Lord Hodgson of Astley Abbotts

- Hansard -

Copy Link

-

My Lords, I am a member of Sub-Committee F. I begin by thanking the noble Lord, Lord Hannay, for his excellent chairmanship of proceedings and for managing to dock our little boat so successfully. I also thank our clerk, Michael Collon, for his indefatigable work in making sure that we stayed on the straight and narrow, and our special adviser, Stephen Hawker. This is a complex and difficult area and without his advice and help we would have floundered.

I am firmly of the view that national security must be the responsibility of each member state, on two grounds. The first is that in a liberal, plural democracy, the ability and readiness of a country to defend its citizens is the fundamental part of the social contract by which we all coexist. Secondly, and no less importantly, the way that policing takes place is a reflection of history: the historical traditions of a country and the way that its society has developed. Traditions will be quite different from country to country. There is no one-size-fits-all approach.

Nevertheless, in that ghastly and hackneyed phrase, we live increasingly in a global community. The Commission's communication on the EU's internal security strategy, with its focus on the five areas that the noble Lord, Lord Hannay, read out, and which I will not repeat, makes it clear that there is a world dimension to these issues, quite apart from the EU dimension, which we have to take into account. I will repeat his quotation from paragraph 17 of our report, which states:

“The security of the United Kingdom does not begin or end at the water's edge, and cannot be defended independently of the security of other States”.

The complexities of trying, for example, to prevent terrorism or disrupt international crime networks are compounded when they are addressed through a multinational organisation such as the EU. Success in the five selected fields will require leadership of the highest quality, providing focus for dedicated and expert resources, deployed consistently over time. This is painstaking work; these are hard yards to gain. My concern is that our report showed that to some extent the EU has so far failed to address the challenges and yardsticks that the approach requires.

I turn first to leadership. As the noble Lord, Lord Hannay, pointed out, we now have the standing committee COSI whose chairmanship rotates every six months, in line with the EU presidency. I urge my noble friend to readdress this point. This is a committee of critical importance, whose chairman has barely got his feet under the table before he is moved on. On that basis we cannot get the consistent and focused leadership of the very expert resources that we need. We need to find a way—I am no expert in the diplomatic niceties of this—to ensure that somebody takes responsibility for a longer period of time. If we heard that one of our largest private companies was rotating its chairmanship every six months, we would think that it had taken leave of its senses.

The membership of COSI seems to be complex and frequently changing. I understand that so far it has not included representatives of FRONTEX or Europol. Given that two of the five objectives of COSI are improved border management and the disruption of international crime networks, not having FRONTEX and Europol representatives on the committee seems at the very least to be counterintuitive. Further down the chain of command, the situation is even more unsatisfactory. As the noble Lord, Lord Hannay, referred to, box 10 on page 51 of our report lists the 14 bodies involved: seven working parties, three working groups, one group, one task force, one committee and one strategic committee. To be candid, this does not give me confidence that we will have a joined-up approach because, to be effective in this area, very close attention to tiny details is essential and good communication is no less so. From my point of view, there is a good deal of work to be done on the strategic shape of the architecture of the EU’s approach to this very important area, which we have highlighted in our report.

This is all at EU level and, as I have already noted, internal security is a matter for each member state, so, as the noble Lord, Lord Hannay, said, there is also a balance to be struck between, on the one hand, the freedom, privacy and prevention of unnecessary intrusion that the citizen is entitled to enjoy and, on the other, the need for the protection of the citizen. As the work on the EU’s internal security strategy develops and gets traction, I hope there will be an important scrutiny role to ensure that this balance is maintained by the European Parliament, national Parliaments and intergovernmental activities and organisations. I hope very much that we will keep our eye firmly on this one, because the creep of intrusion into our individual personal lives on the grounds that national security demands it is very insidious.

The rest of my remarks focus on cyberspace and cybersecurity. On 15 September last year, an article in the Times quoted a Cabinet Office source that last year intellectual property theft cost UK companies £9.2 billion, industrial espionage cost UK plc £7.6 billion, online theft cost business £1.3 billion, blackmail cost business £2.2 billion and identity theft cost consumers £1.7 billion. This is clearly an area that does not respect national boundaries.

However, the way we tackle cybersecurity is made more challenging by three features. First, we all increasingly wish to be in open communication. We wish to do more and more online. We are being encouraged to do more and more online. We believe our prosperity and future growth depend on online communication, so the channels by which the criminal can approach us are widening and broadening all the time.

The second issue is the fear of fraud being published. It is perfectly clear that many firms do not wish the news of a cyberattack to be published. They fear that it may lead to imitative attacks. The knowledge that a firm has had an attack may lead others to try the same approach and, of course, very importantly, it saps public confidence in a firm’s reputation, and nowhere is that more important than in financial services. So the second challenge is: how do we make sure that people, firms and financial institutions bring forward the information without fear of disadvantaging themselves?

Thirdly, and finally, what sort of organisation do we need to tackle these types of crimes? We had some powerful evidence about how conventional structures in government and policing are hierarchical. They are age based, and very often they are arts graduate-training based. In the cyber area, the ideal structure is very different. It is not hierarchical at all. It is completely flat. It consists of very much younger people, and it has a physics and engineering-based orientation. That is going to present a real challenge to COSI and other organisations about how you integrate those two very different approaches.

As far as the EU is concerned there is a further challenge: namely, the variable understanding of the threat and its seriousness. At paragraph 19, we refer to the evidence that we took from William Shapcott, the former director of SitCen. He said:

“You can roughly divide the member states into three groups: those who are threatened and who really understand it. The UK is clearly in that group, and the Germans and the French are as well. Then there is a group that possibly is threatened but maybe doesn’t properly register it, and then maybe some that aren’t terribly threatened”.

He went on to explain that as the threats changed so would the groups, which could learn from one another.

That takes me to the really important point about the establishment of the cybercrime centre as being a means whereby experience, knowledge and information can be shared. I am delighted that the Government have decided that it should not be placed at Heraklion in Crete as part of ENISA. We have kicked poor old ENISA often enough and hard enough. I am delighted that there will not be a new body and I hope very much that it will find its way into Europol because it is, after all, crime that we are talking about.

As part of that, I hope that the Government will give some attention to a sub-theme. In our sub-committee, we have had quite a lot of evidence that in a number of cases bilateral arrangements between individual countries have led to the bypassing of EU institutions. We have heard about it as regards Europol in particular. Therefore, instead of information and intelligence being routed through an EU body, it is done on the basis of relationships between the police forces of individual countries. I do not mind people having bilateral relationships but there should be a discouragement of not making sure that Europol goes into the link. If we have a patchwork quilt of relationships depending on who knows who, who gets on with who and who trusts who, critical issues will get lost and overlooked and their significance will not be understood.

I hope that the Government will make some efforts to encourage, as far as we in this country and other countries are concerned, the use of the valuable resources that will be built up in these EU agencies. It puts a responsibility on the EU agency itself. We had a comment from a Dutchman who said that Europol was like a black box into which you put a comment and nothing came back. There is a responsibility on the agency to respond. It was a fascinating report on a fascinating area.

In my final minute, perhaps I may refer my noble friend to the UK cybersecurity strategy document published in November 2011. It is very interesting and a very good read, and lots of interesting recommendations are listed at the back. It covers nearly all the departments from BIS to DCMS to the Foreign Office to MoD. It has a huge range of responses required from individual government departments. However, there is very little about our relationships with Europe and COSI. There is something but not a lot. I very much hope that the Government will give some weight to developing our European response to these intransigent, intractable and difficult issues. Unless national Governments put some weight behind COSI and bodies like that, there is no hope that we shall be able to attack these extraordinarily challenging crimes and crime networks satisfactorily.