Amazon Web Services
Lord Harris of Haringey Excerpts(3 days, 12 hours ago)
Lords ChamberRead Full debate Read Hansard Text Watch Debate Read Debate Ministerial Extracts
Lord Harris of Haringey
To ask His Majesty’s Government what assessment they have made of the outage affecting Amazon Web Services.
Lord Harris of Haringey (Lab)
My Lords, I beg leave to ask a Question of which I have given private notice, and in so doing I refer to my interest in the register as chair of the National Preparedness Commission.
Lord in Waiting/Government Whip (Lord Leong) (Lab)
My Lords, the Department for Science, Innovation and Technology is leading the Government’s response to the Amazon Web Services outage that took place yesterday. DSIT continues to work across government and with businesses to understand the full impacts of the outage. All AWS services were restored yesterday evening, and DSIT is in contact with AWS to understand how such events can be mitigated in future.
Lord Harris of Haringey (Lab)
My Lords, I am grateful to my noble friend for that response. I notice that he did not say whether the outage was precipitated by hostile state activity. Given the impact on UK critical services, including those run by the Government, should we have more variety in cloud producers and more sovereign capability? What additional guidance are the Government intending to give to enable the public and private sectors, as well as individuals, to prepare for such disruptions in future?
Lord Leong (Lab)
My Lords, I thank my noble friend for those questions. There is no evidence that this was caused by any malicious activity, and we have to be very careful that we do not speculate otherwise. AWS has publicly stated that the outage was initially caused by an issue with its configuration of the domain name system, or DNS, and some wider related complications. Departments independently determine which suppliers to use based on their use cases. Some cloud providers are strategic suppliers, but departments make decisions on adoption based on not only reliance but cost, capability and their staff’s expertise. We are working to diversify the UK’s cloud ecosystem and encourage greater participation by UK-based and European providers, as well as promoting innovation through our digital infrastructure and cybersecurity programmes. At the same time, the NCSC offers advice and guidance on how businesses and organisations can make themselves more cyber resilient, and this advice is also broadly applicable to digital resilience issues.
As I mentioned in Oral Questions last week, businesses should also take it upon themselves to ensure that they have sufficient cyber resilience systems in place by ensuring that their software and hardware are up to date and, if they can, seeking certification so that their systems are Cyber Essentials certified. Businesses should also be encouraged to have a business continuity plan so that, if anything happens, they have a plan in place.
Lord Leong (Lab)
I thank the noble Baroness for that. As for a debate, I leave it to Members of the House to table it accordingly. I would welcome a debate to look at this in further detail. As far as the Bill is concerned, we have been working on it for some time, as most noble Lords know. The Bill itself will ensure that the UK economy and information systems relied on by most important digital services and suppliers are better protected. As a result, businesses and public services that rely on them will also benefit. The Bill will include powers for the Secretary of State to update the security requirements that companies in scope of the regime must have in place to protect their systems from any further disruption, whether because of a cyberattack or for other reasons, even simple things such as human error, system outage or physical damage.
Lord Harris of Haringey (Lab)
My Lords, if it is not hostile activity, is that not possibly slightly more concerning in that we are putting our faith in these very large companies and the amount that they can invest because they are secure and less likely to fall over? The noble Lord has just talked about the cybersecurity and resilience Bill. Can he tell us when it will come forward? Will its provisions apply more generally—broader than the critical national infrastructure—to all the key suppliers, some of which will not be at the level of critical national infrastructure, and require that they invest more in their resilience and their cyber capacity?
Lord Leong (Lab)
I refer my noble friend to what I said in last week’s Oral Question. I hope the Bill will be published very soon, before the end of the year. At this stage I cannot go into too much detail as to what is in the Bill, but I hope to soon be able to share the Bill itself with noble Lords.
Covid-19 Inquiry
Lord Harris of Haringey Excerpts(9 months ago)
Lords ChamberRead Full debate Read Hansard Text Watch Debate Read Debate Ministerial Extracts
Lord Harris of Haringey (Lab)
My Lords, I refer to my chairing of the National Preparedness Commission. I welcome the Government’s response to the module 1 report. The nation is on a journey, which was started by the previous Government; I am pleased that it has been continued by the present Government. In particular, I welcome the recognition that resilience and preparedness are an essential underpinning of the Government’s missions for change and everything else, and that those missions themselves feed back into preparedness and resilience. I specifically welcome the fact that the emergency alerts scheme—which, as noble Lords know, I have been championing for some time—is to be tested on a regular basis in addition to when it is used, if you like, in anger.
I was interested in the slight differences in emphasis on recommendation 10, but surely the important point is that, when the Government bring forward their review of resilience, they recognise that there needs to be a legal underpinning. In the same way that the Climate Change Act requires Government Ministers and government departments to work towards delivering net zero, there should be a similar sort of obligation requiring them to work towards resilience. Is that under active consideration? There is also the question of whether something like the Climate Change Committee—which, if you like, marks the Government’s homework—which would have a validity under those circumstances. The prime responsibility is to make sure that everybody recognises that they all have to contribute to this.
Baroness Twycross (Lab)
My noble friend makes a really important point about this being something that everybody has to contribute to. On his point about potential need for changes to the legislative framework, the current basis of legislation is the Civil Contingencies Act, and the next formal statutory review should be completed by 2027. However, in light of the recent inquiries around Covid and Grenfell, it is right that we look at the legislative framework and ensure that it meets the need of the evolving risk landscape and the growing expectations on the local tier in particular. We are considering the legislative framework as part of the resilience review, which, as noble Lords will be aware, will conclude in spring 2025.
Live Events Ticketing: Resale and Pricing Practices
Lord Harris of Haringey Excerpts(9 months, 1 week ago)
Lords ChamberRead Full debate Read Hansard Text Watch Debate Read Debate Ministerial Extracts
Baroness Twycross (Lab)
Having spent many weeks on opposing sides on some of the aspects of the Football Governance Bill, I am delighted to be able to agree with the noble Lord on the importance of these measures. I particularly note, as did the noble Lord, Lord Foster, the long-standing work the noble Lord has done over many years. I will endeavour to answer as many questions as possible, and I will come back on others that I do not get the chance to cover.
The noble Lord asked about legislation. We are clear that this issue may require additional legislation, and we will look to do that as soon as possible, potentially in the second Session of this Parliament. We are clear that taking a view on where we would land on a cap could lead to accusations that we are pre-empting the consultation, but we are keen to hear views, and I have heard the noble Lord’s point on that very clearly.
The point about touting based overseas is an important one. We want to make it easier for enforcers to tackle breaches of the law, and the consultation explores options for achieving that. We know that many touts target UK fans while operating abroad, and that will be an important factor to consider in the design of any new measures. However, that issue is not exclusive to ticketing, and enforcers such as the CMA and trading standards are empowered to take action against traders outside the UK. The reformed consumer enforcement powers in last year’s Digital Markets, Competition and Consumers Act will empower enforcers to impose penalties on or directions against traders that target UK consumers, regardless of where they are based.
Lord Harris of Haringey (Lab)
My Lords, I am grateful to my noble friend the Minister for bringing this forward, and I welcome what is there. Until three and a bit years ago, I chaired National Trading Standards, and we were involved in trying to pursue some of precisely these cases. My question is simple: do the Government recognise the need for equality of arms in respect of those responsible for enforcing these new regulatory new arrangements, given that these are potentially multibillion-pound operations, sometimes operating overseas? It is quite difficult for either National Trading Standards or an individual local authority trading standards to pursue cases, given that heavy court costs will often be involved.
Baroness Twycross (Lab)
My noble friend raises a critical issue. This is about major ticket touting, which is incredibly well organised and heavily financed. The issues that have been raised are ones we will want to explore through the consultation, because there is no point in our having stronger laws unless they have an effect. We are clear that we need to act on ticket pricing, and that cannot just be words; there has to be action.
Global IT Outage
Lord Harris of Haringey Excerpts(1 year, 2 months ago)
Lords ChamberRead Full debate Read Hansard Text Watch Debate Read Debate Ministerial Extracts
Lord Harris of Haringey
To ask His Majesty’s Government what assessment they have made of the recent global IT outage.
Lord Harris of Haringey (Lab)
My Lords, in begging leave to ask the Question standing in my name, I refer to my interests as an adviser to Performanta and as chair of the National Preparedness Commission.
The Parliamentary Under-Secretary of State, Department for Culture, Media and Sport (Baroness Twycross) (Lab)
The CrowdStrike software update caused an IT outage affecting millions of devices around the world. In the UK, while government emergency and security systems remained operational, our retail, transport and healthcare sectors were disrupted. I have huge sympathy for all those affected. COBRA officials’ meetings were convened and officials from across government and the devolved Administrations met throughout to monitor impacts and recovery and to update Ministers as appropriate. UK sectors have now returned to normal operations, and the Cabinet Office will work with partners to review the lessons learned.
Lord Harris of Haringey (Lab)
My Lords, I am grateful to my noble friend for that reply. It highlights the vulnerability of all the systems on which the public and the private sectors rely, and how much they depend on the software and so on. Software manufacture is largely unregulated. Can the Government look at how they can strengthen the requirements for software providers to ensure the safety and security of what they supply to the public and private sectors? At the same time, will the Government remind all operators that they should plan for failure and for when something does not work? What are their back-up arrangements in the event of their software failing?
Baroness Twycross (Lab)
I thank my noble friend for that question and for his huge support for me in my previous role as chair of the London Resilience Forum. Although the outage is not assessed to be a security incident or cyberattack, the issues that he raises will be covered in the cybersecurity and resilience Bill included in the King’s Speech. This will strengthen our defences and ensure that more essential digital services than ever before are protected. For example, it will look at expanding the remit of the existing regulation, putting regulators on a stronger footing and increasing the reporting requirements to build a better picture in government of cyber threats.