Cyber Threats - Motion to Take Note

Part of the debate – in the House of Lords at 12:13 pm on 18th October 2018.

Alert me about debates like this

Photo of Lord Ricketts Lord Ricketts Crossbench 12:13 pm, 18th October 2018

My Lords, I too congratulate my noble friend on this very timely debate. As so often, I shall be sailing largely in the wake of the noble Lord, Lord West.

The term cyber is shorthand. As this debate has already shown, it covers an enormous spectrum of issues, which is not always helpful to clarity—all the way from crime, through manipulation of opinion, right up to active disruption of critical infrastructure, and even disabling military capabilities. Part of that spectrum is a crime and part of it is a genuine national security risk. As the first National Security Adviser in 2010, we certainly found that cyber was rising up the priority list, but since then it has become even more clear that cyber is a potential threat to national security on a scale that, for example, terrorism never was, although terrorism has dominated our national security priorities for more than a decade.

Cyber is a national security threat like no other in the sense that the Government alone, as other noble Lords have said, cannot protect the public. Defending against cyber is a whole of society response, which makes it unique in the national security domain. Britain is very fortunate to have a world-leading centre of excellence in the National Cyber Security Centre. I had the privilege of being at its second birthday party this week. It is a unique organisation, certainly among the major intelligence countries. There is nothing like it in the US. It is quite striking that the Prime Minister invited the Prime Ministers of Australia, Canada and New Zealand to visit the centre during the recent Commonwealth summit to be briefed on its work. It is very well led by one of our most impressive younger civil servants, Mr Ciaran Martin, to whom I pay a warm tribute.

Why is it unique? It is a combination of three things. First, it is a highly capable 24/7 operational centre that is there all the time detecting and responding to cyber threats wherever they arise, whatever time of day or night, drawing on the world-class capacity that this country has in GCHQ. Secondly, as others have said, it is a centre of technical excellence, seeking to understand what is happening on the internet and where the attacks are coming from. Also, importantly, it gives guidance to the technical community on what to look for in their own systems to check whether a malicious code has got into them. Thirdly, and very importantly, it is a very professional public-facing function. It is the interface between the secret world and the world of helping the public with guidance that is understandable, relevant and rapid. I will say a word about each of those.

The need for permanent vigilance has been very clearly illustrated in the last few weeks. Of course, there are constant attacks from criminals, as other speakers have said. More worryingly, there is also a growing number of threats from hostile states. These present the real national security risk that I was talking about. Ciaran Martin said in his annual report this week that the centre had dealt with more than 1,000 of these hostile-state attacks in its two years of existence. He added that at some point in the future, Britain was very likely to face what is known as a category 1 incident, and I refer my noble friend to the annual report for a categorisation definition of national security aspects of cyberattack. A category 1 incident is,

“a national emergency causing sustained disruption to essential services, leading to severe economic or social consequences or to loss of life”.

For the chief executive of our National Cyber Security Centre to say that that is likely to occur at some point is quite sobering.

The series of announcements co-ordinated by a number of Governments on 4 October demonstrated the scale and the recklessness of recent Russian cyberattacks, as well as the coherence of the western response to them. Noble Lords will recall that Britain attributed an unprecedented number of recent attacks to the Russian GRU military intelligence agency. It also published evidence of what these attacks looked like so that the cyber professionals could check out their own systems. That was a very unusual thing for an intelligence-linked body to do, but it really added to the credibility of our attribution. On the same day, the Dutch revealed the antics of the GRU in the car park of the Organisation for the Prohibition of Chemical Weapons. That felt more like “Carry on Hacking” than a James Bond operation. It was ham-fisted in the extreme, but none the less it was a very graphic example of what was going on in the car parks of our countries. On the same day, the US FBI indicted seven individuals for cyberattacks.

This transparency, therefore, is certainly one of our strongest weapons in responding to attacks—and I think that the GRU had a bad day on 4 October, hopefully—but it needs to be accompanied by advice on how to prevent future attacks. Here, the National Cyber Security Centre is leading the world in developing the tools. The noble Lord, Lord West, referred to the active cyber defence programme that is helping private sector companies, charities, government departments and individuals to take the simple steps that can produce resilience against what is called the commodity attack: the high-volume attacks trying to steal our data or our money that go on all the time. The National Cyber Security Centre has removed over 138,000 phishing sites, which trick the unwary into revealing data or giving access to their systems. It has also blocked many thousands of internet domains that masquerade as government websites. All this is making us safer.

The third area of its activity is raising awareness among all users of the internet. Clear guidance that people can understand and which small companies and charities can implement is crucial. The National Cyber Security Centre is now doing more of that and undertaking initiatives to encourage more young people, especially girls, to choose cyber as a career.

In closing, I want to touch on two broader issues. The first is the issue of how we can respond. One problem of these high-level, state-based cyberattacks is that they are very difficult to attribute with certainty. It needs the skills of an organisation such as GCHQ, but it can be done. Once it is done, it raises the issue of what do we do about it. Here, I want to underline the point that it is often said that the cyber domain is a wild west or a jungle. Actually, it is not. The former Attorney-General Jeremy Wright gave a very interesting speech in May on international law and cyber. He made clear that existing international law, including the UN charter, applies to the cyber activities of states. That was not just the British opinion; it was the conclusion of a UN group of experts in 2015, including Russia and China. It is important, because it means that states have the right, in international law, of self-defence under Article 51 of the UN charter in the case of a cyberattack that is equivalent to an armed attack. No country should feel that it has impunity in cyberspace and that it can inflict any level of damage without any risk or response. I hope that, when he responds, the Minister can underline that aspect of our response to cyber, because it is not often understood.

My last point links to what the noble Lord, Lord West, said about 5G. We can see developing now a really important competition between two models of the internet for the future. There is the model that has governed the internet so far: the western, liberal, open approach, sometimes exploited and abused, but with the necessary regulation, giving the economy and citizens a great deal of freedom online. There is also the Chinese model of the internet, which is about control, surveillance, amassing ever greater amounts of data on individual citizens in order to control their activities. Chinese dominance of 5G technology will be very important in the future. What kind of internet will we all be linking up to in the years to come? It is right that Governments should focus on this, as the noble Lord, Lord West, said. We need the closest co-operation among all the western, leading countries with the technology and expertise in play. If we neglect it, we may find that the internet of the future no longer supports the open economy and society that we all stand for.

As this Motion makes clear, the scale and complexity of cyber is growing, but it is not the case that this makes it impossible to defend against, or that it is someone else’s responsibility to do that. Debates such as this have an important role in raising awareness of these issues.