SpeechesTechnology

Oliver Dowden – 2024 Speech on CrowdStrike – IT Outage

The speech made by Oliver Dowden, the Conservative MP for Hertsmere, in the House of Commons on 22 July 2024.

May I begin by welcoming the hon. Lady to her role and thanking her for advance sight of the statement? In that role I know she will be supported by a dedicated team of civil servants, who represent the very best of public service. I have no doubt that they will serve her as well as they did me.

The hon. Lady will be aware of the enormous challenges facing this Government and those around the world in relation to cyber-security. As I warned when I was the responsible Minister, threats to public services and critical national infrastructure come from a range of challenges, from hostile state actors to human error and design flaws. Last week we saw those challenges vividly brought to life. Following the corrupted antivirus update by CrowdStrike on Friday, 8.5 million Microsoft devices globally were rendered unusable. That left airports disrupted, patient records temporarily lost and GPs unable to access important patient data, creating significant backlogs. That is more than an inconvenience.

I pay tribute to all those working in our public services for the efforts they undertook over the weekend to restore those services, and to the work of dedicated cyber specialists across Government, including in the National Cyber Security Centre. In government we undertook a wide range of measures to enhance the nation’s cyber-security: creating the National Cyber Security Centre, introducing secure by design, setting cyber-resilience targets, launching GovAssure and transforming the oversight of governmental cyber-security.

I note, as the hon. Lady said, that the Government intend to build on that progress by bringing forward a cyber-security and resilience Bill. Will she therefore outline the timetable for the Bill, and will the Government consider mandatory cyber-security targets for the UK public sector? Are the Government considering obligations to ensure that infrastructure is designed to be resilient against common cause problems, such as this one? What steps are being taken to enhance cyber-security in the devolved Administrations and in parts of the public sector such as the NHS, which are operationally independent?

Specifically in relation to this incident, what assessment has been made of the prevalence of CrowdStrike within critical national infrastructure? What further reassurance can the Government give in relation to the timetable for full recovery of key systems and data? In particular, can the Minister assure employees that this month’s payroll will not be adversely affected?

Britain’s cyber industry is world leading. Cyber-security now employs more than 60,000 people and brings in nearly £12 billion-worth of revenue annually. This transformation was in part due to our £5.3 billion investment, which launched the country’s first national cyber-security strategy. I therefore urge the Government—I see the Chancellor in her place—to continue such investment.

Incidents such as that of CrowdStrike should not deter us from the path of progress. We must embrace digitalisation and the huge improvements to public services that it offers. The adoption of artificial intelligence across Government is the closest thing we have to a silver bullet for public sector productivity. However, if we are to command public confidence, people must be assured that technology is safe, secure and reliable. Such incidents demonstrate how reliant the Government and public services are on large technology companies, and how much responsibility they have for the services that have become critical to people’s lives and livelihoods. That is why, in government, I called for us to work more closely with leading technology firms to address these shared challenges. The best solution is partnership. To that end, what further engagement will the Minister undertake with Microsoft, CrowdStrike and the wider sector to ensure that there is no such recurrence?

The task for us all is to build on existing progress that has transformed Britian’s cyber defences, and to enhance protections for British families, businesses and the very heart of Government. In that mission, the Government can rely on the support of the Opposition.

Ellie Reeves

I thank the shadow Minister for his contribution and his questions. In particular, I echo the thanks to all those in Departments across the civil service who were involved in dealing with the outage last Friday and in mitigating its effects. I set out in my statement that our cyber-security and resilience Bill, which was included in the King’s Speech, will strengthen our defences and ensure that more digital services are protected. That is a priority for this Government. The Bill will look at expanding the remit of regulation, putting regulators on a stronger footing and increasing reporting requirements, so that the Government can build a better picture of cyber-threats. We will consider the implications of Friday’s incident as we develop that legislation, but rest assured that we are working across Government to ensure resilience.

As the Chancellor of the Duchy of Lancaster said in his statement on the covid inquiry module 1 report, he will lead a review assessing our national resilience to the full range of risks that the UK faces, including cyber-risks.