Cybersecurity and UK Democracy - Statement

Part of the debate – in the House of Lords am 8:13 pm ar 26 Mawrth 2024.

Danfonwch hysbysiad imi am ddadleuon fel hyn

Photo of Baroness Neville-Rolfe Baroness Neville-Rolfe Minister of State (Cabinet Office) 8:13, 26 Mawrth 2024

My Lords, I thank the noble Baroness, Lady Chapman, and the noble Lord, Lord Fox, for their comments. I also thank the noble Baroness for her support for the important work across the piece, including by the intelligence services, in the more serious situation that we now find ourselves in.

I should start by explaining that we are vigilant and we do try to take a consistent approach, across government. We have made a lot of changes in the cyber area in the last two or three years. As for the activity announced yesterday by the Deputy Prime Minister and the question of delay, raised by the noble Lord, Lord Fox, this was a complex operation. It required painstaking work from the intelligence community to enable UK Ministers to confidently attribute the hostile cyber activity to Chinese state-affiliated actors. I hope noble Lords will be reassured to know that we have been working hand in glove with our international partners to collectively identify those responsible and to hold them to account. A number of partners have made follow-up statements within the last 24 hours.

The activity we announced builds on the broader work that the Government have led to expose hostile cyber activities conducted by states targeting UK interests and the democratic systems that we all value, including our democratic processes, which were affected by Russian intelligence services in December.

This is part of a wider, proactive approach. The National Cyber Security Centre has made a lot of difference right across the board, both for government and business. We passed the National Security and Investment Act 2021, the Higher Education (Freedom of Speech) Act 2023 and the National Security Act 2023 —which updated the Official Secrets Act and made espionage offences more 20th-century by introducing a harder operating environment. These are all extremely important.

We continue with our resilience work, across the piece, to strengthen cyber skills. The noble Baroness, Lady Chapman, is right that we need to look at critical national infrastructure and other issues.

The noble Baroness mentioned that my noble friend the Foreign Secretary was criticised by the Intelligence and Security Committee. I think she was referring to the committee saying that his role as vice-president of a China-UK investment fund was in some part engineered by the Chinese state to lend credibility to its investment. I do not think China can have been that influential, because the fund did not go ahead.

The noble Baroness also mentioned Port City in Sri Lanka. Obviously, the Foreign Secretary was a private individual at that time, but I understand he spoke at two events in the UAE. They were organised by an international speakers’ bureau, which supported this major infrastructure project. The noble Lord, Lord Cameron, was not engaged in any way with China or any Chinese companies about these speaking events. His engagement followed a meeting held with Sri Lanka’s president earlier in the year. The Port City project is, of course, supported by the Sri Lankan Government.

As has already been mentioned, the Foreign Secretary has been very clear that the targeting of UK democratic institutions and political processes is completely unacceptable. He made another statement about this yesterday. He raised it personally with the Chinese Foreign Minister, Wang Yi, making it clear that malicious cyber activity by Chinese-affiliated actors is unacceptable. That is the position today. The appointment of the noble Lord as Foreign Secretary followed an established process both in relation to peerages and to ministerial appointments. I hope I have helped clear this up.

The noble Baroness was interested in the impact of the incidents that were discussed yesterday which led to the sanctioning of two individuals and an entity associated with APT31. What happened was that actors were able to access copies of the electoral register in the Electoral Commission’s file-sharing system. The electoral registration officers for each local authority hold the live versions of the electoral registers—I think we have discussed this before—and they were unaffected. The electoral register does not contain things such as national insurance numbers or nationality data, nor does it give the age of individuals except in limited circumstances.

No parliamentary accounts were successfully compromised. The Parliamentary Security Department, which led on follow-up, assessed that this was reconnaissance activity and that parliamentary networks and accounts were not compromised. Clearly, we need to be vigilant, and that is the message that I am getting across the House this evening. It was not that serious, but we do not want other Governments of any kind to interfere with the democratic process, because it is so important.

On broader work, the National Cyber Strategy 2022 was supported by more than £2.6 billion of investment over three years. It is focused on delivering a step change in the UK’s cyber resilience, and that extends far and wide. I am involved in what is now called the Integrated Security Fund and used to be the CSSF. We have been putting more investment into cyber, because cyber knows no borders, so it is important to work with other countries on exactly these issues.

We banned Huawei from our 5G network, as we heard, and—I see that the noble Lord, Lord Alton, is in his seat—we took steps on Chinese security cameras, thanks to his help. We made a lot of changes in the Procurement Act, again thanks to detailed work done in this House. All these changes are important.

The noble Lord, Lord Fox, talked about the need for collaboration, and we have made it clear that we are happy for more conversations on these points. I commend the work done by the Parliamentary Security Department. Alison Giles now sits on the Defending Democracy Taskforce, which I sit on and Tom Tugendhat leads, and a lot of changes have been made. Only today, a letter went round encouraging all MPs and noble Lords to do more—the top 10 tips for mobiles, personal cyber, how to get more support and account registration so that your emails and phones can be monitored by the NCSC.

I thank noble Lords for their pressure, because this is an important area. We need to take proportionate measures and stay vigilant.