the subject of Border Force e-gates, my information is that this was a network system failure and not in any way connected to this data breach. The noble Baroness, Lady Smith, raised ongoing cybersecurity. As I hope the Statement and my follow-up remarks attest to, this is something we take incredibly seriously. On a personal level, cybersecurity threats involving bribery, fraud and corruption are all part of our ongoing soldier training, which has to be done individually and is renewed each year.

The noble Lord asked how many personnel may be affected. I am afraid I can add no further clarity, except to say that we believe that approximately 272,000 personnel may have been affected. Investigations continue to refine this number. We monitor all defence contracts and, as I say, this is an ongoing investigation. I would not want to say anything which could impede it in any way.

War Widows: Ex Gratia Pension Payment

Debate between Lord Harlech and Baroness Smith of Newnham
Tuesday 5th March 2024

(9 months, 2 weeks ago)

Lords Chamber
Read Full debate Read Hansard Text
Lord Harlech Portrait Lord Harlech (Con)
- View Speech - Hansard - -

My Lords, I pay tribute to the tireless campaigning that my noble friend has done on behalf of war widows. I appreciate that this is difficult, but the eligibility criteria were discussed with the War Widows’ Association from the inception of the scheme. I have been assured by officials from the Ministry of Defence that at no point have the eligibility criteria changed.

Baroness Smith of Newnham Portrait Baroness Smith of Newnham (LD)
- View Speech - Hansard - - - Excerpts

My Lords, the noble Lord the Minister may think that war widows and others spend their lives watching parliamentlive.tv; I suspect that most do not. I seem to recall that, last time this issue came up, I asked whether His Majesty’s Government could inform everybody who they thought was eligible about eligibility, not request people to go online. What are His Majesty’s Government doing to ensure that they do the right thing by all of these widows, including ensuring eligibility as they expected it to be?

Lord Harlech Portrait Lord Harlech (Con)
- View Speech - Hansard - -

I thank the noble Baroness for that question. We do need people to apply because, in line with legislation, once an individual is no longer in receipt of payments from the MoD, the MoD will not update its records on an ongoing basis. Therefore, crucial information such as their address, bank details and surname may not be current. The information requested on the application will enable the MoD to cross-check with the records that it holds and verify an applicant’s eligibility.

War Widows’ and Widowers’ Pensions

Debate between Lord Harlech and Baroness Smith of Newnham
Thursday 18th May 2023

(1 year, 7 months ago)

Lords Chamber
Read Full debate Read Hansard Text
Lord Harlech Portrait Lord Harlech (Con)
- View Speech - Hansard - -

The noble Lord makes two important points. First, we estimate that around 380 people will be eligible for this scheme. Secondly, for those who do not apply and would be eligible but subsequently pass away, their descendants would not be entitled to it. However, if a potential beneficiary made an application and then sadly passed away during the process, the money would be paid out to their estate.

Baroness Smith of Newnham Portrait Baroness Smith of Newnham (LD)
- View Speech - Hansard - - - Excerpts

My Lords, the Government have worked out that 380 people might be eligible. The Minister suggested that those people should contact the War Widows’ Association or Veterans UK for information. Could the Government not do the decent thing and write to all those they believe to be eligible?

Lord Harlech Portrait Lord Harlech (Con)
- View Speech - Hansard - -

I think the point of Veterans UK is to provide advice and help to all those affected, both the bereaved and veterans. But I take the noble Baroness’s point that a two-pronged approach may be the most sensible in this situation.

Ministry of Defence Procurement: Accountability

Debate between Lord Harlech and Baroness Smith of Newnham
Wednesday 29th March 2023

(1 year, 8 months ago)

Lords Chamber
Read Full debate Read Hansard Text
Lord Harlech Portrait Lord Harlech (Con)
- View Speech - Hansard - -

My Lords, the problems the Ajax programme has faced have long been acknowledged, but it is turning a corner and progressing towards the delivery of this new generation of armoured fighting vehicles for the British Army. The Statement to the House on 20 March set out the progress and outlined a new realistic schedule to bring this next generation of armoured fighting vehicle into service. Ajax remains at the heart of the Army’s plans for a modernised fleet of armoured vehicles. It is part of around £41 billion of investment that His Majesty’s Government are making into Army equipment and support over the next 10 years, to ensure that this nation can address threats of the future, not the past.

My noble friend asked a number of questions, so I will comment on Clive Sheldon KC’s review. Defence Ministers commissioned this independent review to identify lessons and make recommendations to help the MoD deliver major programmes more effectively in the future. The draft report is currently under the process of Maxwellisation and will be published as soon as possible.

Baroness Smith of Newnham Portrait Baroness Smith of Newnham (LD)
- View Speech - Hansard - - - Excerpts

My Lords, in its Ministry of Defence: Departmental Overview 2021-22, the National Audit Office noted that, of major programmes, nine were rated red, 33 were amber and just three were green. Being rated red suggests that successful delivery is “unachievable”. Does the Minister think this is acceptable? Can he explain what is being done to rectify the situation?

Lord Harlech Portrait Lord Harlech (Con)
- View Speech - Hansard - -

My Lords, my interpretation of what red means differs somewhat. Defence proudly delivers some of the largest programmes across government. These processes are complex, and the delivery confidence assessments are an important tool to provide challenge and support for successful delivery. A project being rated red or amber does not necessarily mean that it will not be delivered on time or budget; it means that we have identified risks that need managing. We see this as effective programme management. The MoD will continue to introduce changes to improve our management of major projects.

Carrier Strike Group

Debate between Lord Harlech and Baroness Smith of Newnham
Monday 6th February 2023

(1 year, 10 months ago)

Lords Chamber
Read Full debate Read Hansard Text
Lord Harlech Portrait Lord Harlech (Con)
- View Speech - Hansard - -

My Lords, we welcome the findings of the interim report into the loss of the F35B aircraft in 2021. While it would be inappropriate to comment fully until the final report is published, we can confirm that immediate steps are being taken after the crash to ensure the safety of earmarked flying operations.

Baroness Smith of Newnham Portrait Baroness Smith of Newnham (LD)
- View Speech - Hansard - - - Excerpts

My Lords, I will add to the list of things on which the noble Lord will write to the House, or perhaps he can tell us today. Can he say when HMS “Prince of Wales” is likely to be operational again? Are we likely to have two ships in the Queen Elizabeth class that are both seaworthy?

Lord Harlech Portrait Lord Harlech (Con)
- View Speech - Hansard - -

HMS “Prince of Wales” is expected to commence her operational programme as planned in autumn 2023. However, an issue has been identified with her port shaft. To prevent a similar defect occurring, rectification of this issue is expected to be completed prior to her planned departure. The defects with the shafts of HMS “Prince of Wales” are not believed to be a class issue, and HMS “Queen Elizabeth” will continue to undertake strike carrier duties until 2024, when HMS “Prince of Wales” will take over as strike carrier at very high readiness.