Debates between Tom Tugendhat and Mark Hendrick during the 2019-2024 Parliament

Cyber-security

Debate between Tom Tugendhat and Mark Hendrick
Tuesday 7th May 2024

(7 months, 2 weeks ago)

Westminster Hall
Read Full debate Read Hansard Text Read Debate Ministerial Extracts

Westminster Hall is an alternative Chamber for MPs to hold debates, named after the adjoining Westminster Hall.

Each debate is chaired by an MP from the Panel of Chairs, rather than the Speaker or Deputy Speaker. A Government Minister will give the final speech, and no votes may be called on the debate topic.

This information is provided by Parallel Parliament and does not comprise part of the offical record

Tom Tugendhat Portrait The Minister for Security (Tom Tugendhat)
- Hansard - -

It is a great pleasure to see you this evening, Ms Bardell—as ever, the surprise only adds to the joy—and to respond to the hon. Member for Preston (Sir Mark Hendrick), who is quite right to have secured this debate. The challenge that he talked about and the ways of addressing it are fundamental not just to his constituents and the National Cyber Force, which he rightly paid tribute to and will be hosting in his constituency, but to the very nature of our country.

It is interesting to note that over the last 200 years, the British economy has been based on many things: the ingenuity and brilliance of our people; the rule of law and the ability to predict the future based on prior agreement; the genius of economic reforms innovated out of Edinburgh and Glasgow; and the ability to keep trade moving. For most of our existence, that trade has been maritime trade of various descriptions. It has been guaranteed not just by an extraordinary industry of sailors and shipwrights who have created the vehicles of commerce, but by the Royal Navy, which has kept the sea lanes open, the sailors safe and the goods moving.

The truth is that over the last few years, the nature of that commerce—that commercial gain and exchange—has changed. We have gone from sea lanes to e-lanes. We have gone from looking at the red ensign as a guarantee of security at sea, to looking at GCHQ and the National Cyber Security Centre as a guarantee of security on the internet and in cyber-space. Those changes have been fundamental. They have enabled us to do things that are frankly quite remarkable. Look at the change in the way communication works that our country has been through in the four years since covid struck us. With so many of our lives going online—even this place went online briefly, although we seem to have forgotten how convenient that was—many of us have been able to transform the businesses that we were working in from local or national to global.

That change has been a phenomenal blessing, but none of it would have been possible without the dedication and brilliance of some remarkable individuals who have kept us safe. Those individuals started off being headquartered solely in Cheltenham. Those of who have had the privilege to visit Cheltenham know that the extraordinary brilliance and genius of those remarkable people has been fantastic not just for our country but for many partners and allies around the world.

What we see today is that it is not just the Government who need to be kept safe. The reality is that companies and individuals guarantee that security in many different ways. What we are talking about this evening is how the wider economy is defended. That is where the Government have made some important changes, which I hope will be built on in coming years. The cyber-security force that we have created is an essential part of keeping the UK’s commercial interests safe. It is a fundamental building block of our economy not just today but for the future.

The way that has worked with the National Cyber Security Centre is essential, because the reality is that the economy of Britian is not guarded simply by the Government, and national security is not limited to the arms of the state. It is fundamentally true that many suppliers to Government and many different institutions that connect to Government are also important. More than that, every single aspect of our lives is a part of keeping our country safe. Although it is true that the Government do not provide the food, the supermarkets that feed us every day are part of our national security. Although it is true that the Government do not move the money, the banks that keep us fluid in that sense are absolutely part of our national security. It is therefore true that all those capabilities—all the cyber-defence that goes into the wider economy and into our lives—keep us all safe. Sadly, one of the things that has distressed me most in this job is discovering the level of abuse that I am afraid is now prevalent online. Hon. Members will not require me to tell them this, but we see an explosion in online bullying and abuse, and sadly we have seen an explosion in online harm that has taken not just many young people, but many people from across every walk of life, to dark places—and in some cases, very sadly, cost lives.

The cyber work that we do is about protecting not just the state, the Government or even the economy, but homes and families across the United Kingdom. That is why the work that we are doing in the reform of the Computer Misuse Act is so important, because, as the hon. Member for Barnsley Central (Dan Jarvis) and particularly as the hon. Member for Preston put it, the changes we have seen online in the last 20 or 30 years since the Act was passed are phenomenal. The Act was passed before the internet, the iPhone and social media. It is, in a modern sense, historical; it is dated and based on an era when to hold data was to hold it on a solid drive in a computer, not in the ether or on the cloud. The nature of intervention to keep cyber-defences alive and test them was very different, and the Act was drafted for that era. That is why the work of Sir Patrick Vallance and the way in which he has approached it have been so important, and it is why we have been looking so carefully at what he recommends and at how to get the best answer out.

The truth is that any decision we make is going to be difficult. It is going to raise questions about the ways in which businesses work and partner with others around the world. The right hon. Member for Midlothian (Owen Thompson) asked about ransomware and the way in which it is changing. That is where the direction that we take it so important—for example, the counter-ransomware initiative that the United Kingdom led and changed in various ways, and the approaches we have taken to ensure that we are properly structured to get its benefits. The reason I am confident that we are going in the right direction is that we are setting the agenda.

In the 18 months since I had the privilege of becoming the Security Minister, we have launched at least two actions. Forgive me as I try to remember how many were public and how many were private; hon. Members will appreciate that in this job it is probably best to get that distinction right. I will say that we have launched at least two public actions alongside partners on counter-ransomware actions. Noticeably, one from about a year ago was against various Russian targets who had decided that it was to their advantage to try to extort and exploit organisations in the United Kingdom and United States. Our reactions—the ways in which we have partnered with allies and friends—have ensured that we are able not just to defend ourselves, but to make the punishment fit the crime. We are putting in place sanctions, closing down accounts and ensuring that we have those resources in partnership with organisations like the FBI to resist those different areas.

This subject also raises some questions about the state, which were hinted at. I will go a little further into it, because this is not just about individual actors, those in the so-called troll farms or the Internet Research Agency, which was so famously used by Russia recently; it is also about states themselves. Sadly, we are seeing states trying to use these forms of exploitation as means of profit. We have seen one state in particular, North Korea, seeking to quite literally use them as a cash cow—as a way of paying for its nuclear weapons programme, extorting money out of individuals around the world to advance its own hostile interests.

This is where some of the changes we have been able to make—alongside the hon. Member for Barnsley Central, to whom I pay tribute, and with support from parties on all sides—will, I think, make a substantial difference in the years to come. Those changes include the National Security Act 2023, which, through the various different elements of co-operation with foreign states, makes criminal actions that formerly would have merely been assisting or would have been hard to define; they may not necessarily have been breaches of the Official Secrets Act, or empowering or profiting a foreign state in a direct sense and in a way that would have been criminal. The National Security Act has been essential in making sure that espionage is properly punished and that the support of hostile states is now criminalised. I am grateful for the support of the hon. Member for Barnsley Central and others, because that legislation has been an important change that has enabled us to make a difference.

We have seen various different ways in which states have used these sorts of powers. For example, I am afraid that we have seen the various different ways in which Beijing has been ordering different threats against us. I will not comment on things that are being gossiped about in different places—in main Chambers rather than in Westminster Hall—but I will say that the state-affiliated cyber group APT31 has been, and consistently remains, a threat targeted against the UK. I am afraid that we have seen that again and again, and we have had to take action to ensure that we are able to protect ourselves. This is one of those areas where the work of the National Cyber Security Centre has been so incredibly important in protecting not just the state but our wider economy—and that is where we have a wider mission, because the truth is that protecting the wider economy is about protecting not just all those areas, but families and individuals across our country.

I am proud of some of the work we have done alongside businesses, some of which are from the UK and some of which are international, which has enabled us to change some of the incentives and pressures on them. We have brought down fraud in the last year; 16% is not as far as I would like it to go, and I am sure that others in the House will recognise that there is further to go, but that is a hell of an achievement by some fantastically dedicated law enforcement professionals and their cyber partners to make sure that homes and families across the United Kingdom are safer.

We are moving further online. For instance, one can look at the national health service today, and see the amazing investment in technology and in the changing way in which we communicate with our doctors. As many of us know, the NHS app—which, I think I am right in saying, has been downloaded by about three quarters of all adults in the United Kingdom, although I will have to check that—is a fantastic way in which we can communicate across the medical professions. However, all of this means that we have wider vectors of attack, which means that it is enormously important to ensure that we are working together. That is why—I correct the hon. Member for Barnsley Central—although the National Security Council may not have a cyber element in that sense, there is a ministerial cyber board, which meets on a similar basis except that it is chaired by the Deputy Prime Minister and brings together Departments from all across Whitehall. That is an extraordinarily important place where we set the policy and make sure that it works together, because the UK Government are already doing a huge amount.

The hon. Member for Barnsley Central asked about the policy of paying ransomware. We have set out that no public body should be using state money to pay ransomware. We have set out this agenda with the national health service and have been very clear to organisations, including the British Library, that it should not be happening. That policy has been made clear. It is also clear that some ransomwares that are being used for profit are being closed down. I do not know if Members are aware of the LockBit sanctions, but they have been incredibly important; in the last few days we have not just taken over the LockBit site—a brilliant piece of work by the National Crime Agency and others, including the FBI—but exposed the people behind it. That is an extremely important way in which we are taking the fight directly to the criminals who are challenging us and making sure that the National Cyber Force, which is soon to be wonderfully homed in Preston—

Mark Hendrick Portrait Sir Mark Hendrick
- Hansard - - - Excerpts

Just next door.

Tom Tugendhat Portrait Tom Tugendhat
- Hansard - -

Many of its people will be homed around there, I am sure, though they may work in other parts. That force is a fantastically important element in our national defence. While once we flew the white ensign to protect sea lanes, today we fly a different sign —a national cyber-security sign; and with wider British Government protection, we can protect our e-lanes of communication that keep us not just safe but free.