Bob Russell
Main Page: Bob Russell (Liberal Democrat - Colchester)Department Debates - View all Bob Russell's debates with the Ministry of Defence
(10 years, 9 months ago)
Commons ChamberWe are talking about cyber-technology, but may I use an old-fashioned phrase in warning of the danger of having all our eggs in one basket?
Yes, and I entirely agree. I have discovered a new organisation being set up in Cambridge called the centre for the study of existential risk, which is right up my street. Being a gloomy sort of person, that is precisely the sort of thing I am worried about, and the hon. Gentleman will not be surprised to hear that I am already in deep contact with the centre.
The Committee visited Estonia in 2009. It has still not been conclusively established who precisely was responsible for the attacks that took down much of that country’s banking system, although we have our suspicions—they may have been marching around in unmarked uniforms. We discovered that the attack had been comparatively easy to achieve. It was a distributed denial-of-service attack that did real damage. We also discovered the international centre of excellence in Estonia, which at that stage the Government were not contributing towards in dealing with cyber-attacks. I am delighted that they have since decided, perhaps as a result of our incredibly effective report, to contribute to the centre.
I was biding my time, but the intervention from the hon. Member for New Forest East (Dr Lewis) has prompted me to intervene. Has any evidence yet come forward to suggest that what is going on in Crimea has involved cyber-security breaches either way?
If there is evidence of that, I do not yet know of it. All I can say is that before the invasion of Georgia there was an extensive cyber-attack on its computer network that was very similar to the one on Estonia. I suspect that it is now a new method of fighting wars that we must all get used to.
The need to share information is critical, as I have said, and important mechanisms for that exist, such as the cyber-security information sharing partnership, which is now open to companies beyond critical national infrastructure sectors, including small and medium-sized businesses. CISP analysts will be expected to feed into CERT once it is fully operational.
The Committee produced many recommendations, but our final conclusion was that the cyber-threat, like other emerging threats, has the capacity to evolve with almost unimaginable speed and with serious consequences for the nation’s security. The Government need to put in place—they have not yet done so—mechanisms, people, education, skills, thinking and policies that take into account both the opportunities and the vulnerabilities that cyber presents. It is time the Government approached the subject with vigour. I am pleased to see the actions that they have taken since we issued our report. Clearly there is much more to be done—in the cyber world it is a matter of constantly playing catch-up—but I personally have the impression that the Government are, at the very least, joining in the game.
I thank my hon. Friend for that, but I am not sure that he is right. Huawei has been involved in setting up our cyber-security evaluation centre. It offered its services at knock-down prices—no western firm could match them, and our economy was and is in a poor position to resist the temptation of accepting what looked like a very good deal. So we could be setting a thief to catch that same thief. Of course the suspicions I voice may be erroneous and our cyber-security services could be totally on top of this one, but without access to classified information I have no way of checking. Members may recall that Huawei offered to provide a mobile phone system for the London underground during the 2012 Olympics—was it not free or close to being free? If I recall it correctly, that offer was turned down on security grounds.
As Chris Donnelly highlighted, state security requirements and gaining commercial advantage are two sides of the same coin in China. We should be under no illusion about the Chinese’s willingness to put huge efforts into understanding and, if necessary, harnessing all sorts of systems in the UK to advance the Chinese national interest. Already there is a mass English learning programme in existence, which Chris Donnelly suggests involves 300 million people in China, and a similar mass programme to teach computing. In 2012, China conducted what it called its first “digital technology exercise” in Inner Mongolia, when an entire division of hackers in the uniform of the Chinese liberation army was deployed. These cyber warriors went to war across the whole spectrum of western activity, not just against western military communications. We are wasting our time calling on China to stop hacking into our systems. Of course the Chinese will deny they are doing it until they are blue in the face—
Forgive me, my hon. Friend is absolutely right. He always stands up for the infantry, so he would use the word red, and I accept it; red is the colour of the infantry.
We had better wake up to the fact that systematic and state organised hacking is a massive Chinese industry. I am pretty sure that our security services are well aware of the threat, but the public must also be made aware of it. We need the funding to do what we can to counter the threat.
Let me be clear: hacking can be more deadly than a gun. Cyber-warfare, taken to its logical conclusion, could bring our society to its knees. Almost nothing works without electricity. I am talking about light, energy, traffic control—on the ground and in the air—hospitals, police and even sewerage. Undoubtedly, the national grid would be a No.1 priority target for someone wishing to reduce us to our knees. Von Clausewitz stated that war is an extension of politics by other means, but systematic hacking is also war, by new, subtle and probably very effective means.