Only a few days to go: We’re raising £25,000 to keep TheyWorkForYou running and make sure people across the UK can hold their elected representatives to account.

Donate to our crowdfunder

Cyber-security

Part of Oral Answers to Questions — Attorney-General – in the House of Commons at 1:50 pm on 24th March 2015.

Alert me about debates like this

Photo of Chi Onwurah Chi Onwurah Shadow Minister (Cabinet Office) 1:50 pm, 24th March 2015

I thank the Minister for advance sight of his statement. It is now twice in two days that he has come to the House to make a statement. Tomorrow he will make it a hat-trick with his final Cabinet Office Questions. Clearly, he wants to see as much of us all as possible before he retires from this House.

I pay tribute to the Minister for his work in the past five years as the Minister for the Cabinet Office and in the many years he has served the public as a Member of this House. There are many things on which we disagree, for example how we should use digital government to empower people rather than cutting them off from services, but no one can doubt his dedication to public service. Nor can we doubt the dedication of those who work so hard to protect us, our nation, its citizens and businesses from cyber-attacks. I, too, would like to put on record my praise for the work done by the security services, the police and all civil servants who work in this area. They do a vital job day in, day out to protect our cyber-infrastructure and digital footprints, and I commend their work.

I am sure the Minister agrees with that sentiment. I hope, therefore, that the Government will clarify how those who protect us in cyberspace will continue to do so when the Chancellor is bent on reducing public sector spending to levels not seen since the 1930s, before there was even an NHS or a GCHQ. It is clear from the Office for Budget Responsibility and the Institute for Fiscal Studies that, after the Chancellor’s Budget last week, unprotected Departments face huge cuts to meet his spending plans and unfunded tax cuts. The Ministry of Defence, the police and social care services are under threat. Can the Minister confirm whether the budget for cyber-security will be protected, or are we to assume that because the Cabinet Office is an unprotected Department that this will not be the case?

I welcome the new Cyber First pilot. Indeed, I was privileged to launch the UK’s first MBA in cyber-security with Coventry university. The demand for cyber-security experts is growing at 12 times the rate of the overall job market, so it is vital that we train and equip more people with cyber-skills. Small firms are the victims of three quarters of all successful data breaches and are the most likely to suffer from a lack of cyber-skills. However, just as the Minister came late to the digital inclusion agenda and then chose a strategy that excludes 10% of our fellow citizens, he has come late to—indeed, neglected—cyber-security for small businesses. According to the Institution of Engineering and Technology, half of all small and medium-sized enterprises have not even heard of the Government’s cyber-security efforts. What is the Minister doing to change that and to make small businesses more cyber-aware?

Crime is changing. It increasingly happens online, but the Government do not have a strategy to tackle it. The cyber-security budget is overwhelmingly going to cyber-security and big businesses, leaving consumers to fend for themselves. The majority of the cyber-security budget goes into the single intelligence account, with the police left a tiny amount to tackle a growing tide of online crime with an overall £2 billion cut in funding. The Home Affairs Committee highlighted the black hole where low-level e-crime is committed with impunity. What is the Minister doing to ensure that the police have the resources they need in this area?

I welcome the announcement of a new contractual framework for GOV.UK Verify. However, it was only in October that the Government were predicting that hundreds of thousands would be verified by now. In fact, only

50% of people are successful the first time they use the service. The Minister says that details will be announced “shortly”. Given that there are only a few days left before Parliament is dissolved, will he tell us exactly when he plans to announce the details? Specifically, will it include a public sector provider of identity assurance, so that people can choose a provider they trust?

Finally, the statement makes no mention whatever of mobile. It has taken the Government five years not to eradicate not spots, and they have ignored the gaping hole in cyber-security which is mobile device security, particularly in the era of “bring your own” device. What is the Minister doing specifically on mobile?

I could not help but notice that the statement was somewhat light on actual policy announcements. A cynic might think that the Minister was rushing out a half-baked announcement to use up time. It is almost as if the Government are scrambling around for something to say to give the impression that they have made real progress in rising to what is one of the greatest challenges of the digital era and one of the greatest opportunities for UK business. The UK can lead in cyber-security as we do in online commerce, but it will take skills for the many—small businesses and citizens, as well as big businesses—not the few. It will take a Labour Government to ensure we have that.