The Parliamentary Under-Secretary of State for Foreign,
Commonwealth and Development Affairs (Leo Docherty) With
permission, I will make a statement about attempted cyber
interference in British democracy. I know hon. and right hon.
Members across this House will recognise the seriousness of this
issue. The Government have long highlighted the threat to the UK
and our allies from malicious cyber activity conducted by the
Russian intelligence services. I can confirm today...Request free trial
The Parliamentary Under-Secretary of State for Foreign,
Commonwealth and Development Affairs ()
With permission, I will make a statement about attempted cyber
interference in British democracy. I know hon. and right hon.
Members across this House will recognise the seriousness of this
issue.
The Government have long highlighted the threat to the UK and our
allies from malicious cyber activity conducted by the Russian
intelligence services. I can confirm today that the Russian
Federal Security Service, the FSB, is behind a sustained effort
to interfere in our democratic processes. It has targeted Members
of this House and the other place. It has been targeting civil
servants, journalists and non-government organisations. It has
been targeting high-profile individuals and entities with a clear
intent, using information it obtains to meddle in British
politics.
Madam Deputy Speaker, you and parliamentary security have been
briefed on the details of that activity. We want to be as open as
we can with the House and the British public. Our commitment to
transparency stands in sharp contrast to the efforts of the KGB’s
successors to exert influence from the shadows. What can we
confirm today? I want to stress five particular points of our
assessments.
First, Centre 18, a unit within Russia’s FSB, has been involved
in a range of cyber-espionage operations targeting the UK.
Secondly, Star Blizzard, a cyber group that the National Cyber
Security Centre assesses is almost certainly subordinate to
Centre 18, is responsible for a range of malign activities
targeting British parliamentarians from multiple parties.
Thirdly, using those means, the group has selectively leaked and
amplified the release of sensitive information in service of
Russia’s goals of confrontation. In 2020, when he was Foreign
Secretary, my right hon. Friend the Member for Esher and Walton
() confirmed to the House that
Russia had done that before the 2019 elections with documents
related to UK-US trade. I can now confirm that we know Star
Blizzard was involved in this operation.
Fourthly, these cyber actors use a combination of targeting,
tailoring their operations in a far more sophisticated way than
is usually the case with, for instance, commonplace cyber
criminals. They typically engage in thorough research and
preparation, including via social media and networking platforms.
Having thus identified ways to engage a target, they create false
accounts, impersonating contacts to appear legitimate, and create
a believable approach, seeking to build a rapport before
delivering a malicious link to either a document or website of
interest. While they have targeted business and corporate emails,
the group predominantly targets personal email addresses.
Finally, the targeting of this group is not limited to
politicians, but includes public-facing figures and institutions
of all types. We have seen impersonation and attempts to
compromise email accounts across the public sector, universities,
media, non-governmental organisations and wider civil society.
Many of those individuals and organisations play a vital role in
our democracy. As an example, the group was responsible for the
2018 hack of the Institute for Statecraft, a UK think-tank whose
work included initiatives to defend democracy against
disinformation, and the more recent hack of its founder, whose
account was compromised from 2021. In both cases, documents were
subsequently leaked.
The Government’s assessment is based on extensive analysis from
the UK intelligence community and supported by a range of close
international partners. Today, allies from the Five Eyes and the
Euro-Atlantic region are joining us in illuminating the pervasive
nature of this threat to our shared democratic values. I pay
tribute to the dedicated public servants, in our own agencies and
those of our partners, whose painstaking work has allowed us to
expose the reality of the threat we face.
Taken together, the UK Government judge that these actions
demonstrate a clear and persistent pattern of behaviour. Russia’s
attempted interference in political and democratic processes,
through cyber or any other means, is unacceptable. I reassure the
House that we have identified targeting of parliamentary
colleagues and engaged with victims through both the National
Cyber Security Centre and the parliamentary authorities.
The Government will continue to expose and respond to malign
cyber activity, holding Russia accountable for its actions. To
that end, the UK has designated two individuals under the UK’s
cyber sanctions regime, following a thorough investigation by the
National Crime Agency into the hack of the Institute for
Statecraft. In doing so we send a clear message that these
actions have consequences. This morning, the Foreign,
Commonwealth and Development Office has summoned the Russian
ambassador to the Foreign Office to convey that message.
We have robust systems in place to protect against the threat
from foreign malign influence. The Minister for Security, my
right hon. Friend the Member for Tonbridge and Malling (), leads the defending democracy taskforce, which
drives work to improve our resilience against these threats. Our
National Cyber Security Centre, alongside Five Eyes partners,
today published a technical advisory to provide guidance to
organisations and individuals at risk of being targeted to help
defend against such attacks. We will continue to defend ourselves
from adversaries who seek to threaten the freedoms that underpin
our democracy. It is and always will be an absolute priority to
protect our democracy and elections.
A key component of increasing our resilience is supporting the
National Cyber Security Centre and parliamentary authorities to
deliver an enhanced cyber-security offer to right hon. and hon.
Members, and to Members of the other place, that aims to better
protect them against this insidious threat and support the
resilience of our lively democratic society. We hope that this
statement helps to raise awareness of the threat and allows those
in public life, in this House and beyond, to recognise how they
may be targeted by such operations.
Russia has a long-established track record of reckless,
indiscriminate and destabilising malicious cyber-activity, with
impacts felt all over the world. In recent years, the Government
have, alongside allies, uncovered numerous instances of Russian
intelligence targeting of critical national infrastructure, for
example. We have worked in close co-ordination with our
intelligence partners to expose sophisticated cyber-espionage
tools aimed at sensitive targets. The irony of Russia’s abusing
the freedoms that it denies its own people to interfere in our
politics will not be lost on anyone.
Of course, our political processes and institutions have endured
in spite of those attacks, but the cyber threat posed by the
Russian intelligence services is real and serious. All right hon.
and hon. Members should pay careful attention to it in the course
of their work and their daily lives. Many in this House may not
consider themselves a potential victim. I want to underline to
the whole House that the targeting can be extremely convincing.
We must all play our part in exercising good cyber practices,
using appropriate caution and following the good guidance of the
National Cyber Security Centre and others to mitigate the threat.
That is how we defend ourselves and our precious democracy. I
commend this statement to the House.
Madam Deputy Speaker ( )
I call the shadow Foreign Secretary.
11.01am
(Tottenham) (Lab)
I am grateful to the Minister for advance sight of his
statement.
The news that the Russian intelligence service is behind an
effort to target Members of this House and the other place, civil
servants, journalists and NGOs is not just concerning; it is an
attack—not only on individuals, but on British democracy, on both
sides of this House, and on the public we represent. Labour,
along with the whole House, condemns it in the strongest
terms.
The news comes as we approach 2024, the year of elections not
only in Britain, but in the United States, India and the EU, with
more than 70 elections scheduled in 40 countries across the
world. Democracy is built on trust, and trust must be built on
the confidence that politicians on all sides are able to conduct
the business of democracy free from interference.
Let me ask the Minister some specific questions about these
revelations. First, is he confident that the Government have
uncovered the full extent of the cyber-attack and every person
who was affected?
Secondly, on the response, I welcome the announcement of the
designation of two individuals following the hack of the
Institute for Statecraft, but has any specific action been taken
to respond to the cyber-attack on parliamentarians that the
Minister has revealed today? If not, why not?
Thirdly, as we approach the general election, what additional
steps are the Government taking to ensure the integrity of the
democratic process? Will they make their officials available to
ensure that Members on both sides of this House are free from
interference; to train, equip and support Members and all staff
to better identify and respond to the challenge; and to ensure
not just that their digital communications are protected, but
that their offices, staff and families are, too?
This revelation is shocking but not unexpected. It is the latest
episode in a long pattern of hostile activities by Russia and
other hostile states, including Iran and the Democratic People’s
Republic of Korea, against Britain and our allies. There is more
that we can do. Labour has committed to the establishment of a
democratic resilience centre in Government to work with our
allies to protect our democratic values, political institutions,
elections and open societies. Will the Government commit to
creating one? As the shadow Home Secretary, my right hon. Friend
the Member for Normanton, Pontefract and Castleford (), has outlined, we do not yet
have a robust and long-lasting equivalent of the cross-Government
counter-terrorism strategy—CONTEST —for dealing with hostile
states. Will the Government commit to creating one?
Labour has proposed a joint cell between the Home Office and the
Foreign Office to speed up decision making, share intelligence
and expertise, and remove traditional barriers between
Departments. Will the Government commit to creating one? They
still have not amended terror legislation to allow the Government
to ban hostile state-sponsored organisations that are undermining
our national security. Will they commit to doing so? The Russia
report has still not been fully implemented. Will the Government
urgently update the House on when that will be completed?
This is not just about cyber-attacks and direct digital
interference; it is about wider malign activity, including the
use of artificial intelligence and deepfakes to seed false
narratives, spread lies and foment divisions. That includes the
widespread use of disinformation, misinformation and
malinformation to undermine our democracy, through mainstream and
social media, and other means. Labour has committed to urgently
introducing binding regulation of companies developing the most
powerful frontier AI, which could be used to disrupt elections.
Will the Government commit to doing so too? Will they also commit
to ensuring adequate resourcing for the National Cyber Security
Centre, the intelligence agencies and the defending democracy
taskforce?
I give the Minister every assurance that the Labour party will
work in partnership and full co-operation with the Government and
all relevant authorities to take every necessary step to address
this threat and protect the integrity of our political process
from hostile interference. As politicians from different parties,
we have all stood united across the House against Putin’s
imperial aggression in Ukraine. That unity is a source of
strength and pride. In the face of these threats, this House must
remain united, Britain must remain united and democracies must
remain united in defence of our institutions and against those
who seek to undermine the great values that our society is
founded upon.
I am grateful for the tone and constructive content of the right
hon. Gentleman’s response. He is right to say that 2024 is a
bumper year of elections, involving some 70 elections and
billions of people across 40 countries. This is a matter of trust
and confidence, which is why we have made this statement now, to
ensure that its full deterrent effect is properly timed.
The right hon. Gentleman asked whether we are confident that we
have uncovered the full extent of the activity. We have a high
degree of confidence with regard to this specific incident, but
of course it is a question and our duty is to remain ever
vigilant. The lesson of this sort of activity is that a higher
degree of vigilance is necessary, and that is the posture that we
now maintain in terms of any future activity.
I am grateful that the right hon. Gentleman welcomed the
designation. Specific action has been taken by the NCSC, in
accordance and together with House authorities, to ensure that
all of the individuals affected have a higher degree of
preventive measures in place. The posture of the House
authorities, and the security offer available, have been
enhanced. However, as I have said, it is a matter of improved
vigilance on all sides. As for additional steps we might take,
there is the collective deterrent impact of our naming and
shaming these individuals and designating them in our sanctions,
as well as the diplomatic effort to call Russia out, combined
with personal cyber-security measures on behalf of
individuals—those important steps that all colleagues need to
take.
The right hon. Gentleman asked about the Whitehall structure in
this area and pointed to his own policy of calling for a joint
cell. We are confident that the defending democracy taskforce,
led by the Security Minister, represents a robust and
cross-departmental response. On the wider picture of
disinformation, the right hon. Gentleman is right to say that we
need to up our game to counter disinformation, call Russia out
and better resource and energise our own security posture in the
cyber domain. That has been done; there is an enhanced degree of
resource, organisation and political will. This public statement
today is part of the hugely important deterrent effect.
(Chipping Barnet)
(Con)
The Intelligence and Security Committee was one of the first to
sound the alarm on this issue in its Russia report. More
recently, we have highlighted the risk that China poses through
interference in democratic discourse, for example, in think-tanks
and universities. Will the Minister update the House on what
action the Government are taking in response to the
recommendations made in those two substantial reports?
My right hon. Friend makes a very good point. Clearly, this
statement is about Russia, but she draws a comparison with the
activity of China. That is an appropriate reference and I am
pleased that in our domestic legislation we have the ability to
ensure that countries with malign intent do not use think-tanks
or other fronts to influence domestic political discourse in a
way that is contrary to the health of our democracy.
Madam Deputy Speaker ( )
I call the Scottish National party spokesperson.
Brendan O’Hara (Argyll and Bute) (SNP)
I thank the Minister for prior sight of his statement. It makes
for disturbing reading and I absolutely agree that Russia’s
actions are completely unacceptable. That Members of this House
and others have had their email accounts hacked is deeply
concerning, but we know that this has happened before—indeed, it
is probably happening right now—and we must accept that it will
almost certainly happen again.
As the Minister said, Russia’s actions demonstrate a clear and
persistent pattern of behaviour. Given that, have the Government
considered making cyber-security training mandatory for all MPs
and their staff? He will be aware of the belief that one of our
weakest links in our cyber defences is our staff, who are
constantly targeted by unscrupulous external actors. Although
they are not House employees, it would be a reasonable precaution
for MPs’ staff to receive in-house training on exactly what to
look out for, how to avoid getting sucked into a trap and what
they should do if they have even the slightest suspicion that
they are being targeted.
Democracy is under attack. Just last week, the Canadian
Government’s Communications Security Establishment released a new
report on cyber threats to elections saying that at least a
quarter of national elections around the world were targeted by
some manner of threat, and that China and Russia were the most
active countries and were launching increasingly sophisticated
influence operations by spreading disinformation and seeking to
push elections in a specific direction. Perhaps most worryingly,
the Canadian report states in relation to AI undermining
elections:
“We assess it very likely that the capacity to generate deepfakes
exceeds our ability to detect them.”
With MPs facing having their emails hacked, the democratic
process being undermined and the UK general election just around
the corner, what are the Government doing to proactively defend
the integrity of those elections, and when can the House expect
to hear about it?
I am grateful for the hon. Gentleman’s comments and questions. He
is absolutely right about the scale of the threat. Alongside our
calling Russia out and describing the nature of the threat, it is
important that we point out that Russia has failed in its intent
to undermine our domestic politics. It was a genuine attempt that
failed, and we are now more aware and resilient. That is why we
are calling Russia out, but we should also be proud that the
institutions of our democracy remain resilient. Russia has failed
in its efforts and it will continue to fail because we will
continue to call it out.
The hon. Gentleman made a very good point about staff training. I
do not think we should mandate that, but we have worked on a
much-enhanced offer to ensure that cyber-security is, root and
branch, part of the normal working practice of MPs and staff.
That offer has radically improved. The House authorities will
continue to keep colleagues up to date. A higher degree of
awareness in our working practice is very important and that is
part of the rationale behind today’s statement.
(Harrow East) (Con)
I welcome my hon. Friend’s update. I am sure that I am not alone
in having received a large number of template emails on
particular subjects. When I have diligently written back to those
individuals, they have said that they did not send the emails. It
is quite clear that hostile actors are collecting our
constituents’ email addresses and using them to subvert the
democratic process. Will my hon. Friend take the message not only
back to the Foreign Office, but across the House, that this needs
to be investigated and stopped?
My hon. Friend makes a very good point. This practice, using
emails to insert malware or to entice users to click on a
malicious link, is sometimes extremely convincing. Staff have to
deal with a great volume of such emails, which is why we are
pleased that the House authorities have greater awareness. Staff
should seek guidance from the House authorities on taking a more
secure approach.
Dame (Wallasey) (Lab)
The Minister contributed to a very good debate in the UK-EU
Parliamentary Partnership Assembly, which met in Westminster
earlier this week, and touched on some of these issues. We are
clearly dealing with hybrid warfare—there is no other phrase for
it.
Although I commend the Minister for coming to the House to give
us this information, the response of sanctioning two people seems
rather mild. Will he say more about that? Will he also say
something about the co-ordination across western democracies and
allies on next year’s year of elections? We must all co-ordinate
so that we can spot patterns in order to deal with this
threat.
The hon. Lady should be reassured that, although today’s
announcement pertains to two individuals, it is indicative of a
huge and sustained institutional effort to tackle this threat by
way of a vastly improved defensive cyber-capability right across
our nation. Our global response is working hand in glove with
Five Eyes partners, and there is a huge diplomatic and security
effort to make sure this activity is called out and pursued. That
is not just deterrence; it is also enhanced resilience. Although
the number of individuals is small, the hon. Lady should be
reassured that the institutional work is tremendously well
resourced and entirely determined.
(Barrow and Furness) (Con)
I thank the Minister for his statement. I am incredibly grateful
to the Speaker’s Office, the Security Minister and the House
authorities for their work to increase our awareness and to
improve our protection within Parliament, but we are in a very
privileged position. Frankly, the fabric of our society that is
most at risk are those parts that do not have access to such
information, whether they are small and medium-sized enterprises
that supply critical national infrastructure, whether they are
the parts of the economy that keep us going or, indeed, whether
they are those who protect our elections. Will the Minister speak
a little about what protections and information will be offered
to them so that they can support us?
My hon. Friend makes a very good point. This affects us all. It
not only affects parliamentarians or those in public life; it
affects those in commerce. The National Cyber Security Centre has
published guidance and is available to provide guidance to those
businesses that need to ensure they have a higher degree of
cyber- security and resilience, particularly those involved in,
for example, critical national infrastructure.
(Huddersfield)
(Lab/Co-op)
This is a refreshing statement, but what action will be taken?
This is a very serious challenge to our democracy. Indeed, it is
not only a serious challenge to Members of Parliament. I know of
a major takeover of a British company by a Chinese entity. The
senior executives said that, when they attended meetings, the
Chinese knew information about the company, its secrets and its
background that they could have known only by illegal means. It
is everywhere, and it is particularly coming from Russia, China
and perhaps Iran and North Korea. Can we have action? Yes, we
need to train our staff and Members of Parliament, but I was
brainwashed as a child by the James Bond novels—maybe you were
too, Madam Deputy Speaker. We have a wonderful intelligence
system, but are our intelligence services up to the job? Do they
need more resources?
The hon. Gentleman asks about action. It is a good question, and
I can give a good answer: in terms of our domestic legislation,
we are now thankfully in a position to ensure that foreign
countries with malign intent cannot freely invest in critical
national infrastructure without the permission and outside the
purview of Ministers. Ministers have taken specific action to
ensure that divestment has taken place in certain commercial
entities where a national interest is at stake, and that will
continue to be the case. The Government posture has altered
radically in recent years, and we should all be encouraged by
that.
The hon. Gentleman made a welcome reference to James Bond. Of
course, it is the Government’s policy never to comment on the
security services, but I can ensure the hon. Gentleman that they
are up to speed and very well resourced.
(Oxford West and Abingdon)
(LD)
This is shocking, but not at all surprising. We have heard before
about possible interference in the Brexit referendum, and then we
had the Russia report, which was not implemented. We are on the
cusp of a general election—which may come sooner rather than
later—so my question to the Minister is, what conversations are
being had with the Electoral Commission and the political
parties, because it is not just MPs we need to think about, but
candidates? Also, what plans does he have to take a
whole-of-society approach so that voters can build resilience,
and our democratic process and the ballot are completely
secure?
The hon. Lady makes a good point and asks a good question. The
threat is significant, but I should reiterate that it has failed,
which I think points to the resilience of our democratic
institutions. That does not mean that we should not be eternally
vigilant—we will be. That work involves all parties across the
House and candidates. A lot of the preventive work is being
carried out by the Defending Democracy Taskforce, which is
specifically looking at this issue under the Security Minister.
The hon. Lady should be reassured that they have the bit between
their teeth.
(Blaenau Gwent) (Lab)
I thank the Minister for his statement. What we have seen is
malevolent behaviour, and I am glad to hear some of the
Government’s plans. However, Labour is committed to establishing
a democratic resilience centre, so can I press the Minister to
ensure that the Government consider following our lead?
That work is already in place under the Defending Democracy
Taskforce and the wholly re-energised and newly founded National
Cyber Security Centre, established under this Government with
tremendous resource and energy. Whatever we call it, there is now
a significant effort to ensure that we deter these things and
that MPs and everyone across the political spectrum are in a much
more secure position.
(Tamworth) (Lab)
As a new Member of this House, I obviously find this statement
concerning. Will the Minister therefore outline some of the
additional support that can be offered to new Members and their
staff, particularly because there is a lot to navigate? There is
an induction process, which I welcome because it has helped very
much, but there was about 10 minutes on cyber-security, so it
definitely could do with being updated.
The hon. Lady makes a good point, and she is absolutely right. An
improved and enhanced offer is being worked up together with the
House authorities. Cyber-security and cyber-hygiene should be a
default daily practice. All colleagues should be aware of the
offer, and it should be made available to all colleagues and
staff.
(Strangford) (DUP)
I thank the Minister very much for his statement. Our Government
have been prepping for cyber-warfare for some time. Indeed, the
rationale behind lessening investment in recruitment into the
armed forces has been that cyber-warfare is a bigger threat. That
being the case, will the Minister confirm that the Government are
prepared to act, should these newspaper claims have even a
slither of truth? How can we send the message today that the UK
is prepared to face the cyber-threat as readily as any other
threat?
We are well placed. The threat is significant, and the risk to
national resilience is significant in the cyber-age. The Deputy
Prime Minister has led a huge amount of work on national
resilience. Defensive cyber is an important part of that, and the
National Cyber Security Centre has an important role to play. The
challenge is huge, but the Government have covered a huge amount
of ground. However, there is more work to do.
Madam Deputy Speaker ( )
I thank the Minister for his statement.
|
