The security minister, Ben Wallace, has rejected a call for the creation of a ministerial position dedicated to cyber security.
Yesterday (19 November), the Joint Committee on National Security Strategy described the “complex arrangements for ministerial responsibility” for the policy area as “wholly inadequate to the scale of the task facing the Government”.
In a damning report, the committee of MPs and peers called for the appointment of a Cabinet Office minister with the “exclusive task of assembling the resources and executing the measures need to defend” the UK from cyber threats.
There are currently at least six ministers with cyber security listed as part of their portfolio, split across five government departments, including the Cabinet Office, Home Office and Foreign and Commonwealth Office, as well as the departments for health and social care, and digital, culture, media and sport (DCMS).
But speaking at the New Statesman’s conference on Cyber Security in Financial Services today (20 November), Ben Wallace – who is responsible for cyber crime, and aspects of cyber security, alongside 12 other Home Office briefs – defended the current arrangement.
“As long as I’ve been an MP, there have been lobbies for a tourism minister, a sports minister, a specific cyber minister,” he said. “Cyber is everywhere so one of the challenges for government is that in every single department cyber is a factor.”
“We shouldn’t get hung up too much on an individual minister,” Wallace added. “It’s more important that we actually have the tools in the tool box to do the job and then depending on what response is required that we have the ministerial lead at the time.”
The security minister explained that the Home Office is the “clear lead on a response to a major cyber incident”. “Why is that? Because we are often the clear lead in the response to terrorism and to chemical attack, as saw in Salisbury. It’s what we do and what we know how to do.”
While the Home Office takes a lead on cyber incidents in the UK, the Foreign Office and Ministry of Defence have responsibility for the UK’s offensive cyber capabilities, DCMS is tasked with building the UK’s cyber skills and the Cabinet Office is in charge of implementing the national cyber security strategy.
Wallace talked up the UK’s cyber defences and said it had an advantage over other countries in the form of the National Cyber Security Centre, the government’s £1.9bn cyber security strategy and agencies’ ability to take responsibility for different incidents.
“In some of our closest allies the cyber response is slightly handicapped by different legal authorities that prevent different law enforcement agencies taking a single response,” he said. “We have a strategic advantage that many countries in Europe and the United States do not have and we should welcome that.”
On Monday (20 November), two men were sentenced for their involvement in the £77m cyber attack on the TalkTalk website in 2015. Wallace welcomed media coverage of the ruling, saying it was important to ensure the public realises there is a “deterrent factor that people thinking about cyber crime will get caught”.
But he later said that individuals would have to be “pretty stupid in this day and age” to be an armed robber when it is so easy to buy stolen credentials and malware on the dark web “for about £10”, adding: “That’s why we need to invest at all levels in our cyber response”.
The Cabinet Office has also issued a statement in response to the security select committee’s call for a dedicated cyber security minister. “Ministers have clear responsibilities that are rightly shared because every part of government must respond to the challenges we face,” it said.