Emily Darlington (Milton Keynes Central) (Lab)

- View Speech - Hansard -

Copy Link

-

I welcome the Bill and the cyber action plan for public services, which was published today. As we have heard from right hon. and hon. Members’ many great speeches today, this is so important to the UK economy and public.

Despite being one of the smaller countries in the world, we are still one of the biggest targets for cyber-attacks. In the past 12 months, there has been some good news: only four in 10 businesses and three in 10 charities have had cyber-security breaches—the figures are down on the previous year. However, there has been a huge increase in nationally significant cyber-incidents, which have more than doubled in the past year, including the malicious cyber-attacks on critical infrastructure by Russia and China.

These matters are important to companies based in Milton Keynes Central, where one in three jobs are in technology. Milton Keynes is a leader in the development of AI and tech services, including in legal services, financial services and autonomous vehicles. Those companies have experienced cyber-attacks, so the Bill is very welcome. The difficulty is that it misses a huge portion of the discussion, and Ministers have somewhat neglected to mention sovereign technology in their comments or in the strategy. I hope that they will do so in the wind-up.

One role of sovereign technology is to fight cyber-crime. There are many definitions of sovereign technology, so what does it actually mean? To me, most of the public and the industry, it means UK innovation and technology. It is developed in the UK and is UK-owned intellectual property. It means a company paying UK taxes. Most importantly, it means a UK company being accountable to the UK. The Government have talked a lot about their commitment to developing and securing sovereignty, but that needs to be extended to all critical technology and infrastructure. Not only is that important in cyber-security terms, but it has other advantages, too: it is good for the economy, creates innovation and sets the highest standards, and it thereby gets public support and confidence and achieves small business support for absorbing the innovation. It achieves growth by creating not only UK customers, but—ambitiously—worldwide customers.

The Government have done that quite well in the past. They have created safe and secure solutions. Crown Hosting Data Centres is a really good example of a joint venture between the Government and Ark Data Centres. Unfortunately, only 3% to 4% of Government servers actually use it, and we must ask why. What are we doing to promote safe and secure solutions in the UK that would help us to fight for cyber-security and ensure that it is promoted across the public sector, and to ensure that those solutions gain support in the private sector? Instead of using Crown Hosting Data Centres, many are using ones run by foreign firms with securities and standards developed outside the UK. Outages at Amazon Web Services in cloud hosting have cost business millions.

Let us look at other areas where the public rightly worry about cyber-attacks and cyber-security, such as NHS data. We have heard about the impact of cyber-crimes on the NHS and on lives, but it also impacts public confidence. Palantir has a £330 million contract to bring together all NHS data. That is a fantastic initiative and really important, and the public support it because they do not want to have to repeat their health story to each and every doctor, nurse or other health professional that they meet. The difficulty is that using a foreign firm with some questionable alliances has led to an erosion of public trust and to a lack of trust among doctors, slowing the take-up of this important innovation in NHS services. That is partly because the co-founder of Palantir called our pride in the NHS “Stockholm syndrome”. Unfortunately, he misunderstands the very body to which he is selling services and is thereby eroding public trust. I know many UK firms that could have done just as good a job—and probably better, because trust among the public and doctors would have increased.

We hear that Palantir has just won a £240 million contract with the Ministry of Defence for

“data analytics capabilities supporting critical strategic, tactical and live operational decision making across classifications”.

Again, it is hugely important that we are using the latest technology to promote our MOD and that we are tying all that up. I do not think anybody in this House has concerns about the MOD making these kinds of investments; it is who we choose to partner with that drives the concern.

As I have already argued, the reality is that cyber-security has to be UK-focused. We have to protect our national interest and ensure that our partners put our national interest and cyber-security first and foremost. The views of organisations such as Palantir on the NHS and its integration into US Immigration and Customs Enforcement—otherwise known as ICE—lead us to worry that it does not share UK values. It creates a strategic vulnerability. That is what the sector is saying to us, and we should listen to it. Cyber-security is not just about reporting; it is about the investments we make ahead of time. Imagine if those two contracts and their economic opportunities had been given to UK firms. There would be enhanced UK-based cyber-security and greater confidence in our most critical areas of health and the military.

Let me raise another example which, if The Daily Telegraph is correct, I am sure will raise significant public trust concerns. It has reported today that the Government are considering using Starlink for the emergency services network, replacing the existing radio set-up that is used by ambulances, police and the fire service in an emergency—our most critical infrastructure. This company is controlled by a man who has shown his willingness to turn off satellites in Ukraine at his own political whim.

Emily Darlington

- Hansard -

Copy Link

-

I thank the hon. Member for raising that point. It is important to note that Elon Musk turned off Starlink at very strategic points for the Ukrainian military when it was advancing on Russian-held territory. It is not just that he chose to turn it off; he chose to turn it off at a critical time for the Ukrainian military. I worry that somebody who chooses to do that, and who encourages violence among the UK public at a far-right rally, at which he said,

“Whether you choose violence or not, violence is coming to you. You either fight back or you die”,

is not an appropriate or safe partner for our emergency services.

I absolutely support the comments made by my right hon. Friend the Member for Oxford East (Anneliese Dodds) about transparency, and about some of the actions being taken by those who have been willing to stand up to these companies and demand transparency. While that is probably not the subject of today’s debate, I think we must take those actions as a warning for what is to come.

I welcome the Bill and the action plan, but to truly make the UK safe and secure from state-sponsored or criminal cyber-attacks, we need to ensure that there is a UK sovereign infrastructure, capacity and capability. The Government can lead the way through their own procurement practices by making sure we are partnering with UK sovereign firms. That is good for security, good for protecting us against cyber-attacks, and good for the economy and public trust.