Lord Leong
Main Page: Lord Leong (Labour - Life peer)Department Debates - View all Lord Leong's debates with the Home Office
(1 day, 16 hours ago)
Lords ChamberRead Full debate Read Hansard Text Read Debate Ministerial Extracts
Lord in Waiting/Government Whip (Lord Leong) (Lab)
My Lords, the Jaguar Land Rover cyberattack has highlighted the vital need for robust cybersecurity across the UK’s economy, which is why today the Government have written to leading companies with advice on strengthening cyber defences using tools like the Cyber Essentials scheme and the Cyber Governance Code of Practice. We strongly recommend and encourage all companies to follow this guidance. We will also introduce very soon the cyber security and resilience Bill to raise cybersecurity standards in critical and essential services such as energy, water and the NHS.
Lord Fox (LD)
My Lords, with the indulgence of the House, let me say that this weekend I came back from the NATO Parliamentary Assembly, where there were heartfelt tributes to the work of my noble friend Lord Campbell of Pittenweem. He was held in very high esteem. It is one example of his dedication to defending our national interest.
One of the concerns of the NATO assembly was hybrid warfare. Attacks like that on JLR may come from nation states or they may come from individuals, but together they add up to a war on our economy that is costing billions of pounds. The National Cyber Security Centre chief executive Richard Horne said today
“Cyber security is now a matter of business survival and national resilience”.
As the Minister said, Minister Jarvis has written to large companies, but can he assure your Lordships’ House that the Government understand that information campaigns alone, like that which he has just described, are not effective? Can he tell the House that he realises that there needs to be a substantial change in gear, because attacks like the one we saw on JLR prove that what we are doing today just is not working?
Lord Leong (Lab)
My Lords, may I echo the words of the noble Lord about the late Lord Campbell? On behalf of the Government and this side of the House, I thank the late Lord Campbell for his public service to this country. He will be sorely missed in this House.
The National Cyber Security Centre has been working very closely with Jaguar Land Rover to provide support in relation to the incident. The NCSC response to the JLR incident is ongoing, but it is set to reduce as mediation takes place. Throughout the event, the NCSC has been capturing feedback to inform national and internal incident management practices. The NCSC will participate in a cross-government “lessons identified” process to review how best to improve the Government’s response, share information across partners and react to some of the unique pressures, such as those that the noble Lord mentioned. The NCSC would be happy to share aspects, depending on classification, of this process with noble Lords and other Ministers once it has been conducted.
Lord Sharpe of Epsom (Con)
My Lords, according to the National Cyber Security Centre’s latest report—and following on from the noble Lord, Lord Fox—in the year to September, there were 18 highly significant attacks, meaning attacks with the potential to have a serious impact on essential services. Given the increasing frequency of these attacks, can the Minister reassure the House that the Government’s plans for a centralised national digital ID database would not create a single point of potential failure, one breach away from exposing the entire British public to foreign espionage, hostile state interference or domestic data misuse?
Lord Leong (Lab)
I thank the noble Lord for that point. As far as private enterprise is concerned, the Government will not interfere in what private business organisations do. However, government can produce the tools and the guidance so that companies can have a more robust and resilient approach to cyberattacks. For example, the Cyber Governance Code of Practice shows a board of directors how effectively to manage the digital risks to the organisation. As I said earlier, all companies, if they have not done so, should conduct a comprehensive risk assessment of their digital and cybersecurity framework. They should apply for Cyber Essentials certification or the various other forms of certification and ensure that they have appropriate cyber insurance.
Baroness McIntosh of Hudnall (Lab)
My Lords, I hope that my noble friend has had a chance to read an interesting article in this week’s New Statesman by Oliver Pickup about the people who have so far been arrested in relation to recent cyberattacks, particularly those on Marks & Spencer and Jaguar Land Rover, noting that they are very young and that, on the whole, they have learned their skills in hacking and cybercrime through their engagement with cybergames which they start very young. Will my noble friend have a look at that article if he has not had a chance to read it? Can he tell the House in what way the Government are aware of this issue and how they are addressing it within the education system and engagement with young people?
Lord Leong (Lab)
I thank my noble friend for that question. I have not read the article, but I will surely do so. The Government recognise the major role that UK cybersecurity professionals play in enhancing and protecting UK security, and it is vital that we support them. However, the defences are pretty complex, and we need to be very careful. While there are robust safeguards and oversight, we have concerns about how any defence could be exploited by cybercriminals and significantly hinder the successful investigation and prosecution of bad actors, so the Home Office is working closely with the National Cyber Security Centre, law enforcement and industry on this issue and will provide an update in due course.
Lord Vaux of Harrowden (CB)
My Lords, studies indicate that between 50% and 80% of cyberattacks result in the payment of a ransom. Ransom amounts are probably well over £1 billion a year, so it is no great surprise that cyberattacks are increasing: it pays well. Have the Government considered making the payment of ransoms by both public and private sector entities illegal?
Lord Leong (Lab)
The noble Lord makes an important point. I share with noble Lords that in the UK ransomware is considered the greatest of all serious and organised cybercrime threats and is deemed a risk to the UK’s national security by the National Crime Agency. In January 2025, the Home Office launched a consultation on a package of proposals to reduce the threat that ransomware poses to the UK economy. Alongside this consultation, significant stakeholder engagement also took place. Three proposals were consulted on: first, whether there should be a targeted ban on ransom payments to owners; secondly, a ransom payment prevention regime; and, thirdly, whether there should be a mandatory incident and reporting regime. The Home Office is progressing a new package of measures to protect UK businesses, and we will update the House accordingly.
Earl Russell (LD)
My Lords, today is the last day of free support for Windows 10. It is estimated that 39% of our home computers will be impacted, as well as UK businesses, industry and our very national security. Why we are not requiring extended security updates for Windows 10, as are now required across the EEA?
Lord Leong (Lab)
The noble Earl makes an interesting point that I mentioned earlier. Companies using outdated systems should consider whether that is still appropriate. To do so, I urge all companies to conduct Cyber Essentials certification. Once they have the certification, they can ensure that their customers and whoever they do business with are protected against cyberattacks.
Lord Grade of Yarmouth (Non-Afl)
My Lords, perhaps I might pose a somewhat more prosaic but urgent question. The crisis at Jaguar Land Rover had immediate and predictable consequences for the supply chain. The immediate call was for the taxpayer to stand in. Do the Government have a view about whether the banks should play their part in supporting good customers such as the supply chain of Jaguar Land Rover, which has a very good customer in Jaguar Land Rover? The crisis was clearly going to reach an end. I do not understand why the banks do not stand by. Otherwise, what are they for?
Lord Leong (Lab)
Noble Lords will know that there are certain commercial aspects of Jaguar Land Rover that I cannot possibly comment on. However, that said, the Government have published a Written Statement today stating that we will guarantee JLR £1.5 billion to ensure that it has sufficient cash reserves to pay its supply chain creditors. It will work its way through the whole system, and we hope that, eventually, most supply chain creditors will be paid accordingly.