Introduction

1.  There is now scarcely any activity of our daily lives which does not rely on the Internet.[1] Banking,[2] travel and tax, trading, saving and dating—everything is increasingly performed online and so depends on the Internet. And while any country can survive without online shopping, to be deprived for any length of time of online communication for government, energy or defence, to give only some examples, can rapidly bring a country to its knees. We explain in the following chapter how this briefly happened to Estonia.

2.  Internet failures can be the result of malicious attacks or natural disasters, but all States take precautions to guard against them, both by themselves and through the private sector. The European Union takes a major interest in the organisation of such precautions in the Member States, attempting to improve them both individually and collectively. In April 2009 the Commission sent a Communication to the Council giving its views as to how the Member States might through the EU strengthen the security and resilience of their critical information infrastructures (CIIs) and develop their defences against cyber-attacks.[3]

3.  In this inquiry we have looked at the part which the EU can play in helping the United Kingdom and other Member States to prevent and detect cyber-attacks, to respond to them, mitigate their effects and recover from them; and in particular at the strategy set out in the Communication, and the programme of work it envisages. But the Internet is a global network of networks, and cyber-attacks can be launched from anywhere, making use of insecure computer systems sited anywhere on the planet. The EU cannot be looked at in isolation either from the Member States individually or from the rest of the world, and we have looked at these questions in a global context.

Conduct of the inquiry

4.  This inquiry has been conducted by Sub-Committee F (Home Affairs), a list of whose members is printed in Appendix 1. They issued a call for written evidence in October 2009; this is reproduced in Appendix 3. In reply they received evidence from 25 persons and bodies. Between November 2009 and January 2010 they took oral evidence from 11 witnesses, and received supplementary written evidence from a number of them. A full list of the witnesses is at Appendix 2. To all of them we are most grateful.

5.  We have been fortunate to have as our specialist adviser Dr Richard Clayton of the University of Cambridge Computer Laboratory. We are most grateful to him for his expertise in the subject and for his guidance throughout the inquiry.

6.  We recommend this report to the House for debate.

2   Over 22 million people now bank online in the United Kingdom: Payments Council, p 154. Back

3   Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions on Critical Information Infrastructure Protection: "Protecting Europe from large-scale cyber-attacks and disruptions: enhancing preparedness, security and resilience" (COM(2009)149 final, Council document 8375/09). http://register.consilium.europa.eu/pdf/en/09/st08/st08375.en09.pdf  Back