Richard Graham
Main Page: Richard Graham (Conservative - Gloucester)Department Debates - View all Richard Graham's debates with the Ministry of Defence
(7 months, 2 weeks ago)
Commons ChamberI reassure my right hon. Friend that the reason I immediately asked the Cabinet Office to be involved is that, although I can do checks on that contractor and others across the MOD and MOD-related contracts, I cannot do so across the rest of Government. That is exactly the job that the Cabinet Office will now undertake. When data is stolen—or rather exposed and potentially stolen—it causes a great deal of concern and we want to ensure that that cannot happen. I reiterate that the data was not being held by the MOD systems and did not affect the MOD systems, but as Secretary of State I recognise that our responsibility extends to whoever is holding the data for our personnel, and I apologise to those involved again. This should never have happened and we will make sure it is put right.
The Defence Secretary has reassured us that there is no evidence yet of any data having been removed and there is no suggestion that the MOD’s core system and HR network have been compromised. Can he confirm whether there is any evidence yet of ransomware being used? What assessment has he made of whether any data has been published? Although he reassured my right hon. Friend the Member for Hereford and South Herefordshire (Jesse Norman) that the number of addresses that have been accessed is small, can he confirm that those veterans whose addresses have been accessed will be advised accordingly so that they can take security precautions, if need be?
Lastly, on the wider points, can the telephone helpline be used by anyone concerned about late payment of miscellaneous expenses? Will the Secretary of State relay to the Deputy Prime Minister my strong view that the time is ripe for a Cyber Re, or reinsurance, in the same way that we created Flood Re a while back, precisely to deal with the likely costs for small authorities, such as those alluded to, of having to repair their cyber-defences against such future attacks?
It is characteristic of my hon. Friend to include five questions in his one. The answers are: no evidence of ransomware; no evidence of data published; a very small number of addresses were accessed, and yes, those people will be contacted individually or as a group if need be; and late payments are unlikely to cause much of a difficulty, as I have said, because they will all be resolved by today and the money will be in people’s accounts either now or by the end of the week. However, if personnel have experienced any particular issues, they should take that initially through their chain of command. The phone number is also available and individual instances will be looked at on a case-by-case basis, as he would expect. He has probably taken me slightly out of my area on Cyber Re, which I think will be something for the Cabinet Office to consider. It sounds like a smart idea, but I am afraid he has got me outside my tracks.