The speech made by Jim Shannon, the DUP MP for Strangford, in Westminster Hall on 19 April 2022.
It is a pleasure to speak in this debate, Sir Mark. I commend the hon. Member for Bridgend (Dr Wallis) for setting the scene so well. I look forward to contributions from others, especially the Minister. From previous experience of dealing with the Minister, and of partnership and co-operation with him, I believe that his answers will be helpful to us. Whether we are technically-minded or otherwise, we all recognise the key issues to which the hon. Member for Bridgend has referred. Why is this issue so important? It is because, as the hon. Gentleman has said, stakeholders have expressed deep and real concerns about the poor security of many devices. I will speak first about individuals and companies, and then probably take my arguments a wee bit beyond that.
Insecure devices can compromise privacy or be hijacked and used to disrupt other uses of the internet. That happens every day in my constituency and across the whole United Kingdom of Great Britain and Northern Ireland. The Government set in motion a strategy, which was first mooted in 2016, that set a date of 2021 for most online products and services to be cyber-secure by default. Will the Minister in his response tell us whether those targets have been met, and if they have not, when will that happen? DCMS has proposed a voluntary code of practice. I certainly would have liked to have had something mandatory in the system. Perhaps the Minister will indicate whether that is his and the Government’s intention.
I cannot profess to be technically-minded, but my staff are. They tell me that it is possible to access personal and confidential data, including on bank accounts, through our phones. That is why the debate is vital and why we need to seek from the Minister the reassurance that the protections that people need and want are in place. There is not a week in my constituency when people do not come to me about such issues. If someone phones an individual and talks about that individual’s bank account, it is not their bank. If someone phones and asks personal questions about confidential data, they are not legitimate.
In the recess, I watched a consumer programme which highlighted a scam that looked so convincing—what was happening looked absolutely correct to the untrained eye—but the experts looked into the issue and were able to help the person who was being scammed to thwart the scammer. As I have said, there is not a week when I do not hear about a scam. Usually, they are against elderly people, but also against others those who inadvertently give out details and lose their savings. Just a few months ago, a gentleman in my constituency was scammed. The appearance of legitimacy and truthfulness meant that he did not fear that it was a scam, but he lost £20,000, which has never been retrieved.
Cyber-attacks are one of the most common types of crime experienced by individuals in the UK. According to national crime statistics, some 2.4% of adults in 2017 and a higher percentage today will have experienced cyber-attacks, including on their personal computers, which is what this debate is about; I thank the hon. Member for Bridgend for setting the scene.
User behaviour is a factor in the poor cyber-security of consumer devices, whether by the individual or the system that they use. The 1990 Act needs to be reviewed to provide greater protection. Some user behaviours include using default, weak or reused passwords. What can we do? We need to establish good practice in the industry, improve the cyber-security of consumer products, adopt a vulnerability disclosure policy, make software updates available for stated lengths of time, and inform consumers on setting up, managing and improving the security of household connected devices, as in the DCMS’s own code of practice, which was published some time ago.
UK infrastructure must be protected. The Government have identified cyber as one of the top six tier 1 threats. Cyber-crime costs the UK some £1.27 billion per year, with about 60 high-level cyber-attacks a month, which indicates the magnitude of the problem. Many of the 60 high-level cyber-attacks a month threaten national security, which is also why this debate is important.
The hon. Member for Bridgend referred to Ukraine. Russia launched a cyber-attack on Ukraine’s electricity network back in 2015. Some quarter of a million people were impacted by that attack, which I think he also referred to. That example shows that even six or seven years ago, before the war, cyber was being used as an instrument of war by Russia, and indicates how much cyber-attacks can disrupt and compromise. Cyber-attacks are a method of warfare, which is why I support the hon. Gentleman’s call for legislative change.
I will make a plug, as I always try to do in these Westminster Hall debates. The Minister will be well aware that Belfast is a cyber-security stronghold and is very much at the forefront of cyber-security development. Belfast has become a capital of security. Any new cyber legislation must not prevent cyber-security experts from doing what they do best, which is finding the loopholes in programs.
Much consultation must take place to ensure that the Government do not tie the experts’ hands or throw the baby out with the bathwater. After all, the experts are combating criminal activity, and abuse and aggression from foreign powers such as Russia and China. Will the Minister confirm that any legislation that is proposed will entail working with companies—for example, cyber-security companies in Belfast and Northern Ireland—to enable their excellent progress to continue?
I fully support the motion tabled by the hon. Member for Bridgend. I look forward to hearing the contributions from the two Opposition spokespersons, and particularly to the Minister’s response. I hope that he can give us the reassurances we seek, so that we can continue to be at the forefront of cyber-security in Belfast, as we are throughout the whole of the United Kingdom.