Lord Hannay of Chiswick

- Hansard -

Copy Link

-

My Lords, it is a genuine pleasure to have the task of following the distinguished maiden speech of the noble Lord, Lord Browne of Ladyton, and giving him the very warmest of welcomes. I first met the noble Lord just over a year ago when we were both members of the cross-party group that went to Washington to discuss issues of multilateral nuclear disarmament. Over our three days there, he displayed three qualities: a sense of humour that survived even a bruising encounter with Senator Jon Kyl, no friend of disarmament of any kind; affability; and the capacity to address even the most complex and technical subjects—and they do not come much more technical and complex than nuclear disarmament and cyberwarfare—in comprehensible and compelling terms. All these qualities were demonstrated today in his maiden speech. He will be a timely reinforcement to the group of former Defence Secretaries and military men in the House whose skill and experience will surely be of value when we come to address the coalition Government's defence and security policy review, due out next week. He will bring the same qualities to discussion of the issues of multilateral nuclear disarmament, to which he has already made a notable contribution as founder and convener of the top-level all-party group set up to match here the advocacy in the United States of Messrs Shultz, Kissinger, Perry and Nunn.

It can be said with a tolerable degree of certainty that this is the first serious full-scale debate in this House, or indeed in this Parliament, on how best to face up to the threat from cyberattacks. However, it will not be the last, because the target against which that threat is directed—our society’s increasing dependence on sophisticated forms of electronic communications—is continuing to grow at a frantic pace which shows no sign of slacking; because that is a worldwide phenomenon which increases the vulnerability of every country in the world; and because the target, as it grows, is likely to become softer unless effective countermeasures and increased resilience can be devised.

To believe that that target will not be at risk in circumstances of heightened international tension or open hostilities would be a triumph of hope over experience. Therefore, this report is surely a timely one—a very necessary reminder of the need for sustained effort at the national, European and wider international levels if we are to deal with that vulnerability. I pay tribute, in particular, to my predecessor as the chair of the sub-committee which produced the report, the noble Lord, Lord Jopling, for the masterly way in which he guided our deliberations and shaped our report, and for his introduction to this debate.

First, I shall say a word about the scope of the report. We were guided, as we had to be, by the EU document that we were examining. That document limited itself to cyberattacks. It did not, therefore, cover cybercrime at all and so nor does our report. However, cybercrime is already a massive enterprise. As usual, the criminals have moved more rapidly to capitalise on the opportunities offered by technological advances than the law enforcers have developed ways of frustrating them and bringing them to justice. Therefore, the scale and nature of the problems faced by us and by other states are a great deal larger and more complex than those that are covered in this report.

This new threat from cyberattacks, which is covered in the report, is in almost every way quite different from most other threats that we have faced, and so will need to be our response. If it resembles any other threat, it is perhaps closer to the one that we faced from nuclear weapons in the early years after their discovery, when we did not have a clear idea of what response would work best and whether deterrence would be effective. I am indebted for that analogy to Professor Joseph Nye of Harvard, whose paper, Cyber Power, was published in May of this year and which I commend for its clarity of thought.

Of course, that analogy is not exact—analogies never are. But just as the doctrine of mutually assured destruction has driven us back towards serious work on nuclear disarmament, the realisation that massive retaliation against cyberattacks could well be a cure worse than the disease, risking bringing the whole or large parts of the internet system down in its wake, should push us in a similar direction. The asymmetry of threats from nuclear weapons in the hands of terrorists, which makes nonsense of earlier deterrence doctrines, is matched in some ways by the inherent asymmetry of threats from cyberattacks, where state origin is so easy to conceal, as we have seen in the cases of Estonia and Georgia, and perhaps now in the case of the Stuxnet attacks on Iran.

This analysis points, as does our report, to the need for a much intensified international dialogue between the main players—the US, the EU and its principal member states, of which the UK is one, China, Russia and a few others—about how best to understand and how best to counter the risks from cyberattacks. Out of better understanding could come better countermeasures and less reliance on what may prove to be faulty doctrines of deterrence. Would all this lead on to international agreements or treaties, or, rather, would it consist in a system of close consultation and confidence-building measures? I suspect that it is too soon to say. Much will depend on the willingness of the main players to work together and to recognise a common interest in avoiding cyberattacks. After all, every cyberattack, however well concealed in its origin, begins in some state's jurisdiction. The willingness of states to act in a co-operative manner is, therefore, crucial. I hope that the Minister will feel able to respond to that analysis when she replies to the debate.

Apart from these wider international considerations, our report focuses naturally on the EU dimension. Here both the report and the Government’s very constructive response reveal much common ground. Although national security remains a national responsibility, the UK has an important interest in strengthening the resilience of all 26 member states against cyberattacks and some of them are clearly not well prepared at all. As a member state which is better prepared than most, we could and should play an important role in strengthening overall resilience. After all, these are our biggest markets and our most integrated partners and there should be an opportunity for the UK to play a leading role. It was a welcome sign that all our Commission and ENISA witnesses, as well as those from outside Government, seemed to share that analysis and to welcome a very active British role. I hope that the Minister will confirm that we will do just that; we will do what we can to make Europe-wide training exercises and the testing of systems a real success.

On ENISA and the possible widening of its mandate in the review of its activities which is now taking place, I thought that there was a rather grudging tone in the Government's response, which perhaps is a reflection of financial concerns. But using ENISA to strengthen the European response to cybercrime would surely make sense. Cybercrime does not stop or start at our borders. Weak handling of it elsewhere in the EU will impact negatively on us too, so I hope that the Government will think again about that and will take a positive attitude towards an extension of ENISA’s mandate. Of course, the siting of ENISA in Heraklion should never have happened and it would be good if the Government would confirm that that sort of aberrant decision will not be repeated. All the evidence that we received indicated that ENISA was valued by practitioners and was rated as doing a good job, so the case for putting it to better use would seem to be quite compelling.

In conclusion, I would like to pay tribute to the previous Home Office Minister, the noble Lord, Lord West, who is not in his place, and whose evidence to the committee was frank and valuable. We look forward to maintaining that relationship with his successor; I hope that the noble Baroness will keep the Committee closely informed of developments in this area of EU activity. We look forward to taking evidence from her when the occasion justifies it.