Defence and Cyber-security Debate

Full Debate: Read Full Debate
Department: Ministry of Defence

Defence and Cyber-security

Julian Brazier Excerpts
Tuesday 4th March 2014

(10 years, 8 months ago)

Commons Chamber
Read Full debate Read Hansard Text Read Debate Ministerial Extracts
Lord Arbuthnot of Edrom Portrait Mr Arbuthnot
- Hansard - - - Excerpts

Yes, and I entirely agree. I have discovered a new organisation being set up in Cambridge called the centre for the study of existential risk, which is right up my street. Being a gloomy sort of person, that is precisely the sort of thing I am worried about, and the hon. Gentleman will not be surprised to hear that I am already in deep contact with the centre.

Julian Brazier Portrait Mr Julian Brazier (Canterbury) (Con)
- Hansard - -

I have heard of that work at the university of Cambridge, too, and I am in favour of it, but may I take my right hon. Friend back to his point on co-ordination? Surely the bottom line of the response to any major threat to this country, whether it is flooding or rioting and so on, is the armed forces. Does he share my concern that there seems to be no mechanism for referring problems in other sectors through to the MOD and, crucially, that there are no rehearsals taking place?

Lord Arbuthnot of Edrom Portrait Mr Arbuthnot
- Hansard - - - Excerpts

I do, and I hope that in answering the debate my right hon. Friend the Minister for the Armed Forces will take that point straight on the chin, because in many respects the armed forces are the resource of last resort, and cyber-security may be an area where the armed forces do not accept that responsibility.

There is a necessary focus within the defence world on securing the systems and networks needed by the MOD and the armed forces from cyber-threats. It is not only contemporary civil society that is utterly dependent on network technology; our armed forces are increasingly reliant on such technology for the tools of warfare, and the next step must be to ensure that the supply chain for those systems and their components is secure. That will require a trusting, transparent relationship between Government and their suppliers, with full disclosure of attacks and possible vulnerabilities, which runs all the way down the supply chain. The UK has world-class expertise and facilities on which to draw, but will the Government be able, in competition with the private sector, to keep enough of that expertise and experience in the service of the state? Are there enough such people to serve both and how should we prioritise?

The announcement by my right hon. Friend the Secretary of State for Defence in September 2013 about the establishment of a joint cyber reserve unit is a significant development, but that will rely on FTSE companies and other, smaller companies releasing key personnel to participate. Will my right hon. Friend the Minister for the Armed Forces tell us what progress has been made? According to the Government, the number of ICT and cyber-security professionals in the UK has not increased in line with the growth of the internet. Are there enough experts in industry willing to join a cyber reserve? Will technology experts—the geeks of our world—fit well within highly regimented military structures, or will a more flexible structure be required to facilitate their work?

--- Later in debate ---
Julian Brazier Portrait Mr Brazier
- Hansard - -

The hon. Gentleman is making an interesting speech. Does he agree that the issue is about not only the technical side but the personal side? More medieval fortresses fell through the inside touch than through outside assault. In the high-tech area, as everywhere else, people can be bought or suborned.

Dai Havard Portrait Mr Havard
- Hansard - - - Excerpts

The short answer is yes. The other aspect is who can be engaged to help to do such things. As the hon. Gentleman, who is on the Defence Committee, will know, the structuring of things to ensure a reserve capability is hugely important. The way in which the process is being put together is correct; there will be no monopoly on understanding in the areas we are discussing. We need as good a collaboration as possible. The delivery of the processes will not always be remote. Intelligence and knowing what is happening, where and with whom will be crucial. I shall come to that later.

The other question that comes up is about the law—I mentioned legitimacy earlier. I am helping to lead a sub-study in the Defence Committee of the military and the law. That is coloured, obviously, by Supreme Court decisions, individual cases and all the rest of it. The issue raises questions about international law, humanitarian law, extra-territorial jurisdiction and other things. An argument is being put that says, “We don’t need anything to be separate. This is a different domain, but all the current legal constructs are good enough and we do not need anything different.” I come back to my earlier point. We need to be clear about doctrine. In large part, our doctrine is public. Some, however, may not be as public as we would like, but we need to be clear about how we do things.

--- Later in debate ---
Mark Francois Portrait Mr Francois
- Hansard - - - Excerpts

A complicating factor is that it is not always immediately apparent where an attack may have come from. Sometimes it is possible to establish that a little later, but it cannot always be done instantly. That needs to be taken into account. However, I believe that the possession of a cyber capability that allows us to strike back could act as a deterrent to potential adversaries—not only in cyberspace but potentially against more traditional threats.

A number of Members have asked about how industry fits in, including my hon. Friend the Member for Reigate (Mr Blunt) and the hon. Member for Inverclyde (Mr McKenzie). Private industry is and will remain a key partner in cyber-security. A secure supply chain is vital for the business of all public sector delivery, and that is no less the case in defence. Our armed forces depend on a wide range of equipment and services provided by industry. As part of the NCSP, the Government are working closely with industry to ensure that it is aware of the changing nature of the threat and has effective counters in place.

The hon. Member for Makerfield asked for something specific to the Ministry of Defence. I am pleased to say that in addition, in July 2013, the MOD launched the defence cyber-protection partnership. That bespoke initiative aims to meet the emerging threat to the UK defence supply chain by increasing awareness of cyber-risks among our contractors and suppliers, sharing threat intelligence, and defining risk-driven approaches to applying cyber-security standards. In short, we already have something that is designed specifically for military and defence contractors and they are entering that programme.

Technology is only one part of the equation. People are essential. We know that the number of deep specialists and experts in this field is limited, and that all organisations, both public and private, are looking to recruit from that supply. However, defence can offer an exciting opportunity for experts to put their skills to use for the nation through the formation of the joint cyber reserve. Some hon. Members asked about that, and I will provide an update.

Recruitment to the joint cyber reserve commenced in October 2013, and there has been healthy interest. I cannot tell the hon. Member for Bridgend (Mrs Moon) how many of the applicants come from the Department for Work and Pensions, but I respect her assiduous work, as ever, in collecting statistics, and I have often been on the receiving end. I assure her and the House that we have recruited the first cohort of cyber reservists, and their training will commence in the spring.

On the basis of the healthy interest so far, we believe that within the next two years the cyber reserve will be fully operational with reserve personnel recruited, trained and operating alongside their regular military and civilian colleagues in the joint cyber-units at Corsham and Cheltenham, and in the information assurance units.

Julian Brazier Portrait Mr Brazier
- Hansard - -

I am sorry that I have had to be out of the Chamber for a long-standing engagement. Will my right hon. Friend confirm that the cyber reserve includes two long-standing squadrons that have been around for six or seven years and were part of the specialist group, the Royal Signals, and that those squadrons will go intact into the new set-up?

Mark Francois Portrait Mr Francois
- Hansard - - - Excerpts

My hon. Friend has raised this issue with me before. He asks a specific question about two specific squadrons. I believe that what he asks is the case, but I will write to him to confirm it. The House knows that he is the world’s greatest living expert on this matter, and I do not want to be the man to give him a wrong steer.

The cyber reserve offers individuals the opportunity to be part of the proud history and ethos of our reserves while working in a cutting-edge, technological field. The hon. Member for Bridgend asked about the effect on reservists if they travel to other countries. I will look into the good point she raised, and will return to her on that.

Cyber crosses national boundaries, a point that my hon. Friend the Member for Beckenham (Bob Stewart) made clearly, and so too must our view of this new domain. It is, therefore, essential that we work with our allies to ensure that we are not only able to operate with one another, but are aware of common threats. We are already working closely on cyber with our long-standing international partners, particularly through a defence cyber-contact group that includes the US, Australia, Canada, New Zealand and ourselves—the traditional “Five Eyes” partners.