UKPOL.CO.UK

Category: Technology

  • Lee Rowley – 2022 Comments on the Smart Manufacturing Data Hub

    Lee Rowley – 2022 Comments on the Smart Manufacturing Data Hub

    The comments made by Lee Rowley, the UK Industry Minister, on 18 May 2022.

    As we embrace the digital manufacturing revolution, it is vital manufacturers across the UK can capitalise on the productivity and growth gains that come with the adopting the latest data-led digital technologies.

    The Smart Manufacturing Data Hub, backed by £20 million of government funds, will support companies to implement cutting edge production and process techniques themselves, helping bring the next generation of products to our shelves in a more efficient and sustainable way.

  • Nadine Dorries – 2022 Statement on a New Pro-competition Regime for Digital Markets

    Nadine Dorries – 2022 Statement on a New Pro-competition Regime for Digital Markets

    The statement made by Nadine Dorries, the Secretary of State for Digital, Culture, Media and Sport, in the House of Commons on 11 May 2022.

    This is a joint statement with the Secretary of State for Business, Energy and Industrial Strategy.

    Last week, we published the response to the consultation on a new pro-competition regime for digital markets. As we move to build back better from the pandemic and level up opportunities throughout the UK, unlocking growth in the digital economy has never been more important or urgent.

    Digital technologies make an enormous contribution to the UK economy and are positively transforming our daily lives. However, weak competition in digital markets is stifling economic growth and imposing unnecessarily high costs on British businesses and consumers. That is why the Government have committed to establishing a new pro-competition regime for these markets. This will boost competition, drive innovation, and protect those people and businesses that rely on a very small number of immensely powerful tech firms.

    Our regime will be able to place obligations on these firms to make it easier for users to communicate across different platforms, switch to smaller providers and deliver new, better alternatives for consumers. The Digital Markets Unit will also introduce clear rules on how the most powerful tech firms should treat businesses and consumers when delivering key services such as social media and online search. These rules will make sure these tech firms are transparent and trade on fair and reasonable terms.

    Competition is key to unlocking the full potential of the digital economy as more choice will lower prices for everyday goods and services that rely on online advertising. Countries around the world are developing their policy and regulatory approaches. Now that we have left the EU, we have the freedom to take a bold new approach to regulation in order to ease burdens for businesses, boost competition and help drive a new era of productivity and prosperity for all the UK’s communities and nations. The UK is leading the global debate, as demonstrated during our G7 presidency last year where countries agreed to deepen international co-operation. Last week’s publication set out how the new regime will deliver a world-leading, innovation-friendly approach to driving up competition in digital markets.

    The set-up of the Digital Markets Unit last year was a major milestone in delivering the regime. We want to maintain this momentum. We set out the design of the regime in our public consultation which closed on 1 October 2021. We received a large number of submissions to our consultation including from trade associations, the tech sector, SMEs, academics, consumers and representative groups. There is strong support for the regime and growing calls for it to be delivered urgently.

    This response builds on the consultation and sets out how the regime will work. In particular:

    The new pro-competition regime will be overseen and enforced by the Digital Markets Unit (DMU), housed within the Competition and Markets Authority (CMA). The regime’s core objective will be to promote competition in digital markets for the benefit of consumers, lowering prices and increasing transparency and fairness. The DMU will work closely with other regulators through a statutory duty to consult them where proportionate and relevant.

    A small number of the most powerful firms with entrenched and substantial market power that affords them a strategic position in the market will be designated, by the CMA, as having strategic market status and will fall within scope of the regime; these designation parameters, including a minimum revenue threshold, will be outlined in legislation and supported by guidance.

    Once designated, firms will be subject to new and binding conduct requirements to manage the effects of their market power by shaping their behaviour and rebalancing the power between big tech and those who rely on them. The regime will give the regulator the ability to tailor these requirements for firms, to account for the most relevant harms and risks. These requirements will be limited by a set of categories set out in legislation. Rules may include giving consumers clear and transparent information on how their data is used, or preventing a firm ranking its own products more highly in a search result where it harms consumers.

    The DMU will also proactively tackle the root cause of market power by making targeted and proportionate pro-competitive interventions. These will ensure that businesses across the economy that rely on very powerful tech firms, including the news publishing sector, are treated fairly and can succeed without having to comply with unfair terms. The DMU will have broad discretion to design and implement remedies, including trials, after an evidence-based investigation.

    To ensure the regime’s effectiveness, the DMU will have robust enforcement powers. This includes the ability to impose financial penalties of up to 10% of a firm’s global turnover for breaches. There will also be the option to hold individual senior managers accountable.

    The costs of the regime will be partially recouped by levy funding, providing smooth and predictable resourcing for the DMU while ensuring best value for money for the taxpayer.

    Finally, designated firms will also be subject to new merger reporting requirements, ensuring greater transparency over their impacts on competition.

    2022 is a landmark year for shaping the rules that govern digital technologies around the world. The UK is at the forefront of this, driving forward groundbreaking work, including on online safety, digital competition, data protection, and cybersecurity. Our outcomes-focused and proportionate regulatory approach will be tailored to maximise benefits to the UK economy.

    The new pro-competition regime also complements the BEIS-led “Reforming Consumer and Competition Policy” consultation, which considered broader competition reforms and made a number of proposals which will also help to improve competition in markets more widely and fair treatment of consumers in digital markets. The response to this consultation was published in April.

    The CMA and Ofcom last week published advice on how the regime would govern the relationship between platforms and content providers including news publishers. The DMU must be able to intervene to ensure fair and reasonable contractual terms, and we are considering the use of binding final offer arbitration as a backstop enforcement mechanism to resolve disputes where needed.

    I will be placing copies of the response in the Libraries of both Houses, and it is also available on gov.uk.

  • Julia Lopez – 2022 Statement on App Security and Privacy Interventions

    Julia Lopez – 2022 Statement on App Security and Privacy Interventions

    The statement made by Julia Lopez, the Minister for Media, Data and Digital Infrastructure, in the House of Commons on 11 May 2022.

    I am pleased to inform the House that the Government have published a document titled “Call for Views on App Security and Privacy Interventions”, which sets out proposed interventions to protect consumers from malicious and poorly developed apps.

    App stores can serve as trusted digital marketplaces that help protect users, but this Government expect them to have the right processes to check that apps are not a risk to users’ security and privacy. While many app stores have vetting and review processes, malicious and insecure apps continue to make it onto some stores. Developers also have a clear responsibility for ensuring that they are creating apps with appropriate security and privacy. Given the increasingly important role apps play in everyday life, we need to take action to manage the potential risks associated with using apps.

    A key ambition of our new national cyber strategy, published in December 2021, is to reduce cyber risks so businesses can maximise the economic benefits of digital technology and citizens are more secure online and confident that their data is protected. The Government’s work on app security and privacy will put in place a framework that ensures operators of app stores and developers are taking appropriate steps which mean that users are not put at risk from malicious apps. The national cyber strategy also pledges to secure the next generation of connected technologies, for which apps can often be an important enabler. Additionally, as set out in the plan for digital regulation, we will ensure our overall approach to governing digital technologies is proportionate and supports growth and innovation within the sector.

    The interventions suggested in this publication include a voluntary code of practice that sets out baseline security and privacy requirements for app store operators and app developers. The code would be a first step in a series of policy interventions intended to protect consumers from malicious and insecure apps, with the possibility of regulating aspects of the code in the future, should these policy interventions not achieve the desired outcome. These proposals complement work that is already happening across Government to help protect users and establish a pro-competition regime for digital markets, which will introduce new rules to ensure digital consumers and businesses are treated fairly so that new and innovative tech firms can flourish. As digital markets evolve, such as the distribution and methods for accessing apps, our focus will be to ensure that users are protected and developers are building apps with appropriate levels of security and privacy.

    Alongside this publication, we have launched an eight-week call for views process, where we will be welcoming the public’s views on the proposed interventions. These views will help shape UK Government policy over the coming years and allow both consumers and businesses to securely use apps as part of everyday life, helping make the UK a stronger and more secure place for people and businesses.

    I will place a copy of the “Call for Views on App Security and Privacy Interventions” document in the Libraries of both Houses.

  • Steve Barclay – 2022 Speech at Cyber UK

    Steve Barclay – 2022 Speech at Cyber UK

    The speech made by Steve Barclay, the Chancellor of the Duchy of Lancaster, on 11 May 2022.

    Thank you, Lindy. Good morning colleagues.

    Across the Cabinet Office and No10 we see the range of threats that our country faces.

    Core to our defence is the work of you Lindy, and your colleagues at the National Cyber Security Centre. So firstly a huge thank you to you, but also to all those in the room who do so much to keep us safe.

    And it is these threats that I want to talk about this morning – particularly in the context of Russia’s brutal invasion of Ukraine.

    But also the huge opportunity that cyber in the UK currently presents, including setting out the whole of society approach that is integral to tackling those threats but also achieving the UK’s potential and indeed building on the comments of Sir Jeremy yesterday.

    Much progress to protect us from the risk of internet-based attacks has been made since the launch of the UK’s first National Cyber Strategy, with cyber experts thwarting 2.7 million online scams last year alone – more than four times that of 2020.

    The NCSC has said that it believes that Russia continues to pose a significant and enduring cyber threat to the UK.

    And yesterday, the UK – along with the EU, the US and other allies – said that Russia was responsible for a series of cyberattacks mounted since the invasion of Ukraine.

    Their impact has been felt across Europe, in disrupted access to online services and even in the operation of wind farms.

    And Russia has said it sees the UK’s support for Ukraine as ‘unprecedented hostile actions’ – and as Avril Haines said yesterday, Putin is preparing for a long conflict.

    So we must all, therefore, consider the likely long-term threat, so that we are as prepared as we possibly can be.

    And the greatest cyber threat to the UK – one now deemed severe enough to pose a national security threat – is from ransomware attacks.

    Should the UK face an attack on the scale previously inflicted on Ukraine’s critical national infrastructure sites, businesses and the public should not expect to receive advance warning.

    Preparedness is therefore essential.

    And our defences must be in place: ready for whatever comes in whatever way.

    This is why the work, Lindy, of the NCSC is so important.

    And I am sure many of you here today have had the benefit of their knowledge and free resources.

    But it is crucial that we spread the word wider.

    I was delighted to learn that the NCSC’s cyber advice for businesses was accessed over 100,000 times after Tony Danker, the director general of the CBI, and I wrote a piece for The Times.

    And that 3,000 schools have accessed the NCSC’s new cyber defence tools for schools in the first week after its release.

    But of course there is no room for complacency.

    Every member of the public has their part to play; every company in a supply chain can make sure they are not the weakest link.

    Because making sure we are ready, as Sir Jeremy said yesterday, is a whole of society effort.

    And that is one reason why the conference CyberUK is a calendar highlight – an opportunity to channel the expertise, enthusiasm and enterprise across government and business.

    But also a great opportunity to shine a light on the national success story that digital and cyber has become.

    Thanks to our work together, I am determined that the UK will be the world leader for innovation, gaining a digital education, and indeed having an open, safe and reliable internet.

    And this allows us to take full advantage of the broader social and economic opportunities of the digital age, which is at the core of our National Cyber Strategy.

    And make no mistake: the record £2.6 billion of Government funding is a statement of our intent.

    As the Prime Minister has said: ‘We want the UK to regain its status as a science superpower, and in doing so to level up.’

    Cyber is key to this mission.

    It is no accident that we are here today in the heart of Cyber Wales’s Ecosystem.

    Having previously met in Glasgow.

    And next year we will be off to Belfast.

    Evidence of the Union working to benefit the whole of the United Kingdom.

    I also note, as many in the room will be aware, that today is the 25th anniversary of the supercomputer Deep Blue beating the chess champion Garry Kasparov – in a man versus machine contest that indeed astonished the world.

    Now back then, Deep Blue was a project costing $100million. The computer weighed 1.4 tons with two, six-foot five-inch black towers.

    Compare that today, to the mobile phones in our pockets matching it for processing power.

    Such is the speed of progress, digital technology has already grown to touch every aspect of our lives.

    Democratising threats, but also playing an important part in our future growth, with the potential for huge economic gains.

    Look at what the cyber security sector alone contributed to the UK economy last year: generating £10.1 billion in revenue and it attracted more than a billion pounds in investment.

    Thanks to 6,000 new jobs being created, over 52,000 people are now employed in cyber security and – I think importantly – more than half of them are outside London and the South East.

    So as well as Wales, cyber security clusters are flourishing in Scotland, Northern Ireland, in the North West and in the East Midlands.

    But we want to see more start-ups – like the new collaboration between NCSC and the five tech companies to develop low-cost ways to tackle ransomware attacks which is testimony to the UK being the best place for innovation outside Silicon Valley.

    As the country builds back from the pandemic, the cyber skills revolution will help fuel growth, equip people to build and switch into new careers.

    And to stay working where they grew up, spreading opportunity all around the UK.

    Through our CyberFirst bursary programme, more than 100 students receive £4,000 and eight weeks paid training or development work with government and industry; leading to a full-time role when they graduate.

    And now those working in cyber– including indeed people here today – will have the chance to become chartered professionals, as the UK Cyber Security Council has been granted its Royal Charter in recognition of the invaluable work it is doing to raise standards and ensure good career pathways.

    Of course, investment in business and skills is immensely important to the economy and jobs. But it is also essential to help us preserve the UK’s core values of democracy and free speech – as we are doing through our Online Harms Bill.

    From my conversations with heads of schools, business leaders and chief executives, the message of the need to keep people safe online is indeed landing and it’s spreading; with key sectors stepping up to do their bit.

    In schools, we now have more than 1,500 teachers signed up to deliver our Cyber Explorers programme, seeding their enthusiasm in younger students for maintaining a safe and resilient cyber space: and I’m indeed looking forward to meeting pupils from St Joseph’s School here in Newport to hear their experiences of the CyberFirst Girls Competition.

    We also have the National Cyber Force combining the hard and soft power from our military and intelligence services to counter the threats that we face.

    And Government has been working with partners across the sector on legislation in order to help keep us safe online.

    We’re protecting consumers by enforcing minimum standards in connected products, through the Product Security and Telecommunications Infrastructure Bill – so the ‘Internet of Things’ doesn’t become the ‘Internet of Threats’.

    Telecoms operators that fail to meet security standards will face heavier Ofcom fines under the Telecommunications Security Act.

    And just yesterday the Data Reform Bill, in the Queen’s Speech will ensure that personal data is protected to a higher standard, and enable stronger action against organisations for a breach.

    Together this legislation will play a significant role, but we also alongside it require a global approach.

    In these uncertain times, international allies are essential: in intelligence-sharing, shaping the governance of cyberspace, and deterring irresponsible behaviour and ensuring cyberspace remains free, open, peaceful and secure.

    The road to free and resilient cyberspace runs through our friends in Warsaw and Bucharest all the way to Kyiv.

    And the UK was among the first states to set out how the rules-based international order extends to cyberspace – and it’s something my colleague Suella Braverman, the Attorney General, will be saying more about at Chatham House next week.

    Last year, when I launched the National Cyber Strategy, we said that Ransomware had become the most significant cyber threat facing the UK. It is therefore imperative that we continue to prepare for the future, and learn from past attacks – at home and indeed abroad.

    We must not drop our guard, underestimate the threat or take our eye off the ball when it comes to our cyber defences across society.

    In the run-up to the Ukraine invasion, Russia unleashed deliberate and malicious attacks against Ukraine.

    The Ukrainian financial sector was targeted by distributed denial of service attacks that took websites offline.

    With the UK government declaring the Russian Main Intelligence Directorate, the GRU, as being involved.

    Since then, evolving intelligence about Moscow exploring options for cyberattacks prompted last month’s joint advisory from the UK and our Five Eyes allies – that Russia’s invasion of Ukraine could expose organisations within and beyond the region to increased malicious cyber activity.

    Some UK citizens have already felt the impact of cyberattacks.

    And some authorities estimate that in 2020, ransomware attacks may have cost the UK economy a minimum of £615 million.

    Over the past year, the National Crime Agency has received on average one report from victims of a Russia-based group responsible for ransomware attacks in the week. One report a week. Indeed, some authorities have estimated that over the last year global ransomware payments are up 144%, and the average demand is $2.2 million.

    But the number of incidents – and indeed their economic cost to the UK – is likely to be much higher. Law enforcement teams believe that most attacks go unreported: perhaps through embarrassment or a reluctance to admit that money has indeed changed hands.

    So, I would encourage any organisation that suffers an attack to come forward, report it to Action Fraud who run our 24/7 cyber reporting line.

    By doing so, you will help us to strengthen our individual and collective resilience as we learn from each other.

    In one attack in the UK, the National Crime Agency alerted a public sector organisation to an ongoing breach of its systems. Within hours, the NCA had identified the compromised services and located the exfiltrated data, which it later managed to take down; so that no personal information got out.

    What we learned is that our controls quickly spotted the incident and our reaction was swift.

    And we were then able to share useful evidence with industries so they can learn and prepare for similar attacks.

    The government is stress-testing its own defences, too.

    The more complete our security picture, the better we would handle any attack.

    And in the context of our most capable adversaries becoming more sophisticated, I can announce that we have agreed support for the next decade of UK cryptographic capabilities – nothing less than the entire ecosystem that keeps government safe – recognising the vital national importance of our sensitive sovereign Crypt-Key technology.

    Now, computer professionals tell me there is only one sure-fire way to know a computer is never hacked. Never connect it to the internet.

    But – let’s be realistic. That’s not an option.

    Which is why we have to work together.

    Through the NCSC’s world-leading tools and advice.

    Through acting with international allies.

    Through legislation.

    Through protecting our own government systems.

    But most importantly through harnessing our collective strengths and acting as one, building, as Sir Jeremy set out yesterday, a whole of society response.

    This is at the heart of the National Cyber Strategy, treating the cyber domain as no longer being a niche concern simply for the IT team – but as a wide-ranging grand initiative.

    Being a responsible, durable, effective cyber power cannot be achieved by government alone.

    So we want to work with industry, universities, schools and individual citizens getting involved.

    Working together. As a whole society.

    Thank you very much.

  • Jeremy Quin – 2022 Speech at SupportNET 22

    Jeremy Quin – 2022 Speech at SupportNET 22

    The speech made by Jeremy Quin, the Minister for Defence Procurement, on 28 April 2022.

    Two years ago I was relatively new in post and I regret I wasn’t able to join you on that occasion but now I know it was referred to as a Support Net superspreader event and therefore perhaps I regret it a little less.

    It is great, in happier circumstances, for us all to be together in the same room.

    Last year I joined you virtually and I recall quoting then from the Chinese philosopher Sun Tzu, who you will all be familiar, who said the line between success and failure is of course logistics.

    This year, I don’t feel I need to delve 2,000 years into Chinese literature to make the same point. We’ve been seeing it daily on our television screens.

    Those pictures of the 40-mile Russian convoy sat stuck on the road to Kyiv have become some of the defining images of Putin’s war.

    Indeed, Russia’s failure in almost all of its initial objectives may be found to be deeply rooted in the logistics and supply mistakes, amongst others, that they have been making.

    Expensive equipment is getting literally bogged down because it relied, in part, on failing old tyres which have been unmonitored.

    Russian soldiers have been relying on cheap handheld radios because theirs don’t work.

    And, if reports are to be believed, they’ve even resorted to scavenging and looting because their rations are not just weeks or months but years out of date.

    Napoleon, who learned a few things about logistics of the cold climate as you’ll recall, famously talked about an army marching on its stomach.

    And it’s fair to say that the UK has a good track record when it comes to Defence logistics and support networks.

    And we’ll be reminded in this, the 40th anniversary year of the Falklands War, that we succeeded in maintaining an 8000-mile-long supply chain that ultimately led us to victory.

    And just last year, we utilised every asset of Defence to carry out the biggest peacetime airlift in history from Kabul.

    But in this new era of rising threats – where war in Europe is no longer a distant memory but a stark reality – we cannot afford to take our eye off the ball.

    Last year, I spoke about the publication of our Integrated Review and the Defence Command Paper, which constituted the biggest review of our Defence since the end of the Cold War.

    Those two documents recognised the importance of getting logistics right.

    Not simply by reorganising the Army into more self-sufficient Brigade Combat Teams able to meet demand by drawing on their own dedicated logistics and combat support units.

    But by investing in modernising and transforming engineering and logistical support systems to improve the availability and sustainment of our capabilities, our equipment and our people across all the domains.

    Indeed, the Defence Support organisation was created to pursue these common goals.

    They are making sure that no British serviceperson suffers that Russian ration fiasco.

    In fact, today I can reveal that we have been trialling new, nutritionally balanced ration packs, which show a 23% increase in performance for Commando Forces – despite being smaller and lighter to carry. Napoleon no doubt would have approved.

    But this is only a small element in the start of the transformation in logistics that we’re looking for. From my perspective, I want to see and succeed in meeting four key objectives.

    First, we must strengthen our strategic base.

    In other words, the infrastructure and systems upon which we depend to store our stock and to process complex transactions that supply materiel to the front line.

    Over the past year, our Agile Stance Campaign Plan has been probing the fragilities in our supply lines and fixing them.

    I’m glad to say we’re now seeing accelerated investment in sites like Longtown on the Scottish borders, the development of a Supply Chain Strategy that will enable improved agility and resilience, and an enhanced focus on Supply Chain Resilience.

    But I know the people here in this room are likely to have plenty more enterprising and innovative solutions to some of the challenges we face. And I’m very keen to hear from you.

    How do we increase scalability and production through the lifetime of a platform?

    To what extent can we be standardising parts across Defence so that they will always be available, rather than buying our whole stock of wheelnuts for tanks up front and then storing them somewhere indefinitely?

    Can we change commercial agreements so that industry holds the financial liabilities for maintaining stock levels? Would that incentivise industry to design around off-the-shelf solutions more readily?

    My second objective touches directly on the theme of today’s conference – improving the readiness and availability of our equipment.

    Whether that’s through more resilient designs for future platforms, or better through-life management. Here too there are critical questions to consider around contracting for availability.

    For example, should we have contracts which ensure kit is ready for a set number of days in a year?

    How do we best work together to ensure that our bottom-line availability requirements are always met?

    Involving industry contractually in the numbers and maintenance required from the outset for our equipment.

    The Army and Navy are already starting to integrate these ideas. The former’s Land Integrated Operating Service specifically addresses support contracts and seeks better equipment availability and through-life management.

    While the Naval Enterprise Support Strategy is about reducing the amount of time vessels spend in maintenance by working with an agile, global supply chain and support network.

    My third aim is about rapidity in the digital world. Our Command Paper tasks us with creating a digital spine that underpins everything else in our transformed Defence network.

    But that spine needs to be able to exploit data through a common digital architecture, spanning factory to foxhole, to ensure agile, flexible support that is suited to the demands.

    And it needs to ensure the interoperability of every platform we use throughout our organisation, and those of our allies too.

    It might sound simple, but the magnitude of the task is simply daunting when you consider the number of organisations tied into this common digital framework and the security implications of that.

    It is another area where we are looking to draw on your expertise.

    What is the best way to ensure every new platform we invest in can be plugged into the same digital spine for decades to come?

    How can we exploit the Business Modernisation for Support programme to fundamentally revolutionise our processes, enabling those in support to generate your own part of the digital spine?

    My fourth and, you’ll be pleased to hear, my final point is about sustainability and resilience.

    The imperative for energy security has been underlined in recent weeks as nations scramble to reduce their reliance on Russian oil and gas.

    This is not just a major concern for the cost of living in our country; it also has a direct effect on Defence procurement.

    The platforms we procure today will likely be around in 20 years’ time, by which time our current reliance on hydrocarbons will have been reduced in favour of electric, hydrogen and other energy solutions.

    But we must be ready for this change while recognising there are real operational benefits to becoming more sustainable that go well beyond earning plaudits for being socially responsible.

    Consider that an armoured vehicle which can run silently and recharge itself from the sun – what an enticing prospect for Defence.

    If we don’t have a long logistical tail, we will be far less vulnerable to future threats.

    We are already seeing successes with the launch of our Prometheus programme of solar farms on Army land, as well as the development of the world’s first biofuel for fighter jets.

    The massive price hikes we’ve seen for hydrocarbons show the enhanced resilience on which we can benefit in this renewable space.

    As I’ve already intimidated, we can’t achieve these four Rs – real estate, readiness, rapidity and resilience without working together.

    We need partners who are ready to work with us on defining new patterns that achieve our joint objectives. Partners committed to skills development and innovation.

    Partners who will help us identify problems and join forces in finding solutions.

    I am determined to get this partnership with all of you in this room right.

    Last year I spoke about how we are using the Defence and Security Industrial Strategy to reform relationships with the sector.

    Since then, we have made progress, by strengthening our Defence Suppliers Forum and setting up new working groups for SMEs.

    By using our National Security Technology and Innovation Exchange to give industry and academia the world-class facilities they need to succeed.

    And by establishing Regional Defence and Security Clusters to promote skills sharing and foster collaborations between higher tier Defence suppliers and SMEs across the country.

    But I do want you to tell me what more we can do.

    So the ball is being thrown back into your court.

    I’ve spoken about our aims, our ideas and some of the frictions involved. But I want your take on how we take this symbiotic relationship between Government and industry to the next level.

    Be in no doubt, in this more dangerous age, we are only too aware of your value, and we’re determined to have your back because we know that when the chips are down, you will have ours.

  • Matt Warman – 2022 Speech on the Computer Misuse Act 1990

    Matt Warman – 2022 Speech on the Computer Misuse Act 1990

    The speech made by Matt Warman, the Conservative MP for Boston and Skegness, in Westminster Hall on 19 April 2022.

    I congratulate my hon. Friend the Member for Bridgend (Dr Wallis) on securing this debate. I myself put in for a debate on this issue a while ago, but the gods obviously smile more on Bridgend than they do on Boston. Nevertheless, I welcome this opportunity to debate the issue.

    I thank the Minister and his officials for several meetings that he and I have had about this issue relatively recently. All were prompted, as my hon. Friend the Member for Bridgend said, by CyberUp and by Kat Sommer, who deserves to be cited in Hansard for her persistence, among many other things.

    This is an important but technical issue. I will be honest and say that I am not completely certain that the Computer Misuse Act 1990 is broken, but I am certain that it can be improved, by one means or another. That is because, as my hon. Friend the Member for Bridgend said, the structure of the cyber-security industry has changed since the Act came into force, and is different from almost any other part of the national security set-up. If we were to ask whether academics have a right to interrogate systems for the purposes of research, we would definitely say yes. If we were to ask whether businesses have the right to interrogate those same systems, we would assume that it was for commercial purposes and that it was important to have different rules.

    It is also a sector where a lot of very small-scale research is done by individuals—some of them literally in their bedrooms. There is a very diverse set of people looking for loopholes and vulnerabilities. Uncovering those vulnerabilities—be they in banks, businesses or any other area where we all rely on the internet—is categorically in the public interest, even if it may also be in the interests of businesses, researchers or people looking for bounties given by large businesses to uncover those vulnerabilities. Those businesses realise that it is in their interests to provide the maximum security to their customers or users.

    That gets to the heart of why the Computer Misuse Act matters. On the one hand, it seeks to prevent hacking and other things that we do not want to see done by people with malign intent; but on the other hand, it risks fettering the ability of people with the public interest at heart to solve issues that we would all like to see solved. Admiring the problem is the easy bit; the hard bit is trying to work out what we should do about it.

    There are a couple of things that we should not do. We should not introduce a blanket public interest defence for anyone who goes looking for things that might subsequently be perceived as a loophole or bug in a system. To do that would potentially give carte blanche to anyone who got caught, allowing them to claim that they were going to fess up about it, rather than benefit from it themselves. A public interest defence that goes too far should be avoided. I find it hard to imagine how a public interest defence might be constructed that does not, inadvertently or otherwise, go too far.

    The other thing that we should not do—notwithstanding the figures that my hon. Friend the Member for Bridgend quoted—is assume that cyber firms of any sort should not be mindful of legislation such as the Computer Misuse Act. Of course, if someone is doing research they should consider what is legal. It is a good thing, not a bad thing, that it is a factor for consideration for those who are engaged in the cyber-security industry. We should be mindful of how we can fix the Act, rather than just sweep it away altogether. I come to a point that was made a moment ago; those issues can probably be addressed through enhanced guidance that provides a degree of legal comfort to the unsurprisingly risk-averse lawyers who work for cyber firms and others. Such guidance would not provide carte blanche to people who might have malevolent intent.

    Criminals will not be looking at the CMA and wondering whether what they are doing is legal; by definition criminals are not bothered about whether they are breaking the law. However, there is an important grey area, and we should not create an unintended opportunity for people to defend themselves in court. I implore the Minister to continue his work on the review of the Act, which is really important, but with some minor legislative tweaking we could provide the comfort that the industry rightly asks for and could continue to secure the excellent reputation that Britain has and, as the hon. Member for Strangford said, that Belfast has, for being a world-leading cyber power. We can build on that success because the CMA is an example of a bit of legislation that, although very old, has largely stood the test of time for a lot longer than many might think.

    I will close by simply saying that the principles embedded in the CMA are not bad ones. Whenever it comes to legislating for the internet, we should realise that the internet has not necessarily reinvented every single wheel, and principles that apply offline can be applied online. In this case, they need a little bit of updating, but I do not think we should throw the baby out with the bathwater, as the hon. Member for Strangford said.

  • Jim Shannon – 2022 Speech on the Computer Misuse Act 1990

    Jim Shannon – 2022 Speech on the Computer Misuse Act 1990

    The speech made by Jim Shannon, the DUP MP for Strangford, in Westminster Hall on 19 April 2022.

    It is a pleasure to speak in this debate, Sir Mark. I commend the hon. Member for Bridgend (Dr Wallis) for setting the scene so well. I look forward to contributions from others, especially the Minister. From previous experience of dealing with the Minister, and of partnership and co-operation with him, I believe that his answers will be helpful to us. Whether we are technically-minded or otherwise, we all recognise the key issues to which the hon. Member for Bridgend has referred. Why is this issue so important? It is because, as the hon. Gentleman has said, stakeholders have expressed deep and real concerns about the poor security of many devices. I will speak first about individuals and companies, and then probably take my arguments a wee bit beyond that.

    Insecure devices can compromise privacy or be hijacked and used to disrupt other uses of the internet. That happens every day in my constituency and across the whole United Kingdom of Great Britain and Northern Ireland. The Government set in motion a strategy, which was first mooted in 2016, that set a date of 2021 for most online products and services to be cyber-secure by default. Will the Minister in his response tell us whether those targets have been met, and if they have not, when will that happen? DCMS has proposed a voluntary code of practice. I certainly would have liked to have had something mandatory in the system. Perhaps the Minister will indicate whether that is his and the Government’s intention.

    I cannot profess to be technically-minded, but my staff are. They tell me that it is possible to access personal and confidential data, including on bank accounts, through our phones. That is why the debate is vital and why we need to seek from the Minister the reassurance that the protections that people need and want are in place. There is not a week in my constituency when people do not come to me about such issues. If someone phones an individual and talks about that individual’s bank account, it is not their bank. If someone phones and asks personal questions about confidential data, they are not legitimate.

    In the recess, I watched a consumer programme which highlighted a scam that looked so convincing—what was happening looked absolutely correct to the untrained eye—but the experts looked into the issue and were able to help the person who was being scammed to thwart the scammer. As I have said, there is not a week when I do not hear about a scam. Usually, they are against elderly people, but also against others those who inadvertently give out details and lose their savings. Just a few months ago, a gentleman in my constituency was scammed. The appearance of legitimacy and truthfulness meant that he did not fear that it was a scam, but he lost £20,000, which has never been retrieved.

    Cyber-attacks are one of the most common types of crime experienced by individuals in the UK. According to national crime statistics, some 2.4% of adults in 2017 and a higher percentage today will have experienced cyber-attacks, including on their personal computers, which is what this debate is about; I thank the hon. Member for Bridgend for setting the scene.

    User behaviour is a factor in the poor cyber-security of consumer devices, whether by the individual or the system that they use. The 1990 Act needs to be reviewed to provide greater protection. Some user behaviours include using default, weak or reused passwords. What can we do? We need to establish good practice in the industry, improve the cyber-security of consumer products, adopt a vulnerability disclosure policy, make software updates available for stated lengths of time, and inform consumers on setting up, managing and improving the security of household connected devices, as in the DCMS’s own code of practice, which was published some time ago.

    UK infrastructure must be protected. The Government have identified cyber as one of the top six tier 1 threats. Cyber-crime costs the UK some £1.27 billion per year, with about 60 high-level cyber-attacks a month, which indicates the magnitude of the problem. Many of the 60 high-level cyber-attacks a month threaten national security, which is also why this debate is important.

    The hon. Member for Bridgend referred to Ukraine. Russia launched a cyber-attack on Ukraine’s electricity network back in 2015. Some quarter of a million people were impacted by that attack, which I think he also referred to. That example shows that even six or seven years ago, before the war, cyber was being used as an instrument of war by Russia, and indicates how much cyber-attacks can disrupt and compromise. Cyber-attacks are a method of warfare, which is why I support the hon. Gentleman’s call for legislative change.

    I will make a plug, as I always try to do in these Westminster Hall debates. The Minister will be well aware that Belfast is a cyber-security stronghold and is very much at the forefront of cyber-security development. Belfast has become a capital of security. Any new cyber legislation must not prevent cyber-security experts from doing what they do best, which is finding the loopholes in programs.

    Much consultation must take place to ensure that the Government do not tie the experts’ hands or throw the baby out with the bathwater. After all, the experts are combating criminal activity, and abuse and aggression from foreign powers such as Russia and China. Will the Minister confirm that any legislation that is proposed will entail working with companies—for example, cyber-security companies in Belfast and Northern Ireland—to enable their excellent progress to continue?

    I fully support the motion tabled by the hon. Member for Bridgend. I look forward to hearing the contributions from the two Opposition spokespersons, and particularly to the Minister’s response. I hope that he can give us the reassurances we seek, so that we can continue to be at the forefront of cyber-security in Belfast, as we are throughout the whole of the United Kingdom.

  • Jamie Wallis – 2022 Speech on the Computer Misuse Act 1990

    Jamie Wallis – 2022 Speech on the Computer Misuse Act 1990

    The speech made by Jamie Wallis, the Conservative MP for Bridgend, in Westminster Hall on 19 April 2022.

    I beg to move,

    That this House has considered the Computer Misuse Act 1990.

    Before I begin, I draw Members’ attention to my entry in the Register of Members’ Financial Interests, and in particular to my stakeholding in a firm that has offered digital forensic services in the past, but which I understand does not plan to offer such services at least for the next three to five years.

    It is a pleasure to serve with you in the Chair, Sir Mark. I am grateful to have secured this important debate of national security significance, especially considering this morning’s headlines about the potential spyware attack on No. 10. The need for this debate has become more urgent of late, especially considering the barbaric and unprovoked invasion of Ukraine, which has placed a spotlight on the pressing requirement to strengthen the UK’s cyber-security.

    The UK Government have achieved a great deal in developing our cyber-capabilities, spearheading the creation of the National Cyber Force and putting aside a total of £2.6 billion for cyber and IT, which is a significant funding increase on previous years. I strongly welcome the Department for Digital, Culture, Media and Sport working more closely with cyber-security firms, through £850,000 of funding to support the establishment and activities of the UK Cyber Cluster Collaboration.

    Given this Government’s strong record developing our cyber-capabilities, it is surprising that 32 years after its introduction as a private Member’s Bill, the Computer Misuse Act 1990 remains the primary piece of legislation covering cyber-crime in the UK. I am sure we all agree that the technological landscape has altered drastically over the last 30 years. Our existing legislation must urgently be updated to reflect those monumental changes. When the 1990 Act came into law, Margaret Thatcher was Prime Minister, the first website was yet to be published and I was just a toddler.

    The CMA was brought into law to criminalise unauthorised access to computers. In other words, hacking without permission became illegal, irrespective of motive or intent. However, the CMA came into force before the modern cyber-security industry, which now employs more than 52,000 people across 1,800 firms. In 2022, the methods used by cyber criminals and cyber-security professionals are often very similar—sometimes the same. Individuals who work in cyber-security are frequently required to perform actions for which explicit authorisation is difficult, if not impossible, to obtain.

    Contemporary defensive cyber research into computer system vulnerabilities and threat intelligence often involves the scanning and examination of compromised victims and criminal systems to lessen the impact of future attacks—pre-empting what such a hack might resemble to prevent its success. It strikes me as woefully naive to think that criminals will explicitly authorise access to their systems. To do so would be akin to a policeman asking permission to arrest an individual.

    British cyber-security professionals are at risk of being taken to court for obtaining actionable intelligence, which means that as a country we are dissuading vital research from being conducted at a time when countries such as Russia and China are increasingly deploying hostile technologies against us and our allies. Consequently, even though the CMA has been amended several times since 1990, its major flaw is that it fails to allay fear of arrest and/or prosecution among cyber-security professionals as they carry out essential threat intelligence research against cyber criminals and agents of rogue states.

    We find ourselves in a perverse situation where industry specialists who are acting in the public interest—often dealing with issues that are critical to our national security infrastructure—are at risk of being designated a criminal. Even with responsible policing, the CMA can still be used by non-state bodies to pursue individuals through the civil courts, causing considerable financial and emotional injury to well-intentioned professionals. If situations such as these remain possible, future generations of cyber professionals could be deterred from pursuing a highly rewarding career, precisely at a time when we should aspire for Britain to continue its reputation as a global cyber leader.

    In urging for reform of the CMA, I have worked closely with the CyberUp campaign, which argues for updating the law and makes the case that failure to reform is holding back our cyber defences and preventing the upskilling of our workforce. In the “Time for reform?” report published by the CyberUp campaign and techUK in November 2020, analysis of a survey showed that the industry overwhelmingly suggested that the CMA was not fit for purpose. More than nine in 10 respondents said that they

    “did not believe that the Computer Misuse Act represented a world leading example of 21st century cyber crime legislation.”

    With Russia frequently targeting infrastructure through cyber-attacks, it is becoming increasingly urgent that we resolve the contradictions in the CMA. We need only look at the 2017 Russian state-sponsored NotPetya virus, which caused billions of pounds-worth of damage, to appreciate how devastating such attacks can be. At the epicentre of this digital hydrogen bomb in Ukraine, national transport infrastructure ground to a halt, people were unable to withdraw money from ATMs and even the radiation monitoring system at Chernobyl went offline. The current situation is an immense security risk.

    The national cyber strategy, which was published in December 2021, sets out a commitment to improving our resilience to cyber-threats, but currently the strategy is clearly hamstrung because of the CMA. I have spoken to threat intelligence researchers from leading UK cyber-security companies, who have stated that they come up against CMA-related barriers three times a week on average. In those situations, researchers must seek guidance on whether they can investigate without breaching the provisions of the Act. In 80% of such cases, investigations cannot be undertaken. Where investigations can go forward, there is a significant benefit, with the average number of victims who can be identified, and thus warned and supported, varying between a handful and often up to hundreds per investigation.

    We can extrapolate the figures to try to develop a national picture of what is going on. Using data obtained in the DCMS sectoral analysis 2022, the list of CREST threat intelligence providers and statistics from the DCMS cyber breaches survey 2021, we can surmise that the CMA is an active consideration in relation to at least a hundred, but potentially up to 3,000 investigations, each week across the UK in cyber-threat intelligence firms; that is, of course, assuming that all the other firms are similarly conscientious about staying on the right side of the law. That means that up to 2,400 investigations could be abandoned due to sensitivities around the CMA, which in turn could mean that up to 1 million victims remain unidentified and thus under threat from cyber criminals. Financially, it is estimated that the outdated CMA is costing our economy at least £30 million a week.

    Our digital economy is being held back by a law that came into existence when less than half a percent of the population used the internet. We need to make the case that Britain, with its impressive track record in computing, networking and cyber, is a fantastic place to invest, create jobs and upskill our workforce. As it stands, we risk losing out to global competitors with more liberal legislative regulations, such as France, Israel and the United States.

    What practical changes need to be made to the CMA for it to be well placed to rise to the challenges of 2022 and beyond? Industry representatives have directly conveyed to me a strong desire to see the inclusion of a statutory defence for cyber-security professionals who are acting in the public interest. Although I understand the need to ensure an effective balance between protecting legitimate cyber-activity and being able to prosecute genuine criminals effectively, one thing that struck me in my meetings with industry representatives was that even among those who felt relatively at ease about the prospect of prosecution, there remained a strong and genuine fear of arrest, which would involve the seizure of their work devices—the tools of their trade—and cause significant stress to individuals who are proud of their contributions to keeping Britain safe.

    Currently, the only protections in the Act, beyond a few cases where a warrant is obtained, are extendable only to actions undertaken with explicit authorisation. Consequently, for the law to work for 21st-century Britain and its need to defend itself from cyber-attacks, reform should include a legal mechanism and clarify legal ambiguities in order to put professionals at ease.

    Sir Paul Beresford (Mole Valley) (Con)

    I apologise for not being here at the very beginning. My hon. Friend is absolutely correct about a statutory defence, but I understand that that could be achieved without changing the current legislation, particularly if it were done in co-ordination with the Crown Prosecution Service.

    Dr Wallis

    It is important that we respond directly to the concerns of the cyber-security professionals; this is what they have asked for. Meaningful engagement with them will lead to a potential compromise. There is also a need to balance how we act against genuine cyber criminals, and I think that meaningful engagement and working with them will be the way to find that suitable compromise.

    Updating the CMA has widespread cross-party support, with the all-party parliamentary internet group first calling for reform of the CMA in 2004—18 years ago. Since then, the Intelligence and Security Committee’s Russia report has recommended that the CMA should be updated in response to the heightened risk of malignant Russian cyber-activities.

    Although cyber professionals across the country and I greatly appreciate the announcement by the Home Secretary last year of a review looking at the CMA, progress has seemingly been slow. Some 66% of respondents to the Government’s call for information had concerns over the existing legal protections of the CMA, so I hope that the Minister will update us as to whether the review is being expedited, especially considering that there has been an increase in hostile cyber-actions undertaken by rogue states and given this morning’s headlines on potential spyware attacks on No. 10. I would also be grateful if the Minister would meet myself and others from the campaign to discuss the matter further. I look forward to hearing contributions from hon. and right hon. Members.

  • James Cartlidge – 2022 Comments on Court Decisions Made Available On-line

    James Cartlidge – 2022 Comments on Court Decisions Made Available On-line

    The comments made by James Cartlidge, the Justice Minister, on 19 April 2022.

    As we continue to build a justice system that works for all, the National Archive’s new service is a vital step towards better transparency. It will ensure court judgments are easily accessible to anyone who needs them.

    Our first official Government record of judgments is a modern one-stop-shop that will benefit everyone, from lawyers and judges to academics, journalists and members of the public.

  • Nadine Dorries – 2022 Statement on Online Safety

    Nadine Dorries – 2022 Statement on Online Safety

    The statement made by Nadine Dorries, the Secretary of State for Digital, Culture, Media and Sport, in the House of Commons on 17 March 2022.

    Today the Government are introducing the Online Safety Bill. For most people, the internet has transformed relationships and working environments, but illegal and harmful content appearing online is a growing problem. This groundbreaking Bill will keep users safe while protecting freedom of expression and democratic debate online. Under the new laws, in-scope services will need to:

    Tackle criminal activity—There will be no safe space for criminal content online. Platforms will have to remove terrorist material or child sexual abuse and exploitation quickly, and will not be allowed to promote it in their algorithms.

    Protect children—The strongest protections in our new laws are for children and young people. They will be protected from harmful or inappropriate content such as grooming, bullying, pornography and the promotion of self-harm and eating disorders.

    Enforce their terms and conditions—The largest online platforms with the widest reach, including the most popular social media platforms (category 1 services) will need to set out clearly what harmful content accessed by adults is allowed on their sites, and enforce their terms of service consistently, while protecting freedom of expression and democratic debate.

    The strongest provisions in our legislation are for children. All companies in scope of this legislation will need to consider the risks that their sites could pose to the youngest members of society. This Bill will require companies to take steps to protect children from inappropriate content and harmful activity online, including from content such as pro-suicide material. The Bill will also require providers who publish or host pornographic content on their services to prevent children from accessing that content, including using age-verification technology where appropriate.

    Furthermore, this Bill will ensure companies take robust action against illegal content. We have included a new list of priority offences on the face of the Bill, reflecting the most serious and prevalent illegal content and activity, against which companies must take proactive measures. These will include, amongst others, revenge pornography, fraud, the sale of illegal drugs or weapons, the promotion or facilitation of suicide, people smuggling and the illegal sex trade. The Bill will also introduce a requirement on in-scope companies to report child sexual exploitation and abuse imagery detected on their platforms to the National Crime Agency. This will ensure companies provide law enforcement with the high-quality information they need to safeguard victims and investigate offenders. The updated Bill will also tackle scam adverts, by requiring the largest platforms to put in place proportionate systems and processes to prevent fraudulent adverts from being published or hosted on their service.

    This legislation will not prevent adults from accessing or posting legal content. Rather, the major platforms will need to be clear what content is acceptable on their services and enforce their terms and conditions consistently and effectively. We have refined the approach to defining content that is harmful to adults, so that all types of harmful content that category 1 services (the largest online platforms with the widest reach, including the most popular social media platforms) are required to address will be set out in regulations subject to approval by both Houses. This will provide clarity about the harms that services must address and will reduce the risk of category 1 services taking an overly broad approach to what is considered harmful. In addition, these companies will not be able to remove controversial viewpoints arbitrarily, and users will be able to seek redress if they feel content has been removed unfairly. Both Ofcom and in-scope companies will have duties relating to freedom of expression, for which they can be held to account. Category 1 services will also have duties for democratic and journalistic content. They will need to set in their terms and conditions how they will protect this content on their platforms explicitly. This will ensure that people in the UK can express themselves freely online and participate in pluralistic and robust debate.

    The Bill provides Ofcom with robust enforcement powers to take action when platforms do not comply. Options available to Ofcom include imposing substantial fines, requiring improvements and pursuing business disruption measures (including blocking). The Bill also includes criminal offences for senior managers who fail to ensure their company co-operates with Ofcom, and gives them the information they need to regulate effectively. The Government have also announced additional information-related offences, including ensuring employees do not give false information during interviews, which will further help ensure that companies give Ofcom full and accurate information. We will bring these criminal sanctions into force as soon as possible after Royal Assent (generally two months, in line with standard practice), to further promote strong compliance.

    The threat posed by harmful and illegal content and activity is a global one and the Government remain committed to building international consensus around shared approaches to improve internet safety. Under the UK’s presidency of the G7, the world’s leading democracies committed to a set of internet safety principles. This is significant as it is the first time that an approach to internet safety has been agreed in the G7. We will continue to collaborate with our international partners to develop common approaches to this shared challenge that uphold our democratic values and promote a free, open and secure internet.

    We are grateful for the extensive engagement and scrutiny of the Bill from the Joint Committee, DCMS Select Sub-committee and the Petitions Committee, which has helped us to create a framework that delivers for users and maintains the UK’s reputation as a tech leader. The Bill is sustainable, workable, and proportionate, and will create a significant step-change in the experience people have online.

    We are also publishing the response to the report of the Joint Committee on the draft Online Safety Bill alongside publication of the Bill, and we thank the Committee once again for its work and its recommendations.