Previous Section Back to Table of Contents Lords Hansard Home Page

We have had an excellent debate today. I thank noble Lords very much for their contributions. I congratulate the noble Baroness again on giving the House the opportunity to discuss this important issue. The National Dementia Strategy is an excellent document that spells out the full range of changes that need to be made. These changes will not happen overnight. However, the Government are fully committed to their implementation. An excellent start has been made in creating the dementia services that we can all be proud of in the future.

1.53 pm

Baroness Murphy: My Lords, I thank the Minister for her very helpful response. With that little hint of more money to come, I feel even more optimistic. I am very grateful for the wise contributions that have been made to the debate today. The personal story of the noble Baroness, Lady Perry, has moved us all and reminds us that we cannot take away the personal tragedy for the people who love those who suffer from this condition. We can, however, hope to improve it substantially with good care treatment and proper research. I beg leave to withdraw the Motion for Papers.

Motion withdrawn.

National Security Strategy


1.54 pm

The Parliamentary Under-Secretary of State, Home Office (Lord West of Spithead): My Lords, my right honourable friend the Minister of State for Crime, Policing and Terrorism answered an Urgent Question earlier in the other place. With the agreement of the usual channels, it is being repeated in this place as a Statement, as is the practice. The Statement is as follows:

“Mr Speaker, at 10 o’ clock this morning my right honourable friend the Prime Minister made a Written Ministerial Statement, laying before the House this year’s update to the national security strategy. Accompanying the strategy update is the first national cybersecurity strategy for the United Kingdom. Last week, the Government presented to the House the Digital Britain strategy. This country is well placed to take advantage of the opportunities of the digital age. However, we can seize these opportunities only if people are confident that they can operate safely in cyberspace.

Every day, millions of people across the UK rely on the services and information that make up cyberspace. The internet is accessible in 65 per cent of United Kingdom households, a figure that is growing by about 8 per cent per year. Plastic transactions, which depend on wired or wireless communication, make up 90 per cent of our high street purchases.

25 Jun 2009 : Column 1707

The national security strategy, published for the first time by this Government last March and updated this year, sets out an honest and transparent appraisal of the risks that we face, including the threat that organised crime poses to our country. Organised crime costs this country £20 billion per year. We have a duty to the British public, and to British industry, to take all measures to reduce dramatically this cost. The Government also need to assess the threat from terrorist organisations and other states and prepare our response to that. The public would expect no less.

All these threats can arise in cyberspace. As the director-general of the Security Service has said,

We know the importance that terrorist groups—notably al-Qaeda and its affiliates—place on the internet and cyberspace. This is particularly important at the moment for propaganda. We know that terrorists would like to be able to operate more effectively in cyberspace. This Government are not in the business of scaremongering. We do not assess at present that terrorists have the capability to mount such an attack imminently but we must prepare as terrorists become more sophisticated.

These threats from states or terrorists could affect critical national systems. There is a real threat to millions of ordinary citizens, their transactions and the businesses that they work for. Online fraud generated £52 billion worldwide in 2007. The average cost of an information security incident for a small company is in the range of £10,000 to £20,000. For a large company, it can be more like £1 million to £2 million. As the UK’s dependence on cyberspace grows, so the security of cyberspace becomes ever more critical to the health of the nation.

So, today, the Government are publishing the first cybersecurity strategy. As a result, we will establish the office of cybersecurity in the Cabinet Office, to lead on cybersecurity issues, and a cybersecurity operations centre, a multi-agency body based alongside GCHQ in Cheltenham. This organisation will also examine the operations and technical capabilities needed.

As a result of the new strategy, we will develop a cyberindustrial strategy for critical UK cybersecurity needs, in the same way as we have a defence industrial strategy. We will develop a cybersecurity skills strategy for the UK, plugging existing gaps and creating more high-tech employment opportunities. We will make critical systems in the public and private sector more resilient and enhance our ability to detect attack. We will develop the international law and doctrines of national defence in cyberspace, working with other countries. We will better advise business and citizens about the cybersecurity risk picture and the steps that they need to take to address it. We will develop new strategies for tackling terrorists’ and criminals’ use of cyberspace with our colleagues, in line with the ACPO strategy for law enforcement on cybercrime due out shortly. We will also plan emergency response. The new centre will test the UK’s ability to respond to a major attack, as we do for terrorism, in setting up a strengthened analysis function for cyberthreats.

25 Jun 2009 : Column 1708

As with all our national security activity, it is important that government powers are used proportionately and in a way consistent with individual liberty. So we will set up an ethics advisory group to advise on this. I will update the House on its membership when it is formed. The centres will be operational in September and new funding will be announced before then, building on the existing resources allocated largely to intelligence agencies. I will report back to the House.

On the wider national security update, the Government have taken forward the good start made last year. We look across the broad range of national security threats. We have set out an updated analysis of the threats that we face and made new commitments on tackling what drives insecurity in the world. These are conflict, energy shortages, poverty and, looking to the long term, the impact of climate change.

Keeping Britain safe depends on the dedicated and professional work of the Armed Forces, the intelligence services, the police and other services. I pay tribute to them all”.

That concludes the Statement.

1.59 pm

Baroness Anelay of St Johns: My Lords, as always, I thank the Minister for repeating the Statement. We agree with the Government that there is no more important responsibility for government than national security, so we find it extraordinary that this Government have published the country’s first cybersecurity strategy and the 2009 update to the national security strategy by way of a Written Ministerial Statement.

These have come after the strategies had first been trailed in the press in an extraordinary way. Indeed, I understand that in another place yesterday Mr Speaker made a Statement, his first after being elected, pointing out the importance of Ministers presenting to both Houses of Parliament changes in policy on important matters before trailing them in the press. It is only as a result of an Urgent Question from our Benches in another place that the Minister is before our House today and we have this somewhat limited opportunity to debate the strategies. By using a Written Ministerial Statement, the Government were, in effect, trying to ensure that both Houses of Parliament did not have the appropriate opportunity to discuss or debate the strategies.

The Government are making much of their new cybersecurity strategy. Action in this crucial domain is due—indeed, long overdue. And what does it amount to? It includes the establishment of an office for cybersecurity in the Cabinet Office and the upgrading of an already existing unit in Cheltenham, which is to be called the cybersecurity operations centre. It is impossible to know, however, how significant these changes are, because we are not told what funding is being made available to enhance our ability to tackle cyberthreats. The Government’s special supplement on cybersecurity contains some figures as to the costs of cyberinsecurity to the nation, but we will have to wait until the autumn to know how much money the Government will devote to the tasks set out in the Statement.

The Government also tell us that they are now giving leadership to this issue. But how does that

25 Jun 2009 : Column 1709

square with using the gag of a D notice to stop us knowing who the new director is? I understand that, regardless of that, the name has been leaked.

Cybercrime proceeds apace in the absence of cybersecurity. There is significant cybercrime in the United Kingdom. Many in this House will have had experience of it in relation to bank accounts, but the strategy has virtually nothing to say about the response. It simply tells us that the Association of Chief Police Officers will produce an anti-e-crime strategy later. I might say that at present the Metropolitan Police has a unit of 12 officers devoted to national e-crime. It is hardly surprising that it is difficult to get action when an e-crime is committed. We have a long way to go on this matter.

There is some confusion about the way in which these structures will work and whether or not there is overlapping and overbureaucracy in all of this. Can the Minister assure this House that the Government have not set in place structures that will duplicate existing work on cybersecurity and information assurance? There seems to be a real risk of duplication, since other units appear to continue to do work in this area without being tied properly into the new structures. There are no efficiency savings here, it would seem. What do the Government mean when they say that the office for cybersecurity will be based initially in the Cabinet Office? What are the longer-term intentions?

Clearly, the Government have missed an opportunity here to review more widely and make sense of the very muddled security structures that exist across Whitehall. The need to produce a substantial update to the national security strategy just over a year after publishing the first version is an admission that the Government’s first attempt was not actually a strategy, as it did not adequately set long-term direction for different departments and agencies.

It remains to be seen what effect this update will have in the absence of a proper national security council with a dedicated staff and a proper national security budget. Indeed, we are also left waiting for a lot of detail on organised crime, maritime security and energy security, which are promised for later. Instead of saying what will be announced later, as the Minister repeating the Statement made clear, and coming back to the House again and again on other matters, the Government should have done the work first and should have been be able to tell us now how we are to proceed. Will there perhaps be a third update next year? In particular, will the Minister be more specific on when the energy strategy will be published? Will he say when the reviews of the organised crime strategy and the maritime threat will be completed and whether they will be published?

In this House we have the opportunity by way of a Statement to have a few more minutes than were available in another place. It was regrettable that this matter could be debated in another place only by way of an Urgent Question, which is all too brief. I should be grateful if the Minister could indicate that the Government would welcome an approach from the usual channels to ensure that there is a fuller opportunity to debate these matters on another day.

25 Jun 2009 : Column 1710

2.06 pm

Baroness Miller of Chilthorne Domer: My Lords, we on these Benches, too, find the process by which this Statement has been made extremely regrettable. The Minister will remember that, on the Second Reading of the Policing and Crime Bill, I raised at some length the issue of cybercrime, because we felt that it was a very much more serious issue than those dealt with in some of the unnecessary parts of the Bill. It is particularly surprising and regrettable that, if the Minister had in mind the fact that there would be this big revelation on cybercrime, we could not have considered something in this House in a more structured way.

This Statement is a lot more about headlines, because there is actually not much action in it. I shall give the Minister a few examples of the action that we would have been pleased to see. However, perhaps he can first tell me whether we have ratified the European Convention on Cybercrime. Particularly important is Article 25, which enables us to co-operate properly, have mutual legal assistance, respond to requests for help from other countries and make the best use of all the international provisions. This is because a lot of e-crime is perpetrated in countries such as Brazil, China and so on. Without a proper co-ordinated international effort, we will not get very far. Perhaps the Minister could also confirm that, where serious e-crime is perpetrated in third countries, the extradition arrangements are satisfactory, because the tariffs have been so low for these offences that they were not extraditable.

The Minister talked of the ordinary citizen. Another enormous problem for the ordinary citizen on whom e-crime impacts heavily is that, according to a Written Answer that the Minister was kind enough to send me earlier this year, the Government do not collect central figures on e-crime in any case, so we do not know its scale. It would be interesting to know from the Minister whether the liability of banks for losses suffered by people as a result of e-crime when the banks’ security systems are not efficient is underpinned by legislation, because that area remains dependent on just the Banking Code. Will the Government look at strengthening that?

The public need a lot more help in getting safe online. Will the Government, as a result of this new effort on cybercrime, launch a much more targeted and satisfactory effort on helping the public to get safe online? They should start by running an advertising campaign, obliging retailers to offer a “get safe online” package every time they sell a new computer and encouraging colleges to offer short courses on exactly what is necessary. There is an awful lot to be done in this area. Most people who are fairly computer literate are still astonishingly illiterate when it comes to how to get safe online. I admit that it is quite difficult to know all the things that you should be doing. In the parliamentary system, we are somewhat helped by having it done for us, but that cannot be said for the ordinary citizen and that needs to be addressed.

The Minister spoke of an ethics advisory committee, which may offer some reassurance when we look at the centre that is to sit alongside GCHQ. However, a more practical step was suggested in this House last Friday,

25 Jun 2009 : Column 1711

which was that there should be a Joint Committee, as recommended by the Constitution Committee of this House. However, the Government said in their response that they had no intention of pursuing that idea. That is a big gap. There is a lack of parliamentary oversight of this area. It is falling in a gap between the Home Office and other departments, so a Joint Committee—a considered suggestion from the Constitution Committee—would be a very good first step. If we are going to have a cybersecurity operations centre, doing all the data mining and interception of web traffic that that involves, we surely need proper parliamentary scrutiny, starting with the Joint Committee. Finally, will the Minister tell me whether he still feels, in the light of the new cybersecurity operations centre, whether RIPA is fit for purpose? I hope that we have the opportunity to debate this at greater length, because there are an awful lot of questions that we need to ask about it.

2.11 pm

Lord West of Spithead: My Lords, first, I thank the noble Baroness, Lady Anelay, for raising a number of points. It was good to see her at the start of the debate. I have noticed that a colleague of hers has appeared on every media channel in the past two hours, talking about this national security strategy, and I must say I am impressed by the speed with which she had managed to read it and absorb it all. I apologise for the fact that there was an error in a department with a D Notice that went out quite normally. We try to protect people who have been working in very sensitive areas, but I am afraid that department put in a D Notice rather earlier than it should have done, and that led to a couple of articles. I wrote a letter to the Speaker and to the honourable Crispin Blunt in the other place, explaining that. I apologised for that having happened. The department that did it realised the error of its ways—there are some people walking on stumps—but I will not go into any more detail on that. The way we have issued this, with my right honourable friend the Prime Minister producing this as a Written Ministerial Statement, with two documents, was absolutely right.

I agree with both speakers so far—I absolutely hope that there will be a debate on these really important issues. However, I had hoped that we would have the debate after people had read the documents in detail, because they are highly complicated. We could then have a deep and meaningful debate. I am aware, because of happenstance and this unfortunate D Notice, that this has all happened in rather a gallop. I certainly want to have a proper debate later, and I thank the noble Baroness, Lady Anelay, very much for the noble way she has pushed this forward today. It is unfortunate that people are talking about this without actually really knowing very much about it, and I am a little disappointed about how that has been done.

The noble Baroness talked about duplicating various things, but I think the document merits considerable attention. Far from duplicating things, we are actually co-ordinating and pulling together all the work that goes on. We have been aware of these threats now for some time. When I was Chief of Defence Intelligence, back in 1997, I was aware of various threats, but of course we were not so well joined-up and so close

25 Jun 2009 : Column 1712

together. When I took over this job in 2007, it became very clear to me that we needed a co-ordinated strategy. A lot of very good work was being done in the CESG in Cheltenham, in other centres of excellence, and in many of the financial institutions, but the people who were getting at us were getting cleverer and cleverer at doing it. However, we were getting more and more interconnected. There is always an extraordinary balance in which all of these lovely things we have now—these amazing computer capabilities, hand-held sets, the ability to transfer data and to use satellites—are designed to be as open as possible to let us share data. That is great for business, globalisation and for lots of things, but it is of course a huge vulnerability when there are nasty people who want to get at it. Steadily, it has got more and more complex and people have got cleverer and cleverer at actually attacking us in those areas. Therefore, it became very clear when I took over in 2007 that we needed to co-ordinate all the very good work that was going on.

The noble Baroness mentioned the amount of funding involved here, and of course we will look specifically at funding. My honourable friend in the other place gave a specific commitment to come back to Parliament to look at the funding available for training people and for another work stream, which I have forgotten at the moment. He will come back with evidence on those two areas. Lots of money is being spent, and I want to co-ordinate this better. It is too easy, and it is wrong and old-fashioned, to just try to throw money at something. We need to get it co-ordinated, use all the money that is there and get this efficiency and use it properly. That is what I am trying to do within this strategy, and I think that will be achieved.

The first national security strategy was a huge step forward—we had not done something like that before in this country. We looked at it across the board, for all threats, and we thought of it in terms of the citizen. We said we would develop and build on that, and that is what we have done. We are still building it around the citizen, so that we can relate this to the citizen in every single area. One of the great successes of the last strategy was that out of that I pulled a National Risk Register, which goes right down to the various local areas, to the local risk forums. In that, we said that pandemic flu was probably the most likely and most dangerous risk, and so we started making preparations. There is now a pandemic—although luckily it does not seem to be really virulent at the moment—and when it began the World Health Organisation said that Britain was the most prepared country in the world. That was because we had identified it in our national security strategy.

We have now covered more areas, and are working through this in a much more structured way. There is a logical sense to the way we have gone about the strategy so that people can follow it. The average citizen can read it, work it out, and say, “Oh yes they’ve done that”. The strategy looks at various domains, which is why cyber is such an instant success as a domain that we need to work in. A lot of work is going on in the maritime area, but it leapt out at me as one where there are so many fingers in the pie that we need to co-ordinate it better. That is what we will do. Within 12 months, we will actually have an answer and

25 Jun 2009 : Column 1713

a proper, tied-up strategy stopping things like the attack on Mumbai coming from the sea, and piracy. We will know what is around our coast. Space was another area that we had not really addressed properly. I have said we need to co-ordinate it, and we are now doing that. However, you cannot do everything instantly—there is only limited resource in terms of brains and people. However, we have done a remarkable amount—we are delivering these things and we now know very clearly which way we are going. The cybersecurity strategy is just one chunk of that, another domain rather like maritime—it is a new domain and one we need to work in.

Next Section Back to Table of Contents Lords Hansard Home Page