(Urgent Question): To ask the Secretary of State for Foreign, Commonwealth and Development Affairs if he will make a statement on the reported Chinese state-sponsored cyber-attack on Microsoft exchange servers.
I thank my right hon. Friend for asking this important and timely question. Yesterday, on
The attack was highly likely intended to enable large-scale espionage, including acquiring personally identifiable information and intellectual property. At the time of the attack, the UK quickly provided advice and recommended actions to those affected. Microsoft has reported that, at the end of March, 92% of customers had installed the updates that protected against the vulnerability.
As part of that announcement, the UK also attributed the Chinese Ministry of State Security as being behind activity known by cyber-security experts as APT40 and APT31. Widespread, credible evidence demonstrates that sustained irresponsible cyber activity emanating from China continues. The Chinese Government have ignored repeated calls to end their reckless campaign, instead allowing their state-backed actors to increase the scale of their attacks and act recklessly when caught.
Statements formally attributing Chinese responsibility for the Microsoft exchange attack and actions of APT40 and APT31 were issued by the EU, NATO, the UK, Canada, the US, Australia, New Zealand, Norway and Japan. That co-ordinated action by 39 countries sees the international community once again calling on the Chinese Government to take responsibility for their actions and respect the democratic institutions and personal commercial interests of those they seek to partner with. The UK is calling on China to reaffirm the commitment made to the UK in 2015 as part of the G20 not to conduct or support cyber-enabled theft of intellectual property or trade secrets.
This is the latest form of Chinese attack—it is not a one-off—on the west, which has included espionage, economic sanctions against Australia, wolf warrior diplomacy and naval aggression in the South China sea to name but a few.
I have some questions for my right hon. Friend. Will he explain why the Government did not come to the House yesterday to make a statement? Given that this is an aggressive attack, why are the Government allowing the UK’s largest silicon chip manufacturer, Newport Wafer Fab, to be bought by a Chinese firm when they know very well what they are up to? Why is it that the US Justice Department, also with this, brought federal criminal charges against four named MSS officers over their role in the hacking of the American targets, yet no such charges have been brought against operatives here?
The integrated review said clearly that Russia was a threat to the UK, but China was merely a competitor. I wonder why, if China goes on attacking us and trashing us, we continue with this deceit when it is quite clear that China is a clear and present threat. Beyond tearing up the treaty, conducting a genocide and upsetting the international order, China has now been found to be conducting systematic attacks on targets in the UK. Will the Government now finally agree to a diplomatic boycott of the Beijing winter Olympics to make their statement clear?
On a personal note, you will know, Mr Speaker, that I set up, with others, the Inter-Parliamentary Alliance on China—politicians left and right in 20 countries who are concerned about China’s activities. There are over 200 members. I understand now that there is intelligence from Five Eyes sources that shows that a very active and direct threat from the Chinese Government is aimed directly at the co-chairs of the Inter-Parliamentary Alliance on China. Some of the co-chairs, of which I am one, have now been warned by their intelligence services in receipt of this that they should be very careful and that they will be supported. Can I ask my right hon. Friend to confirm whether his Government are in receipt of this same intelligence and, if so, why have they not informed the co-chairs and others here in the UK, as other allies have done?
Finally, Mr Speaker, China is not just a competitor. These attacks tell us that they are a clear and present threat to the United Kingdom and to our beliefs in freedom, justice, democracy and the rule of law and human rights. It is time that the Government stood up, made that clear and boycotted these Olympic games.
I thank my right hon. Friend for the points that he has made. The unanimity of voice among the international partners—the 39 countries that I listed—is incredibly important to us, and we will continue to seek to work collaboratively with our international partners in our response to this. My right hon. Friend makes the point about Chinese investment, or Chinese purchasing—specifically Newport Wafer Fab—and that is a decision that the Government are looking to review. He asks about the differential language between China and Russia. Our response is based on the actions, and we will continue to react robustly to any and all cyber-attacks that occur. He will understand, I am sure, that I am not necessarily going to go into details here and now about what further measures we might take, because to do so might undermine their effectiveness, but we will continue to work with international partners; and, as I said in my answer to his question, the Chinese Government should expect to be held to account if they do not come back into compliance with norms of behaviour.
With regard the Olympics, my right hon. Friend the Foreign Secretary has said that we have not as yet made a decision on formal attendance at the Olympics. The attendance of athletes is ultimately a decision for the British Olympic authorities. On intelligence matters, my right hon. Friend Sir Iain Duncan Smith will understand that we do not discuss intelligence-related issues on the Floor of the Chamber, but I take his point about making sure that people who are potentially the target of overseas intelligence actions are given the opportunity to defend themselves against them.
This is an unacceptable attack, costing businesses millions and raising the alarm for people across the country, who will be concerned that their personal information could be compromised. The Government confirmed yesterday that a quarter of a million servers were affected worldwide, but how many British businesses and organisations were victims of the attack and how many may still be vulnerable? What is the cost to British businesses of compromised data and were public bodies among those targeted? Can the Minister guarantee that hospitals, local authorities, universities and this Parliament have not and will not be compromised?
The Government have been repeatedly warned about this. A year after the Russian report was published, still no meaningful action has been taken. The Computer Misuse Act 1990 is now three decades old. It was written before smartphones, before Google—before the public could even use the web. When will the Government finally update it? The Minister says that this is a pattern of behaviour, and he is right, but Ministers have tried naming and shaming before. It did not work then, so why would it work now? Only weeks ago, President Xi said that those who expressed dissent about China’s actions would
“have their heads bashed bloody against the Great Wall Of Steel forged by over 1.4 billion Chinese people.”
Last year the Government were willing to act. They announced targeted sanctions against individuals involved in the Russian state-backed cyber-attack on the German Parliament. So why are there no sanctions in response to the Chinese state-backed cyber-attack on, among others, the Finnish Parliament?
The truth is that the Government are unable to send a clear, coherent message to Beijing because they are still arguing among themselves. Just two weeks ago, the Chancellor was telling Mansion House that it was time to realise the potential of our relationship with China. While the Foreign Secretary imposes sanctions, the Chancellor is cashing cheques. It is extraordinary that the Minister can stand at the Dispatch Box today and refuse to tell us how he will safeguard critical infrastructure, or whether he and his colleagues will board a plane to Beijing early next year to participate in a public relations exercise. The seriousness of this attack must concentrate minds. We need a coherent strategy. When are we likely to get one?
In response to the specific questions that the hon. Lady raised, we estimate—we can only estimate—that 3,000 UK-based organisations were put at risk by this attack. It was an untargeted action. It was not targeted at specific sectors. We do not believe that Government organisations were a victim of it, and because it was an untargeted action it is not possible for me to give a credible assessment of the economic damage of this particular attack. The National Cyber Security Centre and Microsoft gave advice at the time and, as I say, by the end of March it was estimated that 92% of organisations had installed the patch to protect themselves. Advice is available to any organisation that still thinks it may be at risk in some way, both from the National Cyber Security Centre and from Microsoft.
With regard to our attendance at the winter Olympics, my right hon. Friend the Foreign Secretary answered that point in departmental questions. There is nothing more that I can add to that.
The hon. Lady asked about naming and shaming. The fact that 39 countries collectively put their name to the statement is unprecedented, and it sends a significant signal that countries are working together to steer China’s actions. China is a significant economic and political player. We cannot pretend that China does not exist. We want China to change its behaviour, and we will work with international partners to urge it to do so. As I say, we reserve the right to take further actions if necessary.
I call the Chair of the Intelligence and Security Committee, Dr Julian Lewis.
As the ISC’s inquiry into China is still current, I shall limit myself to asking why the Government generally describe the communist Chinese system as authoritarian rather than totalitarian, what the Minister’s understanding is of the difference between the two, and whether the Chinese regime took any steps to close down the hacking group APT10, which was denounced in a similarly forceful statement by the then Foreign Secretary, my right hon. Friend Jeremy Hunt, and our allies in December 2018.
I understand the point that my right hon. Friend makes about the use of language. I am not in a position to have a debate on that specific point, but I make the broader point that the UK Government’s actions, and indeed the actions of our friends and allies around the world, are based on actions whether they be from Russia, China or wherever else, rather than on the narrow definition that may be found in international documents.
The reason that we put out this joint statement and attributed responsibility to state-backed Chinese actors is to let the Chinese Government know, to an extent, that we can tell what they are up to and we will not accept it. That is why taking actions in concert with our international partners is so important and will always be the foundation stone of whatever else we choose to do in response to the behaviour, if it does not change.
I call the SNP spokesperson, Alyn Smith.
I warmly congratulate Sir Iain Duncan Smith on raising this vital issue, and echo his concern about the fact that this was an urgent question rather than a statement made proactively by a representative of the Government.
I was glad to hear a Minister say that China can expect to be held to account for this truly breathtaking attack, which facilitated a range of attacks on private and public organisations on a broad scale by other actors. I applaud the statement that there will be sanctions—there will be measures—but I would like to hear what they are, because a somewhat homeopathic approach to date does not seem to have had much of an impact on stopping anything.
May I suggest that it is the UK Government’s breathtaking lack of policy coherence that is giving mixed signals to Beijing? I can give a fairly concrete example. China General Nuclear Power Group remains a significant stakeholder in the Hinkley Point C nuclear power plant, but the UK is pushing for another deal at Sizewell which will involve an even bigger Chinese state holding. May I also suggest that ending policy incoherence starts at home, and we should really see about that?
Countries around the world trade with and receive investments from China, and, as I have said, pretending that that does not exist or that it is not a significant economic player in the world is completely unrealistic. What we are seeking to do is change China’s behaviour, and we are doing it collaboratively with our international partners.
The hon. Gentleman asked what specific actions we would take. I will not answer in detail at the Dispatch Box—[Interruption.] For the same reason that we do not discuss intelligence matters, we do not speculate on future sanctions, because to do so would undermine the effectiveness of those measures. However, as I have said, we and our international partners have made it clear that these actions will not go unresponded to.
I am not going to ask the Minister to explain China’s actions, but I want him to try to explain why we do not align ourselves with our allies—particularly the United States—who have moved much further on this issue, notably in protecting individuals who have been sanctioned or targeted by China. As has already been mentioned, IPAC’s website has been hacked twice; colleagues on IPAC are also being hacked, as it were—I cannot think of a more appropriate term—and there are four sanctioned MPs on the call list today. We need far more support than is being provided at present.
May I ask the Minister whether the Foreign Office has reached out to Alan Estevez, who was appointed by the Biden Administration to take over security with a special focus on China tech concerns? We seem to be moving at a snail’s pace while America is moving far faster, and, of course, China is light years ahead. It is here, Mr Speaker: it could be hacking the estate, it could be hacking sanctioned MPs’ websites or email addresses and it could be hacking Ministers’ servers, but we are none the wiser, and we do not feel any more protected after the Minister’s response to the urgent question.
I completely understand my hon. Friend’s concerns, but I assure her that we work incredibly closely with international partners, including the United States of America. The unprecedented number of countries and multilateral organisations that co-authored yesterday’s statement is testimony to how closely we are working on this issue as an international community. However, I will certainly take back the points that my hon. Friend has raised about ensuring that individuals who may be the target of cyber-attacks are given all the support that they need both to defend themselves and to respond to those attacks.
It is absolutely right that we are working in lockstep with our international allies to combat these attacks on our cyber-security. However, the Minister will be aware of hugely concerning reports that activists, civil society leaders, Government officials and politicians around the world have been targeted by NSO Group’s Pegasus software. Is he aware of any individuals in the Government, or indeed any UK citizens, who have been targeted by that software, and is there any indication that it may have been used by the Chinese Government?
The House will understand that I will not discuss security and intelligence operations at the Dispatch Box, and that I therefore will not be responding to that part of the hon. Lady’s question. We do of course know about the capabilities of the Pegasus software; its licensing is ultimately a decision for the Israeli Government, but we are working closely with our friends and allies around the world in response to any emerging technical threat at this time.
Cyber capabilities are the new arms race, but skills are in short supply. How can we best work with our allies to build the skilled workforce we need to defend ourselves in cyber-space?
My hon. Friend is absolutely right that skills are an important part of our arsenal to defend ourselves. The Government are working with industry, academics and many other partners to ensure that we develop the essential cyber-skills we need to be a credible force in the modern world. In April, we launched the UK Cyber Security Council as a new professional body for cyber to raise standards and guide people through their career. In addition, the UK has committed to promoting an international stability framework for cyber-space, based on the application of existing international laws, voluntary norms of responsible behaviour and confidence-building measures.
Once again, we see no member of the Cabinet here. I take it they are all somewhere else, taking precautions I hope, perhaps at Chequers.
Will the Minister please wake up? A young John Kennedy came to the London School of Economics after the war and wrote a book, “Why England Slept”, and of course it was about appeasement. Are we talking today about appeasement? This is a ruthless Chinese Government, and they are systematic in the way they target intellectual property in universities and companies. There is no respect for democratic institutions from China. We have allowed the Chinese to buy significant strategic assets in our country, and the UK Government have no courage in facing them down.
Please do not let England sleep this time. Wake up, Minister. Please deliver that to your boss in Chequers.
The hon. Gentleman may not have been at his screen during departmental questions, but the Foreign Secretary was in the House earlier and spoke about the UK’s posture with regard to China.
The simple fact is, as I said earlier, that we are acutely aware of the challenges and threats, but we are also aware of the significant position that China takes in the world. We have to be realistic in our response, and we have to work internationally. That is why I am pleased that the 39 countries represented in yesterday’s statement spoke with one voice, and we will continue to work with our international partners to try to drive an improvement in the behaviour of China and to make it clear to China that the countries with which it seeks to work expect a change in behaviour. We will take actions to support that.
The SNP spokesman, Alyn Smith, is right: homeopathic remedies do not work when we are dealing with a psychopathic regime. We have had industrial-scale human rights abuses, industrial-scale buying of influence in our boardrooms, universities and schools, and now industrial-scale cyber-hacking of our computer systems.
The Minister has quite rightly said there is widespread and credible evidence that this is a state-backed actor and state-backed sabotage, so where is the beef? Where are the practical consequences for the Chinese communist Government? What officials will be prosecuted or sanctioned? If he will not tell us if, will he tell us when we will get a decision on the Olympics, on which this House voted unanimously last Thursday?
The sanctions we imposed on the human rights abusers in Xinjiang are not homeopathic. The fact that we have granted visas to British national Hong Kong Chinese is not homeopathic. We are taking action, not all of which I can discuss at this Dispatch Box. As I say, we will continue to work with our international partners to make sure that, collectively and collaboratively, we send a very clear message that there are patterns of behaviour that are unacceptable, and we strongly urge China to change its position and to come into line with international norms, values and standards.
In Thursday’s urgent question on Newport Wafer Fab, the Government emphasised their desire for a
“positive relationship with China, based on mutual respect and trust.”—[Official Report,
I hope the Minister recognises how naive that sounds, and that it reflects the chilling effect of China’s power and influence on criticism. Fortunately, politicians in all parts of this House, academics and businesses do continue to speak out. What assessment has he made of the likelihood of those who oppose the Chinese state being the target of cyber-attacks, and what is he doing to better protect them and us all?
The hon. Lady raises a point that my right hon. Friend Sir Iain Duncan Smith has already raised, and I have already touched on it. As I have said, we will continue to work with our international partners to persuade China to come into accordance with the international standards and norms that we see other countries around the world subscribing to. We want China to be a better-behaved international player. We cannot pretend China away; we cannot prevent China trading and investing around the world, and neither should we, but we should ensure that its behaviour comes into line with the international values, norms and standards that the rest of us subscribe to.
The exchange attacks mark a further dramatic escalation in China’s state-backed espionage, which is stripping our intellectual property and undermining our democracies. My right hon. Friend the Minister is surely right that we must all work together with our international partners to defeat this escalating and aggressive pattern of behaviour, but will he say a little more about the key themes within that international co-operation to try to stop this increasingly aggressive behaviour?
My hon. Friend makes an important point: working with our international partners is an incredibly important part of this. The joint statement that we made attributing responsibility to Chinese state-backed actors is important because it is the precursor that legitimates further actions that we might take. It seeks to make it clear to the Chinese Government that we can see what is happening—we are not blind to what is happening—and there is no veil of anonymity behind which they can hide. That then gives us, as part of the international community, the opportunity to go further if required. As I said in my statement, we have made it clear, and are making it clear, to China that such future actions will not go unresponded to.
I don’t know, but every time a Minister comes to talk about China to the House it feels as though they refuse to listen to what the House is saying. We are looking for a sense of urgency and determination, of backbone, of steel. Half the time it sounds as though the Minister is bored by what he is saying. We have courageous Members of Parliament from different political parties who are sanctioned by the Chinese Government and are being targeted by them, and all we can say is, “We are thinking of having a review of a policy decision. We might think about whether we are going to go to the Olympics or not.” We need some urgency and determination. We need to stand by those colleagues who have been sanctioned, because this is not just about China—it is about all the totalitarian regimes in the world. If we do not get this right, the rule of law and of democracy will pass us by.
I understand and respect the passion that the hon. Gentleman and others speak with, and no one takes the targeting of parliamentarians lightly. We do not take the cyber-attacks on organisations around the world lightly. My hon. Friend Tim Loughton is no longer in his place, but as I said to him a few moments ago, we have imposed sanctions and we have offered the hand of friendship to British national Hong Kong Chinese in response to the security laws that have been passed in Hong Kong. We are taking action and we will continue to do so. We seek to do so internationally, because that is how we are strongest. We endeavour to speak with one voice on these issues and make it clear to China that so do all the countries with which it may want to work in future. That is what we seek to do, and we have been successful in doing so: an unprecedented number of countries spoke with one voice yesterday. We will continue to work with partners to push China towards a better course of action.
Last year, Redcar and Cleveland Borough Council was the victim of a ransomware cyber-attack that originated from Russia. Like others, I am increasingly concerned by the rise of such foreign attacks online, some of which are state-backed like the ones that we are discussing today. Will the Minister assure me that he is working across Government to build our resilience to this worrying trend?
I can assure my hon. Friend that we are working across Government on the issue. We recognise that it is an incredibly important area of activity: as we are now all reliant on information technology and cyber-space, these cyber-attacks go to the very heart not just of our ability to conduct commercial activity, but of public service and government. We are building up our domestic defences and have already delivered a sustained programme of investment through GCHQ and the National Cyber Security Centre to establish the UK as a global leader in cyber, but we are not just reinforcing resilience in the Government; we are helping everyone, including businesses and families, to take basic, necessary steps to stay safe online.
Given that in the past the NHS in England has been paralysed by cyber-attacks due to outdated systems and Microsoft Windows vulnerabilities, what steps are the UK Government taking to ensure faster roll-out of computer system upgrades with an aim to preventing vulnerability to such cyber-attacks in future?
I thank the hon. Lady for raising that point. As I said in response to my right hon. Friend Sir Iain Duncan Smith, the immediate response to the attack was to release a patch. By the end of March, 92% of organisations had installed it and closed the vulnerability. Advice has been provided by the National Cyber Security Centre and by Microsoft to deal with any residual impacts. Government computer roll-out programmes will always have cyber-security at the very heart of their thinking, planning and deployment.
The Chinese state harbours and collaborates with cyber-criminals, as well as being guilty of genocide. A sound telling off, no matter how stern it might sound, will have no impact on this brutal and ruthless regime. Does the Minister understand the House’s impatience with what seems today like more hand-wringing and platitudes?
Yesterday, 39 countries spoke with one voice, attributing responsibility to Chinese state-backed cyber-criminals. That is a necessary precursor to other actions that, collectively or individually, we may choose to take.
China has total disregard and disrespect for anybody or any country that stands opposed to its warped and perverted ideology. The reported cyber-attacks by the Chinese state have undermined the security and integrity of thousands of networks worldwide. What discussions has the Minister had with NATO in relation to the cyber-attacks on Microsoft servers earlier this year? What further steps will he take to expose these Chinese state-sponsored attacks, to ensure that this is not a recurring pattern of events—which it quite clearly seems to be at the moment?
The hon. Gentleman makes an important point. I am very pleased that NATO was one of the signatory organisations to yesterday’s statement as an important multilateral partner, along with the European Union. As I have said in response to a number of questions, that joint statement is an important and necessary foundation stone on which other actions are built, making it clear to the Chinese Government that we can see what is happening—we are not blind to it. The fact that we are able, with a very high degree of certainty, to allocate specific responsibility for actions is a really important step, which must not be underestimated, towards what else the UK, more likely working in conjunction with international partners, might choose to do in response to further such attacks.
China has a widening sphere of influence. Was this discussed at the G7 summit? I am pleased to hear that 39 countries have signed up. Is the UK leading that group or simply part of that group in mitigating threats? Most importantly, what can the Minister say to those in Bosworth and up and down the UK about protections for the UK’s businesses, interests and citizens when it comes to dealing with China?
I can assure my hon. Friend that the UK is very much taking a leadership role with regard to the development of cyber-security and cyber-response. We are always most effective on issues such as these when we work in close conjunction with our international partners, and I can therefore assure him that at multilateral gatherings this will always be one of the issues that is important to us. On the practical steps that people can take, I would urge people to heed the advice from the National Cyber Security Centre and take a range of relatively simple and practical steps that will help to protect them and their organisations from cyber-attacks.
The Chinese cyber-attack is of real concern, but it is most certainly not the only game in town. The Guardian reported on something equally concerning this weekend, which is Project Pegasus from the NSO Group. It has been used in the surveillance of humanitarians, including the late Father Stan Swamy in India. With our own concerns in this House around the surveillance of the former Secretary of State for Health, which led ultimately to his resignation, I would like to know what our involvement is with Project Pegasus, if we actually have any involvement. What are we doing to monitor that undetectable phone app, which provides full access to phones that become infected in a way that is untraceable?
The hon. Gentleman will understand that I am not going to speculate or comment on individual cases. Ultimately, the licensing of this software is the responsibility of the Israeli Government. I can assure him that we speak regularly with our partners globally about the importance of maintaining cyber-security and about how important it is for us all that cyber-technologies are used responsibly. We work closely with our allies around the world to tackle cyber-threats and to improve the overall global resilience to such attacks.
It is not just that China steals so relentlessly, but also the reason that lies behind the theft, which is that its communist regime does not support innovation in a way that countries such as the US and the UK do. Does my right hon. Friend agree that countries or companies thinking about getting closer to China should look at this latest example in a very long list of breaking international norms and steer clear instead?
My hon. Friend makes an important point about going into relationships with China with eyes wide open. That is why this message of attribution yesterday was so very important. It sets out that the international community can see clearly what is happening and will highlight it publicly so that, wherever in the world they are, people can see what is really going on. Ultimately it is not the job of the UK Government to dictate to other countries how they interact with China, but we are and will always be a powerful advocate for human rights, for the protection of intellectual property and for those norms of behaviour that the international community, including ourselves, very much holds dear. Ultimately, we want China to amend its behaviour. That is ultimately what we will seek to achieve, and we will work with our international partners to pursue that.
I thank Sir Iain Duncan Smith for securing this urgent question. He highlighted the recent indirect acquisition by a Chinese firm of Newport Wafer Fab in my constituency. This appears to have slipped through the UK Government’s screening system. My focus and commitment to the people of Newport West is on protecting jobs for people in my community. Does the Minister think that this situation shows that the Government’s security policies simply are not working?
We do value jobs; jobs matter. Jobs in emerging technologies and high-skilled manufacturing jobs are incredibly important to us, which is why we value overseas investment, but why we also take our responsibility to secure intellectual property incredibly seriously. The Government are looking at the situation with regard to Newport Wafer Fab. We will always ensure that we look at the security implications of our commercial relationships, whether with China or anyone else.
Listening to the Minister, it appears that the Government policy is that China has done something unacceptable, the Government have found them out, and if the Chinese do it again the Government will take action against China, although they are not specifying at this time what that action will be. If that is the case, I do not understand why there was not a statement to the House by the Foreign Secretary after departmental questions, when he could have laid this out, rather than an urgent question, with the Minister being, if you like, dragged to the Dispatch Box. Will the Minister explain why the Government did not volunteer a statement on this very important matter?
I was not privy to the discussion about the statement, urgent question or otherwise. Yesterday’s statement was made by and in conjunction with international partners. I can assure my hon. Friend that I do not need to be dragged to the Dispatch Box to be questioned by colleagues and Opposition Members on this incredibly important issue.
Just to say—when statements are not forthcoming, I will continue to give UQs.
In March, the former head of the National Cyber Security Centre said that the Government have been confused in their approach to China. After the failed policies of the so-called golden era, the subsequent persecution of Uyghur Muslims in Xinjiang, the persecution of Buddhists and other minorities, the suppression of democracy and free speech in Hong Kong, the military aggression against its neighbours and now this state-sponsored cyber-attack on Microsoft Exchange servers, when will the Government finally lay out a consistent approach to dealing with China?
I have made the points that the UK Government recognise the significance of China on the world stage, that we want China to be a responsible actor, that we recognise that China will engage in trade and investment with countries around the world and that we seek to influence China to be a better player on the world stage. This is best done in conjunction with international partners, which is why the attribution statement yesterday was so important, with an unprecedented number of countries—39—working together to attribute responsibility. As I said, that is the foundation stone upon which other actions may well be taken in the future.
The success or failure of the COP26 rests heavily on whether the UK, as chairman, can persuade China—the world’s largest emitter of carbon dioxide—to set tough targets to cut its output. Is this affecting the Government’s response to this issue? What is the UK’s strategy to influence China across the piece, as there are many areas where it needs to do so?
I can assure my right hon. Friend that the actions of the UK Government in response to this cyber-attack are driven by this cyber-attack and our complete unwillingness to accept it as a pattern of behaviour. He does make an incredibly important point though, and it reflects the point that I have made that we cannot simply ignore China. A previous question this morning highlighted the fact that China is still heavily reliant on coal as an energy production source, and we know the climate change implications of that. We want China to behave better on the international stage both on things such as cyber-security, intellectual property and human rights, but also on the incredibly important agenda that will affect our children, our grandchildren and our great-grandchildren, which is the protection of the environment and a move towards greener energy generation.
The Minister is right in one sense, because attribution is important, but actions also matter, so while we congratulate him on the statement of 39 signatories—that is a positive step—when he looks at sanctions, should he not look at the very least for an audit of the role of Confucius institutes in institutions up and down the United Kingdom? Moreover, the current patchwork of international norms benefits authoritarian states over democratic ones. Is it not time for us to heed the advice of the Microsoft president, Brad Smith, in calling for a digital Geneva convention?
I thank the hon. Gentleman for his thoughtful contribution. Internationally, we will have to look at how we deal with this new sphere of human activity. It is moving quickly and there is not an established framework to which the international community subscribes in the way there is for armed conflict, for example. That is an incredibly important point.
I also thank the hon. Gentleman for recognising the significance of having a range of international partners and multinational institutions on the statement that we made yesterday. As I have said a number of times, it is an important but necessary precursor to other actions that we might take. It highlights to China that we can see what action it is taking and also that its actions contradict commitments that it has made. We are not trying to hold China to our standards; we are trying to hold it to standards that it has put forward itself. That is an important part of trying to establish a global acceptable framework on behaviour in cyber-space.
China’s military and Government have been targeting key industries in the west, including the defence industry, Government and intellectual property. This has been known for so long now, yet what have the Government done so far? They have protested, and handed dossiers of evidence on what the Chinese authorities are up to, but it seems that China is almost now no longer scared of being caught because the sanctions are so weak. If we can impose sanctions on Russia for cyber-attacks, why can we not impose hard and hurting sanctions on China?
I completely understand the right hon. Gentleman’s point. He will understand that we never speculate on the future use of sanctions because to do so could be counterproductive to the effect that we are trying to have on China. As I say, this is an important foundation stone statement. It sets a very clear line in the sand from the UK, the US, Japan, NATO, the EU and others that we recognise what is happening here, that China can no longer plead ignorance, that we demand that it takes action against organisations and individuals conducting these cyber actions and that it severs any links that it might have with such organisations.
Colleagues across the House have spoken about appeasement. The truth is that the Ministry of State Security will curb its maligned perversion of the digital Silk Road only if the west shows its willingness to respond in kind. Among the 39 signatories that the Minister has cited today, what appetite does he discern for a willingness to develop doctrine around the use of cyber interdiction for use in a measured and proportionate way against those who threaten and attack us?
I thank my right hon. Friend and predecessor for the point that he has made. I hope he will understand that I will not speculate at the Dispatch Box about the nature and scope of our cyber capabilities, save to say that we are a global leader, particularly in cyber-defence, although of course that is not the only thing that he mentioned. With regard to our international partners, this is something that we do discuss. In the recent G7 Foreign and Development Ministers’ communiqué, the G7 expressed serious concern about human rights violations in Xinjiang and reiterated the call for independent experts to be given unfettered access to Xinjiang. The international community is aware of, thinking about, talking about and taking action on some of the activities of the Chinese state that we find unacceptable.
This hack shows that the need for a comprehensive approach to cyber-security is probably greater than ever before. In the light of this latest attack, will the Minister now give a date for the publication of the Government’s new cyber-security strategy?
The right hon. Lady is absolutely right that a comprehensive approach to cyber-security is incredibly important. As I say, the UK is proud of the fact that we are a global leader in cyber-security. The publication of the document she mentions, and others, will come in due course. I am not able to give her a precise date at the Dispatch Box at the moment.
Let me just say to all Members who have participated that my call list says that some were to be virtual and some physical, but nobody seems to be what I am being told on this list. A lot of effort goes into creating it—a lot of staff time—and staff need to know where Members are. If you intend to be physical, please let us know very early, and if you are going to go virtual, please also let us know. Do not let me have to start spotting who is here around the Chamber and who is not.