t: 020 7219 8155 e: fieldm@parliament.uk

Cyber Security

February 7, 2012

Cyber Security

Established by parliament in 1994, the Intelligence and Security Committee provides democratic scrutiny of the finances, policy and administration of our three intelligence agencies – MI5, MI6 and GCHQ. Only two decades ago it was regarded as unthinkable that parliament should have a role in this shadowy area of the State but the relationship has developed such that the Agencies now accept a greater level of accountability, and have greater respect for the independence of the ISC.

The coalition believes there is room for stronger oversight still and proposes giving the Committee further powers. The ISC is currently chaired by former Foreign and Defence Secretary, Sir Malcolm Rifkind, and Committee members are Hazel Blears, Robin Butler, Menzies Campbell, Michael Ancram, Julian Lewis, Paul Goggins, George Howarth and Mark Field. On Wednesday, Mark spoke at the Cyber Defence & Network Security Conference 2012 in his capacity as a Committee member.

The full speech can be read in the Speeches section and is précised below.

The growth of the internet is the defining technological change of this generation. Not only has it transformed the way we communicate, socialise, transact, consume, but it has linked the world in ways seemingly unimaginable even a decade ago.

The inevitable impact on the political sphere was clear for all to see last year. The Arab Spring, the rapid coordination of global protest movements, the London riots, the continued dramatic, debilitating drip of Wikileaks – these events were not necessarily foreseen, but they were in part facilitated, and certainly enormously accelerated, by the internet.

In 1995, the number of web users stood at 16 million. That figure has mushroomed to the over two billion users we see today. Such expansion brings exciting economic, political and cultural opportunities. But it also heralds a new age of previously unseen threat. With a total disregard for convention and an ability to break down perceived norms at staggering pace, the internet presents to diplomat, politician, businessman and everyday citizen alike a challenge of epic proportions. That challenge is likely only to be magnified with the rise of cloud computing and the movement of more personal data and government services online.

Public authorities will need to be nimbler, faster and more responsive and adaptive than ever before. How can that be done? And how can we make sure that the British government is fulfilling its duty to safeguard and protect its citizens in this brave new virtual world?

It is here that parliament’s Intelligence and Security Committee, of which I am a member, plays a part. Chaired by former Foreign and Defence Secretary, Sir Malcolm Rifkind, a key element of the Committee’s remit is to hold the government to account when it comes to ensuring that our security services are implementing a robust cyber strategy.

The threat from the expansion of the internet falls into three categories: criminals, states and terrorists.

According to NATO, criminal intent now accounts for ninety percent of malicious cyber activity. Online fraud, for instance, is now being perpetrated on an industrial scale and many criminals base themselves in foreign jurisdictions, making their successful prosecution tricky.

Far lower in volume, but more significant in national security terms, is the risk from Hostile Foreign Activity from other states. Cyber space means that countries no longer have to invest in global networks and pursue complex operations with high level agents when it comes to espionage.

The volume of e-crime and attacks on government and industry systems continues to be disturbing. Attempts to steal British-owned intellectual property, namely patents, ideas and designs to gain commercial advantage are commonplace. Similarly attempts to profit from secret knowledge of confidential contractual arrangements are potentially massively damaging. Such intellectual property theft represents a substantial attack on the UK’s continued economic wellbeing.

Finally, international terrorism. We are all aware that terrorists have ruthlessly exploited the internet as a vehicle for the dissemination of propaganda as well as a means to exchange technical knowledge. Indeed, it has proved the ideal outlet for groups such as Al Qaeda to radicalise new recruits and distribute its extremist material.

As a consequence of such threats, part of the last Spending Review settlement saw £650m of funding announced over four years to implement a National Cyber Security Programme. It is intended that this Programme will overhaul the UK’s approach to tackling cyber crime.

While the coalition’s Natural Security Strategy is to be welcomed, concern remains about the number of units in different departments and agencies (some eighteen that we were aware of) with fingers in the cyber pie. This undoubtedly represents an opportunity for duplication, confusion and inefficiency which surely cannot be cost-effective.

As a Committee, we have also been critical of the ministerial lines of accountability for cyber issues. They had been deeply flawed, with the original Minister in charge (in the Home Office) having no direct responsibility for the unit in the Cabinet Office that had been coordinating the government’s response. Thankfully this has now been rectified.

Cyberspace is quite clearly going to continue to be one of the great challenges of our day. We need to develop a collective approach to our security in this regard which will make UK networks resilient in the face of threat. In the ISC, the UK has powerful parliamentary oversight of our security services which is likely only to be strengthened further in future, trusting that the government’s proposed reforms will be adopted. The relationship between Agencies and Committee, built up over many years, is strong and trusting, unconstrained by the Committee’s narrow legal remit and I have no doubt that as a Committee, we shall continue with pride our role of holding the government and its agencies to account.