Cyber attack at Commons could leave up to 90 MPS at mercy of blackmailers
Cyber attacks on MPS and the NHS show Britain’s vulnerability – we have to stay ahead to fight back
UP TO 90 email accounts at Westminster are believed to have been compromised in an unprecedented cyber attack on parliament – with MPS criticised for allowing themselves to be targeted by using weak passwords.
The attack by hackers seeking to break into MPS’ inboxes using a “brute force” assault that lasted for more than 12 hours on Friday prompted fears that senior politicians could become the targets of blackmail. Parliamentary authorities have blamed MPS and staff using passwords that did not conform to official guidance for allowing the hackers to gain access to their accounts.
The attack prompted warnings that those responsible had acted with “malevolent intent” and that the assault had undermined the democratic process, because it left MPS unable to respond to constituents’ emails.
An investigation is under way to determine whether any data was lost in the incident. Fears were raised by cyber security specialists that “state actors” such as Russia, China or North Korea could have carried out the attack. Government sources said it was too early to draw such a conclusion.
A parliamentary spokesman set out yesterday the impact of the attack and confirmed that the House of Commons and the House of Lords would sit as normal today. He said: “Parliament’s
‘Parliament’s first priority is to ensure that the business of the Houses can continue. This has been achieved’
first priority has been to protect the parliamentary network and systems from the sustained and determined cyber attack to ensure that the business of the Houses can continue.
“This has been achieved and both Houses will meet as planned tomorrow. Investigations are ongoing, but it has become clear that significantly fewer than one per cent of the 9,000 accounts on the parliamentary network have been compromised as a result of the use of weak passwords that did not conform to guidance issued by the Parliamentary digital service.
“As they are identified, the individuals whose accounts have been compromised have been contacted and investigations to determine whether any data has been lost are under way. Parliament is now putting in place plans to resume its wider IT services.”
During the attack unknown hackers repeatedly probed “weak” passwords of politicians and aides, forcing parliamentary officials to lock MPS out of their own email accounts as they scrambled to minimise the damage from the hack. The parliamentary network is used by every MP, including the Prime Minister and her cabinet, for dealing with constituents.
Experts said any information potentially gleaned from the hack could leave politicians exposed to blackmail or even facing a heightened terror threat.
Many of the greatest developments in technology during the last century had one thing in common. From the invention of digital computing at Bletchley Park, to the creation of the internet and GPS, the driving force was government. These great innovations started as military projects, designed to meet critical security threats. They were later given to the civilian world. The most sophisticated technology was the preserve of governments and the centre of gravity for innovation was the democratic West.
This century is very different. No one looks to governments for innovation or technological leadership, outside a few niche military areas. That role has moved decisively into the tech industry and academia. At the same time momentum in the internet, which no single government can own or control, is moving east. China is the computing hardware capital of the world.
This shift in power has left governments and older industries floundering. For governments, whose first duty is to keep people safe, many of the levers necessary to do so are vested in a multinational private sector. Whether it is protection from cyber attacks or terrorism, industry is now likely to have better data and better technology for the job than nation states. The democratisation of technology, including strong encryption, has put governments in an unfamiliar position of weakness.
This has led some to rail against the tech sector, and it is true that it has taken time for the big companies to accept the responsibility that goes with great power. But there are signs that they are beginning to do so, notably in Facebook co-founder Mark Zuckerberg’s recent commitments on extremist material. The answer cannot be to wish that the internet stopped at borders; that is the approach of authoritarian regimes.
There is now the opportunity for governments to reach a sensible accommodation with the tech industry, based on democratic values and the rule of law. It is in the interests of both that the internet and the web continue to be open and to promote open societies. Innovation outside government remains the strategic advantage of our democracies in the face of an unhealthy crossover between organised cyber crime and authoritarian states – which can affect everything from the security of Parliament to the NHS.
It is also profoundly in the UK’S economic interests that it remains a place which nourishes this technology rather than begrudges it. There is much talk of the UK being a great international trading nation after Brexit. We all hope that will be true, but the high seas of the 21st century will be data, and the shipping lanes the internet. Staying ahead in technology is critical. The job of government is to clear the way for that and, as with any technological advance, to make sure that those who lose out are helped.
This matters because the next 50 years will see progress in technology even more dazzling and disruptive than the last. There will be an explosion of data, as billions of new devices start producing information on the world around us through the “internet of things”. This is about more than pointless gadgets, or fridges that reorder milk. Artificial intelligence will use this wealth of data in ways that are only being imagined; allied with equally extraordinary advances in other sciences, this has the potential to transform every aspect of life and health for all of us, including the half of the planet who have yet to gain access to the digital world. Underpinning all of this, the arrival of quantum computing will make current processing seem slow.
The UK can be at the forefront of this revolution or a bystander. For innovation to flourish this country needs many things, but above all a strong academic base, the capital investment which follows it, and a pipeline of skills, domestic and foreign, on which to build. The UK tech industry is in a strong position for a range of reasons, not least because of Margaret Thatcher’s early deregulation of the telecoms sector and the rapid expansion of higher education by successive governments.
If we are to ride the wave of the next technological revolution, we need to keep attracting research students and funding. We need borders that are open to the movement of skills and the free flow of data. There are signs that the Brexit debate is having a chilling effect. We will not attract the best talent or grow and retain our skills by projecting an image of the UK as insular, the antithesis of the qualities needed to build technology.
Robert Hannigan was Director of GCHQ 2014-2017