Cookies: We use cookies to give you the best possible experience on our site. By continuing to use the site you agree to our use of cookies. Find out more.

House of Commons Hansard

Public Sector Cyber-security

22 November 2017
Volume 631
  • 1. What assessment he has made of the level of investment required to ensure high standards of cyber-security in the public sector. [901965]

  • Our national cyber-security strategy, supported by £1.9 billion of transformational investment, sets out measures to defend our people, businesses and assets, deter our adversaries and develop cyber-skills. These include the creation of the National Cyber Security Centre and direct investment in central and local government, the health sector and the defence sector.

  • Our public services have been starved of cash for seven years, but cyber-security requires constant investment, so has the Minister advocated long-term funding to enable public services to protect themselves against all forms of cyber-attack?

  • Yes, indeed. That is the whole point not just of the National Cyber Security Centre, but of the very significant investment I have just mentioned—£1.9 billion—which is set to transform defences against cyber-attack across the public sector, for central and local government, particularly the health and defence sectors, as well as advising the private sector, because our defences obviously need to be mutually dependent across the public and private sectors.

  • Does my right hon. Friend not accept that none the less there is a slight lack of clarity on who within the Government has ultimate responsibility for cyber-security, both offensive and defensive? Is not it time we had a cyber-department that would be responsible for defending this nation against cyber-attacks and thinking about ways it could possibly be used abroad?

  • My hon. Friend is right that we need proper co-ordination. That co-ordination role falls to the Cabinet Office, but clearly there are important areas where the Home Office has direct responsibility for operational matters, and obviously the Ministry of Defence has responsibilities in purely military terms. I am happy to reassure him that the co-ordination comes through the Cabinet Office.

  • As we have just come to the conclusion that a cyber-influence was entirely invisible and beyond any mechanisms that the electoral college has to control it, and as the Prime Minister has said that there was cyber-influence in the elections and probably in the referendums, is it not time we decided that we should have no faith in those two results and that we should look for another referendum, because second thoughts are always better than first thoughts?

  • The hon. Gentleman raises a serious point. There is no evidence of any successful attempt to interfere with our electoral processes. Indeed, it is particularly difficult to have a cyber-attack against an electoral system that requires voters to put crosses on pieces of paper using small pencils, so that undoubtedly old-fashioned system is very effective against cyber-attack.

  • To defend ourselves against cyber-attack, it is essential that we recruit and retain people with the necessary skills to take up the cudgels on our behalf in the cyber-arms race. What steps are the Government taking to recruit and retain people with those skills in the public sector?

  • My hon. Friend makes a good point. The National Cyber Security Centre, along with GCHQ, has established a programme of assessment and certification. Some 20 degrees have been certified, most of which are one-year postgraduate master’s degrees in cyber-security, and 14 universities are now academic centres of excellence in cyber-security research, precisely so that we can maintain a pipeline of skilled people to help our cyber-defences.

  • We have learnt today that Uber’s suppression of a database hack involving tens of millions of people is to be investigated, but there were 9,000 data breaches by the Government in a single year, according to the National Audit Office, although they notified the Information Commissioner’s Office of only 14 of them. Such contraventions clearly pose questions about our personal privacy and security. Given the scale of what is happening with the internet, action is clearly needed for further protection of the public. But last year the Government spent only—

  • Order. I am sorry to interrupt the hon. Gentleman, but we are very pressed for time. We need a sentence and a question. We have to press on because we have a lot of people to accommodate.

  • Last year, the Government announced that they had spent only £230 million of the £1.9 billion allowance that had been made. Will the Minister get on with spending that money to protect our citizens?

  • We are absolutely getting on with spending the money to protect our citizens in the ways I have just set out. The hon. Gentleman will realise that that £1.9 billion is to be spent over five years, so the fact that we have spent £230 million-odd in the first year is about what we would expect. It is a continuous programme of continuous improvement.