Cybersecurity and UK Democracy Debate

Full Debate: Read Full Debate
Department: Cabinet Office
Tuesday 26th March 2024

(8 months ago)

Lords Chamber
Read Full debate Read Hansard Text Watch Debate Read Debate Ministerial Extracts
Baroness Chapman of Darlington Portrait Baroness Chapman of Darlington (Lab)
- View Speech - Hansard - - - Excerpts

My Lords, I begin by making clear, as my right honourable friend Pat McFadden did in the other place, that we on these Benches support the Government in their efforts to counter attempts by China or any other state to interfere with our democratic processes in any way. This includes attempts to prevent elected representatives from going about their business, voicing their opinions or casting their votes.

We pay tribute to the work of the intelligence and security services in protecting our democracy and the public more widely. However, we need to question the coherence of the Government’s approach to this issue so far. Surely it is necessary for the Government to have a consistent approach across government, as the cyber threat is not restricted to democratic processes. It extends to universities, electric vehicles, energy, aviation, the safety of Hong Kong nationals, and intellectual property. How confident is the Minister that the vigilance recommended today in relation to democracy, which many would say comes slowly rather than swiftly, is equally applied to other areas of activity? Does the Minister honestly think that the limited action outlined in the Statement is sufficient to deter China? Given what we now know, what further steps are the Government going to take, since the hacking and impersonation of parliamentarians is not the full extent of this and not at all the action of a friendly state?

The calculation of any state which wishes us harm or considers that it may be necessary to do us harm in the future has changed markedly in the last decade. That which previously would need to be achieved through violent means can now be done through cyberattack. The defeat mechanism now is different. Our energy supplies, communications, water, transportation and finances are all targets in a completely new way. Undermining our democracy is just another form of attack. Does the Minister accept that we currently lack a consistent approach across government? I ask this as noble Lords will no doubt be aware that the Foreign Secretary has been the subject of unhelpful speculation regarding his interests in China. It seems peculiar that information about this has been less than forthcoming.

The Intelligence and Security Committee issued a report on China last year. Paragraph 98 of that report said:

“Targets are not necessarily limited to serving politicians either. They can include former political figures, if they are sufficiently high profile. For example, it is possible that David Cameron’s role as Vice President of a £1bn China-UK investment fund”


was

“in some part engineered by the Chinese state to lend credibility to Chinese investment”.

As I understand it, in January 2023, prior to his appointment as Foreign Secretary, the noble Lord, Lord Cameron, went to Sri Lanka to drum up investment for Port City Colombo, which is a belt and road project launched by President Xi that many believe will become a military base for the Chinese navy. It would help to protect the reputations of the noble Lord and the UK Government if there could be some clarity on whom he met and what sort of conversations took place. Can the Minister assist in providing the necessary transparency and reassurance so that this matter can be put to bed? Can she tell us whether these matters have been investigated?

We have heard assurances from Ministers that the closed electoral register has not been hacked, but anyone taking broader interest in this issue will be aware that the danger is not just about a single cyberattack event, but rather that data is gathered in large quantities over time and can be used to train AI or be interrogated by AI with impacts that we do not yet understand. What are the Government going to do, across all departments and institutions, to protect against this threat? The threat is evolving, from spying and influencing to the disruption of elections and critical infrastructure. As the threat has changed, surely our response needs to change in turn.

Lord Fox Portrait Lord Fox (LD)
- View Speech - Hansard - -

We welcome this Statement, which we hope is a significant step towards a more strategic, cross-party approach to this issue. I take the opportunity to acknowledge our friend the noble Lord, Lord Alton, who has earned the opprobrium of the Chinese Communist Party thanks to his tireless campaigning. He should accept this as a badge of honour, albeit one that comes with ominous concerns. Over the last 24 hours, the Foreign Secretary issued a statement and called Beijing’s actions “completely unacceptable”. He added that:

“Such action from China will not be tolerated”.


Given that this is what the Government believe, the response to date seems feeble. This feebleness was highlighted by many of the Minister’s colleagues in the Commons, and not just Sir Iain Duncan Smith. But perhaps the reason for this caution was voiced by an unnamed Cabinet Minister quoted in the press as saying that the Government do not want to start a trade war. However, in response, China has said that it “strongly condemns” the UK’s “egregious” move to sanction Chinese hackers, adding that it would

“take the necessary reaction, as a matter of course, to the U.K.’s moves”.

What is the Cabinet Office assessment of the risk to the UK economy? How are the UK Government preparing to resist any retaliation?

During yesterday’s Statement, Deputy Prime Minister Oliver Dowden noted that it is no surprise that China

“should seek to interfere in electoral processes”

in successful democratic countries. The Deputy Prime Minister may not have been surprised, but the integrated review—even its refresh—does not anticipate this level of attack. What we have today is inadequate, so I suggest that the Government use this to instigate a process of significant and proactive cross-party consensus that we can take forward and have a cross-sectoral plan for our relationship with China.

The hack of the Electoral Commission is very worrying; can the Minister explain why it took so long for it to be disclosed? According to the NCSC, this data is highly likely to be used by Chinese intelligence services for a range of purposes, including large-scale espionage and transnational repression of perceived dissidents and critics in the UK. How will the UK Government protect those here in the UK-Chinese community who may be subject to long-distance repression?

Yesterday the Opposition’s spokesperson, and their spokesperson here today, rightly highlighted China’s voracious appetite for data and its potential uses as computing power improves. Even if data cannot usefully be manipulated and weaponised, it is used as a very useful training tool for artificial intelligence models, as we just heard. I echo the question asked yesterday: what are the Government doing to protect complex and valuable public datasets from being stolen in this way? Two, for example, are health data and criminal records, but is not just our existing datasets we should worry about; the Chinese have the capability to build their own. For example, years after the decision to remove it, Huawei remains integral in our telecoms infrastructure. The Hikvision ban extends only to so-called sensitive sites, despite the fact that we have pushed hard to ensure that it extends to all public buildings.

This is just the tip of the data-gathering iceberg that exists already in this country. For example, last week, the Council on Geostrategy published a new policy paper highlighting the risks from Chinese cellular modules—so-called IoT modules. This raises an issue around the role of devices that sit inside almost every internet-enabled device, creating another whole cyber danger area. Then there are electric cars, which are little more than data hoovers, sending information back to China.

China has data and technology strategies that directly link to its strategic and security aims. They are decades ahead of our defences. We have to work together, and quickly, to develop the necessary responses. Despite the very good work that has been done by our own agencies to protect us, so much more is needed.

Baroness Neville-Rolfe Portrait The Minister of State, Cabinet Office (Baroness Neville- Rolfe) (Con)
- View Speech - Hansard - - - Excerpts

My Lords, I thank the noble Baroness, Lady Chapman, and the noble Lord, Lord Fox, for their comments. I also thank the noble Baroness for her support for the important work across the piece, including by the intelligence services, in the more serious situation that we now find ourselves in.

I should start by explaining that we are vigilant and we do try to take a consistent approach, across government. We have made a lot of changes in the cyber area in the last two or three years. As for the activity announced yesterday by the Deputy Prime Minister and the question of delay, raised by the noble Lord, Lord Fox, this was a complex operation. It required painstaking work from the intelligence community to enable UK Ministers to confidently attribute the hostile cyber activity to Chinese state-affiliated actors. I hope noble Lords will be reassured to know that we have been working hand in glove with our international partners to collectively identify those responsible and to hold them to account. A number of partners have made follow-up statements within the last 24 hours.

The activity we announced builds on the broader work that the Government have led to expose hostile cyber activities conducted by states targeting UK interests and the democratic systems that we all value, including our democratic processes, which were affected by Russian intelligence services in December.

This is part of a wider, proactive approach. The National Cyber Security Centre has made a lot of difference right across the board, both for government and business. We passed the National Security and Investment Act 2021, the Higher Education (Freedom of Speech) Act 2023 and the National Security Act 2023 —which updated the Official Secrets Act and made espionage offences more 20th-century by introducing a harder operating environment. These are all extremely important.

We continue with our resilience work, across the piece, to strengthen cyber skills. The noble Baroness, Lady Chapman, is right that we need to look at critical national infrastructure and other issues.

The noble Baroness mentioned that my noble friend the Foreign Secretary was criticised by the Intelligence and Security Committee. I think she was referring to the committee saying that his role as vice-president of a China-UK investment fund was in some part engineered by the Chinese state to lend credibility to its investment. I do not think China can have been that influential, because the fund did not go ahead.

The noble Baroness also mentioned Port City in Sri Lanka. Obviously, the Foreign Secretary was a private individual at that time, but I understand he spoke at two events in the UAE. They were organised by an international speakers’ bureau, which supported this major infrastructure project. The noble Lord, Lord Cameron, was not engaged in any way with China or any Chinese companies about these speaking events. His engagement followed a meeting held with Sri Lanka’s president earlier in the year. The Port City project is, of course, supported by the Sri Lankan Government.

As has already been mentioned, the Foreign Secretary has been very clear that the targeting of UK democratic institutions and political processes is completely unacceptable. He made another statement about this yesterday. He raised it personally with the Chinese Foreign Minister, Wang Yi, making it clear that malicious cyber activity by Chinese-affiliated actors is unacceptable. That is the position today. The appointment of the noble Lord as Foreign Secretary followed an established process both in relation to peerages and to ministerial appointments. I hope I have helped clear this up.

The noble Baroness was interested in the impact of the incidents that were discussed yesterday which led to the sanctioning of two individuals and an entity associated with APT31. What happened was that actors were able to access copies of the electoral register in the Electoral Commission’s file-sharing system. The electoral registration officers for each local authority hold the live versions of the electoral registers—I think we have discussed this before—and they were unaffected. The electoral register does not contain things such as national insurance numbers or nationality data, nor does it give the age of individuals except in limited circumstances.

No parliamentary accounts were successfully compromised. The Parliamentary Security Department, which led on follow-up, assessed that this was reconnaissance activity and that parliamentary networks and accounts were not compromised. Clearly, we need to be vigilant, and that is the message that I am getting across the House this evening. It was not that serious, but we do not want other Governments of any kind to interfere with the democratic process, because it is so important.

On broader work, the National Cyber Strategy 2022 was supported by more than £2.6 billion of investment over three years. It is focused on delivering a step change in the UK’s cyber resilience, and that extends far and wide. I am involved in what is now called the Integrated Security Fund and used to be the CSSF. We have been putting more investment into cyber, because cyber knows no borders, so it is important to work with other countries on exactly these issues.

We banned Huawei from our 5G network, as we heard, and—I see that the noble Lord, Lord Alton, is in his seat—we took steps on Chinese security cameras, thanks to his help. We made a lot of changes in the Procurement Act, again thanks to detailed work done in this House. All these changes are important.

The noble Lord, Lord Fox, talked about the need for collaboration, and we have made it clear that we are happy for more conversations on these points. I commend the work done by the Parliamentary Security Department. Alison Giles now sits on the Defending Democracy Taskforce, which I sit on and Tom Tugendhat leads, and a lot of changes have been made. Only today, a letter went round encouraging all MPs and noble Lords to do more—the top 10 tips for mobiles, personal cyber, how to get more support and account registration so that your emails and phones can be monitored by the NCSC.

I thank noble Lords for their pressure, because this is an important area. We need to take proportionate measures and stay vigilant.

--- Later in debate ---
Viscount Waverley Portrait Viscount Waverley (CB)
- Hansard - - - Excerpts

My Lords, the Minister might wish to give some insight into how the meeting with the Chinese ambassador went this morning so that we get the fullest idea about all the sides that are party to this deplorable situation.

As is customary in your Lordships’ House, I should declare being the custodian of the totally unused domain name beltroadhub.com. I registered it 15 years ago with no particular practical reasons as to what I was going to do with it, and there it still lies. I inform the House accordingly.

Lord Fox Portrait Lord Fox (LD)
- Hansard - -

Cyberattack.

Viscount Waverley Portrait Viscount Waverley (CB)
- Hansard - - - Excerpts

Noted. I must re-emphasise that it is an unused domain.

I am at one with the thrust behind the Statement. The Government and agencies are right to adopt a firm approach. However, although repercussions should be expected for rule of law, human rights and interference abuses, conversely, do the Government believe that constant prodding of the dragon can have consequences that go counter to many British interests and on occasions might be self-defeating? Exploring and not thwarting areas of mutual co-operation, building on respect of strength through dialogue and engagement, should not be lost sight of, including on those areas of concern illustrated in the Statement.

Baroness Neville-Rolfe Portrait Baroness Neville-Rolfe (Con)
- View Speech - Hansard - - - Excerpts

To answer the noble Viscount’s question, my understanding is that the Chinese ambassador condemned the “groundless accusations”, accused the UK of smearing China and stated that China was a victim of cyberattacks, including from the UK. He warned that China would adopt firm countermeasures in response but gave no further detail. This matches historical responses when we have called people out for hostile cyber activity, but they have not done anything further. I should correct myself; I understand that the meeting was with the chargé d’affaires.

I do not have a lot more to say on our attitude to China. I said that our approach needs to be rooted in our national interest. China is a permanent member of the UN Security Council. It is the second-largest economy in the world and has impacts on global issues of importance, such as climate change. Proportionate action is necessary but I feel that it is right that we have taken the action that we have. We must protect our democracy and our Members of Parliaments—that is, Members in the other place and here. That is an issue that has to be properly tackled, and the Government are determined to do just that.

Lord Fox Portrait Lord Fox (LD)
- Hansard - -

My Lords, given that there is time, the Minister mentioned the National Security and Investment Act. We are in a happy situation because when that then Bill was being discussed, she was a lowly Back-Bencher making a lot of very constructive suggestions to the then Minister, the noble Lord, Lord Callanan, who was running it through. The Act is now under the supervision of the Cabinet Office, so we are in a position where the poacher is now the gamekeeper.

The Minister will remember that one of her points at the time was about infrastructure and whether, and by how much, it was included in that Act, so it would be useful to get an update now that she is in a position to influence this. She will also remember that there was quite a lot of discussion, and indeed some amendments, around the potential role for the Intelligence and Security Committee in connection with that Act. Would she now acknowledge that, given the nature of the problems we face, it makes even more sense than it did then for the ISC to be directly linked into the Act’s implementation?

Baroness Neville-Rolfe Portrait Baroness Neville-Rolfe (Con)
- Hansard - - - Excerpts

I note what the noble Lord says about the committee. It does a very important job and we do listen to it. I look forward to giving it evidence soon on the integrated security fund. The noble Lord probably has a better memory than me of the detail of the points I made when I was on the Back Benches, before I became the gamekeeper. What I would say about the National Security and Investment Act is that it has allowed us to take a broader approach than many other countries, and in 2022-23 we received 866 notifications and issued 15 final orders blocking, unwinding or attaching conditions to deals, of which eight had an acquirer link to China. I think it shows that some of the legislation that we put through this House and work on together in detail can be very valuable.