14 Yvonne Fovargue debates involving the Ministry of Defence

Defence and Cyber-security

Yvonne Fovargue Excerpts
Tuesday 4th March 2014

(10 years, 8 months ago)

Commons Chamber
Read Full debate Read Hansard Text Read Debate Ministerial Extracts
Yvonne Fovargue Portrait Yvonne Fovargue (Makerfield) (Lab)
- Hansard - -

Labour Members welcome the increased focus that cyber-defence is receiving. The report by the Defence Committee is evidence of that focus, so I congratulate its members on their excellent work. Cyber-attacks are at last properly acknowledged as a serious threat to our national security and are rightly prioritised as a tier 1 risk in the Government’s 2010 national security document. As the Committee’s report says, the threat is liable to grow and evolve at “almost unimaginable speed”. Indeed, the pace of technological change is faster than traditional Government structures and time lines can cope with. As my hon. Friend the Member for Barrow and Furness (John Woodcock) said, five years is a long time in the cyber-world and the threat from cyber-attack is rising exponentially. The number of global web users in 1995 was 16 million; it is estimated that by 2015, there will be more interconnected devices on the planet than there are human beings.

As communications technologies spread and as the UK critical infrastructure networks become even more heavily based on IT networks, cyber-defence becomes an increasingly pressing security concern. There will be even more attacks. According to the Government’s own national security strategy document, the UK faces up to 1,000 cyber-attacks every hour, which is estimated to cost the UK £27 billion a year. Cyber-attacks are now a constant reality, with the Government, the private sector and private citizens all under sustained cyber-attack from both hostile states and criminals, as my hon. Friend the Member for Bridgend (Mrs Moon) articulated so well.

I have no doubt that the Government take the threat of cyber-attack seriously, although perhaps not seriously enough. The report makes it clear that Ministers have not yet put in place the infrastructure to deal with that real threat properly, or approached the problem with vigour or sufficient robustness. As the right hon. Member for North East Hampshire (Mr Arbuthnot) said, the problem is agile and many-layered—I think it has been likened to an onion, and the Opposition would agree with that.

Bob Stewart Portrait Bob Stewart
- Hansard - - - Excerpts

It is not an onion, because that implies that one peels away a layer to get at it; actually, it is an attack on all institutions—every single part of our society—simultaneously. I therefore disagree with the onion analogy.

Yvonne Fovargue Portrait Yvonne Fovargue
- Hansard - -

I will not be tempted to go further into vegetable analogies. I think the multi-layered approach is the one we are dealing with here.

The Government have committed £650 million over four years to the cyber-security programme, which seems like a significant sum, but only 14% of that was allocated to the Ministry of Defence, while the total investment equates to only 0.6% of the £27 billion that the UK loses through cybercrime every year. In its report, the Defence Committee questioned whether enough was being done to secure the supply chain and the industrial base. We know that supplies of armed forces’ equipment are increasingly being targeted, and are especially vulnerable to cyber-attack. In their response, the Government say they are working closely with industry on matters such as information sharing and incident reporting, but give precious little detail. The Government need to go further, and Labour is calling on them to ensure that every company working with the Ministry of Defence, regardless of its size or the scale of its work, signs up to a cyber-security charter. That will ensure that hackers cannot use the small suppliers to get into the systems of the major defence companies. As my hon. Friend the Member for Inverclyde (Mr McKenzie) said, the risks from cyber-attacks are huge and growing; we need to do everything we can to protect against them, and the MOD and its contractors should lead by example.

The Government also refer to progress on the joint cyber reserve—an initiative to involve reservists in the delivery of cyber-security—but give little detail. Will the Minister say what progress has been made in that important matter? I would particularly like to hear his thoughts on recruitment. The cyber reserves are not likely to be a traditional military outfit: the skills are entirely different. Is it essential that those reservists meet the usual fitness standards of the armed forces? A senior US officer said it was not essential that they were able to march 3 miles with a pack on their back, and I think most people would agree. It would be interesting to hear the Minister’s thoughts on the requirements for the new force and how its personnel will fit into the military model.

What is the Minister doing to attract recruits? We have heard that a lot of the top universities are running cyber programmes with top computing graduates. Is the Minister attending those events or approaching careers fairs? Is there a career path that will be attractive to young graduates—we need not only to recruit but to retain those graduates. A recent study by the Army Families Federation shows that large numbers of married Army personnel want to leave the service. That will be all the more problematic with cyber personnel, as there are many lucrative private sector jobs tempting them away. But of course many of the skills and experiences required for this are prevalent in the defence industry. What steps is the Minister taking to encourage firms involved in Government contract work—not just in the defence but throughout Government—to encourage their staff to become reservists? What responses are there from such firms?

The new joint cyber-force is described by the Secretary of State in terms of its offensive rather than defensive capabilities, enhancing our ability to strike back in cyberspace against enemies who attack us. But as my hon. Friend the Member for Merthyr Tydfil and Rhymney (Mr Havard) said, what are the rules of engagement? Land, sea and air have been the traditional theatres of war. Cyberspace is new and untested. What constitutes a cyber act of war and, equally important, what would be a proportionate response to an act of aggression? For example, if all London’s systems were knocked out by an electromagnetic pulse device, would that be an act of war? What would we do about it? As my hon. Friend the Member for Bridgend said, how would we know who did it? In short, what are the rules of engagement?

It would also be interesting to hear whether the Minister believes that the concept of deterrence applies to cyber-defence as it does to conventional defence as perhaps those with the most ability to attack our cyber-capabilities have the least reliance on their own cyber-capabilities. What role does he envisage offensive cyber-capabilities playing in this? Do we work alone or in concert with others? The Secretary of State has made much of cyber-security being a sovereign capability but we have been working with other nations in supranational bodies for some time; for example we are a member of the “Five Eyes” group, which includes the USA, Canada, Australia and New Zealand, and we have also been working with NATO. The report cites the important work of the NATO cyber-defence centre of excellence. Of course this is based in Estonia and was created as a direct consequence of the cyber-attacks on that country in 2007. There is excellent work undertaken there and I am glad that the Government are committed to participation in the centre, although some may doubt whether the contribution of £20,000 per annum will have much impact. But the lesson to be learned here is that we cannot afford to wait until an attack happens before we act. We have to be proactive.

Since the publication of the report, we have seen developments within the EU’s common security and defence policy. The European Council meeting on 19 and 20 December last year led to a call for the development of an EU cyber-defence policy framework in 2014. I would be interested to hear what talks have been taking place about this. Working with, and within, bodies such as the “Five Eyes”, NATO and the EU is vital, not only for intelligence sharing but for developing common rules of engagement. We must be aware of the threat and how best to counter it. That is why we need all the organisations to work together.

A further point is public trust. The public have to have trust in what we are doing to protect them and that is why accountability is so important. The USA has FISMA, the Federal Information Security Management Act, of course. What research has been done into how this might translate into our own system? We must also ask what role Parliament and the Intelligence and Security Oversight Committee should have in this new era of cyber-defence.

Currently we are accustomed to thinking of security in terms of three forces; army, navy and air force. But in many ways cyber does add a fourth strand. Just as the creation of the RAF in 1918 demanded a whole new way of thinking about defence and war, the increasing cyber threat means that we need to do some fresh thinking now. We have to think seriously about how we can combat this new threat because one thing is certain; it can only grow. Conventional borders will have less and less impact but the impact on civilians and the military will be greater and greater.

When the internet and electronic communications were first devised it was thought that they would impact only on academics in ivory towers. They have developed in ways that were never imagined then and have become an everyday part of our lives. Imagine a world without banking, power, communications systems, computers, control of our weapons. It absolutely does not bear thinking about, which is why we have to think about it and ensure that the MOD and the military are ready to take on this threat, and that they know their part, and play their part, in protecting our country and its citizens from this new and fast-evolving threat.

Oral Answers to Questions

Yvonne Fovargue Excerpts
Monday 3rd February 2014

(10 years, 9 months ago)

Commons Chamber
Read Full debate Read Hansard Text Read Debate Ministerial Extracts
Yvonne Fovargue Portrait Yvonne Fovargue (Makerfield) (Lab)
- Hansard - -

Following the meeting on the common security and defence policy on 19 and 20 December, the European Council called for the development of an EU cyber-defence policy framework in 2014. Will the Minister tell us what that will mean for us, in terms of our involvement and responsibilities, and explain how it will interplay with the work on cyber-security currently being undertaken by NATO?

Andrew Murrison Portrait Dr Murrison
- Hansard - - - Excerpts

The first thing to say is that we should resist absolutely any duplicity—[Interruption]—any duplication between NATO and the European Defence Agency. It goes without saying that we should avoid duplicity at all times. The important point to note is that cyber-security is a sovereign capability and is therefore not something that we believe should be subcontracted to supranational organisations. Of course we have to discuss doctrine and dogma and how we interact with this evolving modality, but cyber-security remains a sovereign capability as far as we are concerned.

Oral Answers to Questions

Yvonne Fovargue Excerpts
Monday 16th December 2013

(10 years, 11 months ago)

Commons Chamber
Read Full debate Read Hansard Text Read Debate Ministerial Extracts
Philip Dunne Portrait Mr Dunne
- Hansard - - - Excerpts

The hon. Gentleman will be aware that the strategic defence and security review 2015 will be the opportunity to review new capabilities in the unmanned space. He might also be aware that the ScanEagle unmanned maritime system is due to enter service in the new year.

Yvonne Fovargue Portrait Yvonne Fovargue (Makerfield) (Lab)
- Hansard - -

Cyber-security attacks constitute an increased threat to the supply chain. How is the MOD working with the industry to ensure sufficient and proportionate cyber-security in the UK supply chain?

Philip Dunne Portrait Mr Dunne
- Hansard - - - Excerpts

As the hon. Lady might be aware, last July we announced the defence cyber-protection policy, which works in conjunction with industry to develop awareness of cyber-defences across the 13 largest defence contractors and with the SME representatives, the trade associations. We are working closely with industry to develop cyber-defensive capabilities.

Oral Answers to Questions

Yvonne Fovargue Excerpts
Monday 4th November 2013

(11 years ago)

Commons Chamber
Read Full debate Read Hansard Text Read Debate Ministerial Extracts
Mark Francois Portrait Mr Francois
- Hansard - - - Excerpts

In addition to the more than £600 million to which I referred, a £210 million investment to further bolster our cyber-defences was announced by the Chancellor in a statement to Parliament on 26 June this year. That is a clear indication that cyber will play a role in a national deterrent posture. It is critically important to the country, and that is why we are investing in it.

Yvonne Fovargue Portrait Yvonne Fovargue (Makerfield) (Lab)
- Hansard - -

It is reported that convicted hackers could be recruited to Britain’s cyber-defence force. What assurances can the Minister give that robust and sufficient measures will be in place to ensure that national security will not be compromised as a result?

Mark Francois Portrait Mr Francois
- Hansard - - - Excerpts

I can tell the hon. Lady, and indeed the House, that cyber-reserves will be subject to the same stringent vetting process as other members of the Ministry of Defence. Regarding criminal convictions, all applicants seeking to join the regulars or reserves are looked at individually, and a decision is made based on the type of conviction and sentence imposed. No one will be employed as a cyber-reserve if there is evidence that they represent a security risk which means that they cannot pass the vetting process.