PARLIAMENTARY DEBATE
Cyber-security and UK Democracy - 25 March 2024 (Commons/Commons Chamber)

With permission, I will make a statement about malicious cyber-activity targeting the United Kingdom by actors that we assess are affiliated to the Chinese state. I want to update the House on our assessment of this activity and to reassure it on the steps that the Government have taken to shore up our resilience and hold those actors to account.

I know that right hon. and hon. Members on both sides of the Chamber will recognise the seriousness of this issue, particularly in a year when so many democratic elections will be taking place around the world. Members will want to be reassured that the Government are taking steps to address the associated threat.

I can confirm today that Chinese state-affiliated actors were responsible for two malicious cyber-campaigns targeting both our democratic institutions and parliamentarians by, first, compromising the United Kingdom’s Electoral Commission between 2021 and 2022, as was announced last summer, and secondly, by attempting reconnaissance activity against UK parliamentary accounts in a separate campaign in 2021.

Later today, a number of our international partners, including the United States, will issue similar statements to expose this activity and to hold China to account for the ongoing patterns of hostile activity targeting our collective democracies. Mr Speaker, you and parliamentary security have already been briefed on this activity. We want now to be as open as possible with the House and with the British public, because part of our defence is in calling out this behaviour.

This is the latest in a clear pattern of hostile activity originating in China, including the targeting of democratic institutions and parliamentarians in the United Kingdom and beyond. We have seen this in China’s continued disregard for universal human rights and international commitments in Xinjiang, in China’s erasure of dissenting voices and stifling of the opposition under the new national security law in Hong Kong, and in the disturbing reports of Chinese intimidation and aggressive behaviour in the South China sea. That is why this Government have investigated and called out so-called Chinese overseas police service stations and instructed the Chinese embassy to close them.

However, China’s cumulative attempts to interfere with the UK’s democracy have not succeeded. Last summer, the Electoral Commission stated that it had been a victim of a complex cyber-attack between 2021 and 2022. That was the work of Chinese state-affiliated actors who gained access to the Electoral Commission’s email and file-sharing systems, which contain copies of the electoral register. As the Electoral Commission stated in 2023, when that attack was first made public, the compromise has “not affected” the security of elections. It will not impact how people register, vote or otherwise participate in democratic processes. I want to reassure people that the compromise of that information, although obviously concerning, typically does not create a risk to those affected. I want to further reassure the House that the commission has worked with security specialists to investigate the incident and remove the threat from its systems, and has since taken further steps to increase the resilience of its systems.

In addition, the National Cyber Security Centre assesses that it is almost certain that the Chinese state-affiliated cyber-actor known as APT31 attempted to conduct reconnaissance activity against UK parliamentary accounts during a separate campaign in 2021. Hon. Members may recall that APT31 was one of several cyber-actors attributed to the Chinese Ministry of State Security by the UK and its allies in July 2021. That email campaign by APT31 was blocked by Parliament’s cyber-security measures; in this case, it was entirely unsuccessful. However, any targeting of Members of this House by foreign state actors is completely unacceptable.

Taken together, the UK judges that those actions demonstrate a clear and persistent pattern of behaviour that signals hostile intent from China. That is why the UK has today sanctioned two individuals and one entity associated with the Chinese state-affiliated APT31 group for involvement in malicious cyber-activity targeting officials, Government entities and parliamentarians around the world. We are today acting to warn of the breadth of targeting emanating from Chinese state-affiliated actors such as APT31, to sanction those actors who attempt to threaten our democratic institutions, and to deter both China and all those who seek to do the same.

Last week, at the summit for democracy in Seoul, I said that we would call out malicious attempts to undermine our democracy wherever we find them. This is an important tool in our armoury and today we are doing just that. The UK does not accept that China’s relationship with the UK is set on a predetermined course, but that depends on the choices China makes. That is why the Foreign Office will be summoning the Chinese ambassador to account for China’s conduct in these incidents. The UK’s policy towards China is anchored in our core national interests. We will engage with the Chinese Government where it is consistent with those interests, but we will not hesitate to take swift and robust actions wherever the Chinese Government threaten the UK’s interests—we have done so today and previously. This Government will continue to hold China and other state actors accountable for their actions.

We will also take serious action to prevent this behaviour from affecting our security. The steps we have taken in recent years have made the UK a harder operating environment for foreign state actors seeking to target our values and our institutions. Through the National Security Act 2023, we now have, for the first time, a specific offence of foreign interference. That new offence will allow law enforcement to disrupt state-linked efforts to undermine our institutions, rights or political system.

Our National Security and Investment Act 2021 has overhauled our scrutiny of investment into the United Kingdom by giving the Government powers to block, unwind or put conditions on investments that could create national security risks. We have significantly reduced China’s involvement in the UK’s civil nuclear sector, taking ownership of the CGN stake in the Sizewell C nuclear power project and ensuring Chinese state-owned nuclear energy corporations will have no further role in the project.

We have put in place measures to prevent hostile infiltration of our universities, including protecting campuses from interference through the Higher Education (Freedom of Speech) Act 2023. The Procurement Act 2023 includes national security devolvement provisions that allow us to act where we see malicious influence in our public procurement. I have taken steps to reduce the Government’s exposure to Chinese operators, banning Hikvision and TikTok from Government buildings and devices. Through the national cyber-security strategy, we are investing £2.6 billion to increase the cyber-resilience of our critical national infrastructure by 2025, making the most important parts of our digital environment a harder target for state and non-state actors.

The Government are continuing to build the tools, expertise and knowledge to respond to the systemic challenge that China poses to the United Kingdom’s security and its values. The integrated review refresh in 2023 took steps toward this, doubling funding for a Government-wide programme, including investment in Mandarin language training and deepening diplomatic expertise.

We must be clear that this is not a problem for the Government to solve alone. That is why we created the National Protective Security Authority within MI5 to help businesses and institutions play their part in protecting our security and prosperity. The NPSA will help organisations in the UK’s most sensitive fields, including critical national infrastructure operators and world-leading science and tech sectors, to protect themselves against state threats. I set up the economic security public-private forum to ensure businesses and business leaders in crucial sectors understand the threat to the UK and what they can do to defeat it.

In Parliament, the National Cyber Security Centre has launched an opt-in service for Members of both Houses. This allows the NCSC to alert high-risk individuals if they identify evidence of malicious activity on their personal devices or account, and swiftly advise them on steps to take to protect their information. Today, the NCSC has published new guidance for political organisations, including political parties and think-tanks, which will help these organisations take effective action to protect their systems and their data. The NCSC is also working with all political parties to increase the uptake of their active cyber-defence services in the lead up to a general election. A key component of increasing our resilience is supporting the NCSC and parliamentary authorities by taking up that cyber-security offer. I urge all Members of this House to do so. I will be writing to colleagues later today, setting out again the steps that they can take.

At the summit for democracy, I was struck by the powerful strength of our collective voices when we work together to defend our democratic freedoms. The summit provided the United Kingdom Government with a platform to build international agreements on a new global Government compact on countering deceptive use of AI by foreign states in elections. It is important and welcome that our partners across the Five Eyes, as well as those in Europe and the Indo-Pacific, are standing in solidarity with our efforts to call out malicious cyber-activity. I pay tribute to the dedicated public servants, whose painstaking work has continued to expose the reality of the threat we face.

Our political processes and institutions have not been harmed by these attacks. The Government will continue to call out and condemn this kind of activity in the strongest terms. We will continue to work with our allies to ensure that Chinese state-affiliated actors suffer the consequences of their behaviour. We will take preventive action to ensure these attempts do not succeed. The cyber-threat posed by China-affiliated actors is real and serious, but it is more than equalled by our determination and resolve to resist it. That is how we defend ourselves and our precious democracy, and I commend this statement to the House.

Order. This was an important statement, which is why it has run on quite a lot longer than the normal 10 minutes. I am sure everybody will agree that if the two Front-Bench speakers need a little extra time, we will be flexible in exactly the same way. I call the shadow Secretary of State, Pat McFadden.

I thank the right hon. Gentleman for his questions. I shall seek to address as many of them as I can.

When it comes to Chinese motivations, ultimately, it is a matter for the Chinese to be able justify their motivations, but the points that the right hon. Gentleman made were apposite. First, the Chinese look at successful democratic countries, such as the United Kingdom, Japan or the Republic of Korea where I was last week, and they want to seek to undermine them. It is no surprise therefore that they should seek to interfere in electoral processes, in the way that we have seen conduct from Russia that aligns with that. Indeed, the successful democratic elections around the world right now stand in contrast to the sham elections that we saw in Russia last weekend.

On the right hon. Gentleman’s point about the public record of the Electoral Commission, I think that that is the essence of what has happened here. These attacks and these attempts were ultimately pretty unsuccessful. I reassure the right hon. Gentleman and Members of this House that there was no infiltration of the closed register of the Electoral Commission, so the concerns that he raised have not arisen. On the further strengthening of the electoral register, that is precisely the work that the National Cyber Security Centre does in co-ordination with GCHQ, working with Government agencies, including the Electoral Commission.

The right hon. Gentleman was right to raise the risk of hack and leak. It is certainly something that we saw in previous elections, and I remain concerned. I also remain very concerned about artificial intelligence, deep fakes in particular, being used to disrupt elections, hence the work that I undertook at the conference last week and the progress that we are making with the accord on artificial intelligence use by malign states.

In relation to targeted sanctions, it is not the case that the Foreign, Commonwealth and Development Office paused targeted sanctions. On the conduct of the former Foreign Secretary—[Interruption.] I am not sacking the Foreign Secretary from the Dispatch Box. On the conduct of the current Foreign Secretary, who sits in the other place, all appointments to Government are subject to the usual propriety and ethic processes. Lord Cameron is addressing the 1922 Committee in his capacity as Foreign Secretary in the usual way, addressing a wide range of issues. It is not a specific briefing on this issue, but if leaders of the principal Opposition parties wish to have a further briefing on this issue I am of course very happy to facilitate that, in the way that they know I have done in relation to other national security issues.

We are highly alert to the risks of hostile states hoovering up currently quantum-encrypted information that could subsequently be decoded with advances in quantum computing. We do extensive work with the National Cyber Security Centre and the Ministerial Cyber Board on critical national infrastructure to ensure that we guard ourselves against exactly that risk. On our relationship with China more broadly, Members of this House should take this moment very seriously. It is a grave moment, against a backdrop of an escalating threat from China, and we will take proportionate action in response to that escalating threat.

Tomorrow, it will be three years since parliamentarians here were sanctioned; your defence of us, Mr Speaker, has been remarkable. Although I welcome the two sanctions from the Government, it is a little bit like an elephant giving birth to a mouse. The reality is that in those three years the Chinese have trashed the Sino-British agreement and been committing murder, slave labour and genocide in Xinjiang. We have had broken churches, and, in Hong Kong, false court cases against Jimmy Lai. My question is: why two? America has sanctioned more than 40 people in Hong Kong; we have sanctioned none, and only three lowly officials in Xinjiang. Surely the integrated review should be changed. China is not an epoch-defining challenge, strange as that may be, but it is surely a threat. Can the Government now correct that, so that we all know where we are with China?

My right hon. Friend’s views are well known to me, I genuinely welcome the constructive, at most times, debate that I have with him, but nobody should be in any doubt about the gravity of this matter. These are not the actions of a friendly state, and they require our serious attention. As he has described, this is an escalating situation. The measures that we have announced today are the first step, but the Government will respond proportionately at all times to the facts in front of us. No one should be in any doubt about the Government’s determination to face down and deal with threats to our national security, from wherever they come.

I call the SNP spokesperson.

I thank the Deputy Prime Minister for his statement, and for advanced sight of it. In the statement, he said:

“I have taken steps to reduce the Government’s exposure to Chinese operators, banning Hikvision and TikTok from Government buildings and devices”,

but the reality is that the Hikvision ban extends only to sensitive sites, despite the fact that we have pushed him to ensure that it extends to all public buildings. Surely the majority of things that happen in government involve some sort of confidential information. Will he confirm whether he is extending the ban beyond sensitive sites to all Government sites, as we have been calling for for a number of years? The attacks on the Electoral Commission and parliamentarian accounts happened nearly three years ago. Will we be sitting here in 2027 hearing about an attack that is happening right now? The EU is currently delivering €240 million for cyber-security to improve its collective resilience. Will the Government deliver an equivalent fund for these islands? Finally, without more action, can he give us real assurances that this year’s general election will take place without international interference?

As the hon. Lady is aware, we currently ban Hikvision, and indeed any other Chinese technology relating to CCTV. We continue to keep that under review. I do not rule out a further progression in the policy, but that is not the case right now.

On the time taken, it is essential that, before Ministers stand at the Dispatch Box and make assertions attributing such activity to a hostile state, we are absolutely sure of the basis on which we do so. That requires extensive work by our intelligence agencies, it requires fine judgments to be made, and it requires work to be done with our allies around the world—there will be comments from the United States shortly after my statement. I would rather we did this in the proper way.

We have invested £2.6 billion on cyber-security during this spending review. I can never be totally confident in relation to cyber-security—no Government Minister anywhere in the world can be; it is an environment in which the risks are escalating all the time and are turbocharged by artificial intelligence—but I can assure the hon. Lady and other Members that we are constantly increasing our activity and vigilance in the face of it.

Like my right hon. Friend the Member for Chingford and Woodford Green (Sir Iain Duncan Smith), I am rather underwhelmed by this statement. In the three years since seven parliamentarians were sanctioned, we have been subject to intimidation, impersonation and hacking, as have the families of exiles from China with whom we have associated. Today, the Deputy Prime Minister has described hostile actors’ malign acts towards the integrity of our electoral system and parliamentary democracy—foreign interference—and sanctioned two individuals and one company employing 50 people with a turnover of £208,000. Does he think that that is proportionate, and can he confirm that the Government will put the whole of the Chinese Communist Government in the enhanced tier of the foreign influence registration scheme?

My hon. Friend may be aware that we are currently in the process of collective Government agreement in relation to the enhanced tier of the foreign interference registration scheme. Clearly, the conduct that I have described today will have a very strong bearing on the decision that we make in respect of it.

In relation to the sanctions, it is worth noting that this is the first time that the Government have imposed sanctions in respect of cyber-activity. I believe that they are proportionate and targeted, but they also sit in the context of actions that we have been taking with our international allies. They are a first step, and we remain totally open to taking further steps as the situation evolves. The path we are going on with this is clear.

My first reaction is: “Is that it?” The spin was clearly not matched by this statement. The Deputy Prime Minister says that there is an issue around nuclear and higher education. That is because the Government encouraged China to invest in nuclear, and cut the budgets of our universities so they are reliant on Chinese students. The Deputy Prime Minister also ducked the question asked by my right hon. Friend the Member for Wolverhampton South East (Mr McFadden) about Lord Cameron. Will Lord Cameron publish all the money and interactions that he had with Chinese entities when he was out of government? The Deputy Prime Minister says that he is committed to the security services. Why, then, in the Budget on 6 March, was the security budget cut by £600 million next year? That is not a sign of a Government who are taking this issue seriously.

The Foreign Secretary has provided a full declaration of all his interests—

I will take lectures from Labour Members on action in relation to security threats with a pinch of salt. It was this Government who introduced the National Security and Investment Act 2021; it was this Government who passed the Higher Education (Freedom of Speech) Act 2023; it was this Government who passed the National Security Act 2023—none of which we saw from the Labour party during its years in office.

We have seen reports of espionage on UK campuses, aggression on UK soil, massive cyber-attacks and hostile corporate takeovers. It is abundantly clear that China is a hostile state and poses an unprecedented threat to our national security. As Home Secretary, I oversaw the enactment of the National Security Act, which built the foreign influence registration scheme designed specifically to deal with such threats so that our authorities have the right powers to tackle them. Is there not a compelling case for China to be listed on that register, and if not now, when?

I pay tribute to my right hon. and learned Friend for the work that she did—she and I worked closely together on many of those things. There is a strong case, and my right hon. and learned Friend will be aware of the process that we go through to determine that. It has to be agreed through a collective Government agreement.

On the point about hostile states, though, I disagree with my right hon. and learned Friend; it is not the case that any Five Eyes nation has designated China explicitly as a hostile state. The language I have used in relation to China reflects the complex situation of that state, but I want colleagues to be in no doubt about the direction that Government policy is taking, how gravely we take this issue, and the overall escalation of our stance on it.

I, too, am quite surprised at the difference between what was briefed and some of the information that the Deputy Prime Minister has given us today, and the sum of the action taken. He said that the Government had taken rapid and robust action when talking about things that happened three and four years ago, and the sanctioning of two individuals and a minor company does not seem to meet the definition of robust. How does he think that taking the tiny steps he has announced today will deter the Chinese from carrying on in the way they have been doing, as the Deputy Prime Minister has outlined and is very clear from the China report that the Intelligence and Security Committee was finally allowed to publish late?

First, in relation to briefings, I can categorically assure you, Mr Speaker, and Members of this House that there has been no briefing whatsoever from me or my Department in respect of this matter. As ever, I would say, “Don’t believe everything that you read in the newspapers.”

As for the overall direction of Government policy, it is clearly set. This is not just about offensive action, but the extensive defensive action we have taken to continuously increase the security of our Government systems. I make no apology for the time we have taken to properly call out China in this respect. I want to make sure that when I stand at the Dispatch Box, I am able to do so on a solid basis, painstakingly put together by our allies and our security agencies.

Who shall we go to? A former Attorney General, no less.

The front page of The Telegraph today reports Whitehall sources saying that China, Russia and Iran are even fuelling disinformation about the Princess of Wales to destabilise the nation. Hostile states with leaders who fake their own elections and are hated by their own people are spreading wild conspiracy theories about the royal family, among many other things—our royal family who are hugely popular and much loved. Does the Deputy Prime Minister agree that British people will ignore that grotesque disinformation despite the pathetic attempts of those autocratic regimes?

I thank my right hon. and learned Friend for raising the issue, and extend my best wishes to members of the royal family at this very difficult time. The appalling speculation that we have seen over the past few weeks comes as a reminder to us all that it is important for us to ensure that we deal with valid and trusted information, and are appropriately sceptical about many online sources.

As one of the parliamentarians targeted, can I thank the security officials for the work they did to repel this attack? I am glad it was not successful.

However, I have to say that the Deputy Prime Minister has turned up at a gunfight with a wooden spoon. The attack that he stood up and announced at the Dispatch Box happened three years ago, but he comes to the House and calls this “swift”. He comes to the House and says he has taken robust action but, as the hon. Member for East Worthing and Shoreham (Tim Loughton) mentioned, the entity he has sanctioned has fewer than 50 employees and has a turnover of £200,000 a year. He has not sanctioned a single Chinese state official. He has not even told the House whether the Chinese ambassador has been summoned, after what he has come to the Dispatch Box to tell us today. [Interruption.] Forgive me, he says he has been summoned—my apologies.

Can I press the Deputy Prime Minister on the enhanced tier of the foreign influence registration scheme? What possible good excuse could there be for not having China in that, and if we do not take more robust action and see a proper sea change in Government thinking, rather than this tinkering around the edges, will this not happen more and more and get worse and worse?

I think everything about the hon. Gentleman’s question suggests that he did not actually listen to the statement I made. I said that there had been a démarche, and that is exactly what is happening. I have already set out the position in relation to the foreign influence registration system.

The Deputy Prime Minister knows that cyber-attacks on UK institutions come from a wide range of actors—states and criminals—as we saw in the recent big attack on the British Library, and it is important that our laws are up to date to protect against this. In 2022 the Government announced that they would update the Network and Information Systems Regulations 2018 to

“protect essential and digital services against increasingly sophisticated and frequent cyber attacks both now and in the future.”

In 2022 that was to be done as soon as parliamentary time allowed. Why has it not been done, and when will it be done?

The work is pretty much complete, and as soon as parliamentary time allows we will be bringing forward those measures.

I am sorry, but I find the Deputy Prime Minister today utterly unconvincing. The idea that “swift” means taking three years to publish something that has already been published by a Committee of this House is utterly preposterous. It means that if there were an attempt this year, we would hear about it long after the general election and possibly after another general election after that. The truth is that, if he actually thinks this is the sum total of all the Chinese state’s attempts to disrupt the British democratic system, he is wilfully blind and is therefore dangerous.

There are two things that the Government could do immediately to enhance confidence in this area: first, bring forward the motion to allow the Foreign Secretary to answer questions in this House from Members of the House of Commons; and secondly, publish the full unexpurgated Russia report.

I am sorry that the hon. Member is not happy with the Minister of State, Foreign, Commonwealth and Development Office, my right hon. Friend the Member for Sutton Coldfield (Mr Mitchell), who is sitting to my right, and who I think does an excellent job of answering questions in this House. On the time that this has taken, there is a difference between acknowledging, as the Electoral Commission did, the fact that an attack has taken place, and the process of attribution, which takes a longer period of time for the reasons I have set out repeatedly from this Dispatch Box.

I am proud to have the British Library at Boston Spa in my constituency, and I will be meeting it in a week’s time to talk about the cyber-attack. That is just one aspect of what has happened recently, but we are talking about the protection of democracy as well, and the timeframes on which we are moving on some issues does concern me. One of the big concerns will be deepfake news profiles—with people alleged to have said things, and videos of people allegedly doing things—at the next election. I urge my right hon. Friend to work now to try to establish procedures so that everybody across this House will be able to call out efficiently the fake news that may be used to try to influence the election. As he has said, people should be careful what they believe, but what can people believe in unless there are robust systems to call out what is absolutely fake?

My right hon. Friend is absolutely right to raise this issue. We are working with tech companies on, for example, the watermarking of images to ensure that people have a sense of whether they are real. However, this cannot just be action from the UK Government; we have to work internationally, which is why at the global summit for democracy we launched the global Government compact on countering the deceptive use of AI by foreign states in elections. That is the United Kingdom leading across nations around the world to ensure that we can act in co-ordination to address this issue. Moreover, everyone in this rapidly evolving technological world needs to be mindful of the fact that information cannot be trusted in the way it used to be just a few years ago.

The Deputy Prime Minister talked in his statement about

“the powerful strength of our collective voices”.

We can contrast the sanctions that have been announced this afternoon with those that followed the Novichok poisoning in 2018. On that occasion, 130 Russian diplomats were expelled from more than 25 countries, and the EU ambassador to Moscow was withdrawn. What steps are the Government taking to co-ordinate a robust response to this alleged attack on democracy by working with our democratic allies?

That is exactly what we are doing. I raised the issue with opposite numbers in Japan and Korea when I was there, and I have raised it with the United States, with whom we have been co-ordinating exceptionally closely. The US will be making a statement on its actions shortly, if not currently. We have proceeded in this way precisely to ensure that we act not alone but with like-minded states. Interestingly, that is in relation not just to the Five Eyes but to European partners and international partners, particularly in the Asia-Pacific. This issue requires that kind of co-ordinated action, at a time when our democratic institutions not just here, but around the world, are under increased threat. It is important that democratic nations work together in concert, and that is exactly what we are doing.

May I join the Deputy Prime Minister in paying tribute to all those who do so much in the UK intelligence community? Will he join me in reassuring those on the shadow Front Bench that Lord Cameron in the other place oversees GCHQ and the Secret Intelligence Service, and he is probably in a good place to know what is going on? Reference has been made to the China report published in July 2023—I was one of the co-authors, with one or two others in this Chamber. Page 198 of that report referred to the UK security services facing “a formidable challenge”. I welcome the fact that the Government have played catch-up—that was another criticism—and have caught up to a certain extent. I particularly welcome the £2.6 billion over the past three years going to cyber-protection for our critical national infrastructure.

We were going to finish because, in fairness to the Deputy Prime Minister, he indicated that he wanted to finish early because of other things happening around the world. If he is happy to continue, then so I am.

I am happy to continue.

In which case, let us carry on.

I am sure that I will regret saying that, Mr Speaker.

My right hon. Friend is absolutely right to pay tribute to our intelligence agencies. I see their work at first hand, day in, day out. We are one of a very small number of countries that have intelligence agencies of this standard. It enables us all to be more secure.

I welcome the tone of vigilance, which is in stark contrast to the nonchalance shown by the Johnson Government over earlier Russian interference in our elections and the Brexit referendum. Why should we believe the Government’s honest intentions when they still have not implemented all the recommendations of the Russia report?

The right hon. Gentleman will have seen the conduct of the Government and, for example, the further sanctions we imposed on Russia just a few months ago. We have not hesitated in taking robust action in relation to Russia, just as we will continue to do with any threats from China.

Bearing in mind all that my right hon. Friend has said, he may be concerned to hear what we have heard in the Defence Committee. English Ministry of Defence companies are having a nightmare in employing those with specialist AI skills from university, because they are all Chinese. Is he aware of that, and what will he do to counter this potential threat to our security?

Clearly, anyone employed by a relevant defence company or in the UK Government will be subject to advanced vetting, which would likely preclude a number of the individuals my hon. Friend described. The main thing that we have got to do is increase our skills in this country, which is why we are investing in science, technology, engineering and maths. We are very fortunate in having three or four of the top 10 universities in the world in the United Kingdom—wherever I go in the world, people look at that with envy—which is a base from which both our intelligence agencies and industry can draw.

These cyber-attacks occurred in 2021 and 2022, so we really must ask how it has taken the Government so long to make this statement. We should reflect on the Deputy Prime Minister saying that these actors

“gained access to the Electoral Commission’s email and file-sharing systems, which contain copies of the electoral register.”

This is an election year, and it should put fear into the hearts of all of us that the Chinese have access to the UK’s electoral register, at a time like this when we are already worried about bad actors, about cyber-attacks taking place and about the use of AI.

The Deputy Prime Minister talked about taking robust action—good grief: two individuals are being sanctioned. Reference has been made to what happened over Novichok, when we swiftly took action to expel diplomats from this country and around the world. I hope that when the Chinese ambassador meets the Deputy Prime Minister, he will be told that diplomats will be expelled. Will the Deputy Prime Minister come back to the House tomorrow and tell us about the robust action that he should be taking?

You are confusing shouting with robustness.

I will answer the question slightly less aggressively than how it was put; I will make my point in my own way. First, as the Electoral Commission said in its statement, the data contained in electoral registers is limited, and much of it is already in the public domain. The Electoral Commission had already declared the fact of the attack. What is different today is that, contrary to some speculation at the time, we are announcing that it was in relation to Chinese-related actors. That is what has changed. On our overall approach, I have set out a direction. These are grave threats, which we take seriously. We are taking proportionate action now, and we will continue to take steps as required.

A successful deterrent requires the capability and the will to retaliate. Have we got either?

Yes, we do, on both fronts. My right hon. Friend will be well aware of our National Cyber Force, but I do not comment on the conduct of that from the Dispatch Box.

In January 2023, Lord Cameron of Chipping Norton—prior to his appointment as Foreign Secretary, of course—went to Sri Lanka to drum up investment for Port City Colombo, which is a belt and road project launched by President Xi, which many believe will become a military base for the Chinese navy. Following Lord Cameron’s appointment as Foreign Secretary, many freedom of information requests have been submitted to the Foreign, Commonwealth and Development Office to try to shed some light on his visit to Sri Lanka, including who he met and what sort of conversations took place, but to date not a single one of those FOI requests has been complied with by the FCDO. Does the Deputy Prime Minister agree that that is a matter of the highest public interest and that sunlight is the best form of disinfectant, and therefore the FCDO should comply with those FOI requests as a matter of urgency?

The Foreign, Commonwealth and Development Office always deals with FOI requests in the proper way. I have to say that trying to link Chinese cyber-attacks to our current Foreign Secretary is pretty desperate stuff. It just does not wash.

It is absolutely right that we call out these malicious actions, because otherwise they will become normalised. Does the Deputy Prime Minister agree that when it comes to our security, and indeed our economic interests, there is an important parity between the digital space and our physical terrain, and that that should be reflected in defence spending? Does he also agree that Beijing is watching today’s events and will no doubt retaliate? Should we brace ourselves for further individual sanctions against British personnel?

My right hon. Friend is right to highlight the need for investment. That is precisely why, in the last spending review period, we put £2.6 billion into our wider cyber-defences. I am confident that we will be able to deal with any retaliatory action by Beijing effectively.

We should be worried about Chinese influence in various areas of Government. Graham Barrow, the Companies House expert, has been warning for quite some time about dubious company incorporations that have originated in China. He believes that they are being created using an algorithm, and there is evidence that companies are being incorporated using stolen UK credentials, from UK addresses, streets at a time. What conversations has the Deputy Prime Minister had with Companies House, and would he be willing to meet Graham Barrow to hear his conclusions?

I, or another Minister, will be happy to meet him. That is precisely why we set up the National Cyber Security Centre, which uses GCHQ expertise to inform our approach to cyber, and engages with businesses and individuals. That approach is renowned and admired around the world, because we can give high-quality advice through the National Cyber Security Centre. Week after week, I receive delegations from around the world who want to see what we have done with the National Cyber Security Centre.

The £2.6 billion in additional money to counter cyber threats is very welcome. This field is constantly evolving, and those who wish us harm are innovating further. I accept that my right hon. Friend will not comment on the exact detail, but will he at least assure the House that the £2.6 billion outguns what those who wish us harm spend on new threats?

The amount of spending compares extremely favourably with that spent in similar G7 countries around the world. I am confident that we have world-leading expertise, and we are constantly evolving our capabilities in this space.

I thank the Deputy Prime Minister for his statement and his answers. I had occasion just five weeks ago to see Mr Speaker about an incident. The Deputy Prime Minister may be aware—if not, he will be shortly—that the all-party parliamentary group for international freedom of religion or belief, which I chair, had its website hacked, and the text that questioned human rights violations by China was removed. I reported it to Mr Speaker and made him aware of what took place. It is clear that nothing whatsoever is sacred to the Chinese. The work of the elected Members of this House is not treated with respect. Will the Deputy Prime Minister commit to stop handling the Chinese oversteps—for want of a better description—with kid gloves, and instead handle them with authority, and help China to understand that it will not trample over democracy in this place, or elsewhere, without being held accountable in the very strictest terms?

We will certainly hold China to account in the way that the hon. Gentleman describes. I will happily make sure that the parliamentary authorities and the National Cyber Security Centre are in touch with him about the attack that he described.

We know that legacy IT systems are most likely to be cyber-attacked. Has the Deputy Prime Minister ordered an inventory of all Government IT equipment, to see where particular vulnerabilities lie?

Yes. My hon. Friend is right to raise this issue. The first step is to properly understand where those vulnerabilities lie. We have undertaken extensive work to ensure that we know where risks lie, and we are putting in place measures to remediate those risks.

This is too little, too late. It is reactive, not proactive. Two lowly officials get sanctioned when half the UK population’s data and electoral roll get cyber-attacked. I do not feel that the issue is being taken seriously enough. Let me remind the House how serious this is: in October last year, MI5 warned of the “epic scale” of Chinese espionage, and reported that more than 20,000 people in the UK had been covertly approached online by Chinese spies. Our Commons Intelligence and Security Committee said that China was “prolifically and aggressively” targeting the UK, and had managed successfully to penetrate every sector of the UK’s economy. My question is simple: how can any of us here, or outside in society, trust this UK Government, when they are far too late, and do very little of what needs to be done?

I simply do not accept that characterisation, given that it was this Government who set up the NCSC, this Government who set up the ministerial cyber board, and this Government who invested £2.6 billion in our cyber-defences. I have consistently warned, time and again, about the cyber-threats facing the United Kingdom, and we are taking steps to address them.

Every time the Deputy Prime Minister comes to the House, he lays out his plans eloquently, and is more assertive; he says, “We are doing this new thing, and that new thing, to react to the threat.” Do we not still need much greater coherence across all Government Departments in how we deal with the threat, whether the issue is students, the protection of Hong Kong citizens, intellectual property or cyber-attacks?

My hon. Friend raises an important point. I pay tribute to the work that he has done in this space, and I have discussed the issue with him on many occasions. He is right that the UK Government, in common with the US Government and others around the world, have evolved enormously in their approach to China. The sort of China we had hoped for even a decade ago is not the China we have now, whether we are talking about Hong Kong, Xinjiang or elsewhere. We continue to increase our efforts on the matters that he describes. That is precisely why we set up the defending democracy taskforce, led by the Minister for Security.

The Deputy Prime Minister is right to address these issues and, as he said, call them out, but just calling them out does not really cut the mustard. There is certainly no appearance of urgency. There is a worrying sense of “nothing to see here” in some of his responses. He referenced human rights. We know well the issues there, including the horrific forced labour and worse faced by the Uyghur population. The action he is outlining on all those fronts is very underwhelming, and actually a bit baffling. Does he think that the large number of Members across the House who are obviously very much underwhelmed by his statement are all wrong, or is it possible that his statement somehow misses the mark?

First of all, it is important to remember that ultimately—I want to reassure the House and the public—these attempts were unsuccessful. I am not being complacent; I am setting out the facts. As for the risk, at CYBERUK in Belfast last year, I warned that cyber-threats continue to come from the usual suspects—Russia, China, Iran and North Korea. In the Government security conference, I called out Russian state interference, and we created Secure by Design. We have not hesitated to take action, and we will continue to do so.

Democracy is not perfect, but the right to choose who makes the laws that govern us is really precious, and it is really scary to hear that a foreign power might be trying to intervene in that. Mr Deputy Speaker, as one of the few women who has spoken during this statement, I want to remind you again how concerned I am about the threats and harassment that women get when standing for Parliament, especially as we get closer to an election. As well as cyber-security, I am very concerned about physical security. Two and a half years ago, my Essex neighbour was murdered at his constituency surgery. Last Friday, at my constituency surgery, the security operatives recommended by this Parliament failed to show up for the second time this year. I am very grateful to the Deputy Prime Minister for recently putting extra money into security for both parliamentarians and candidates, but will he look again at the workings of this House, and at how our security is governed, because that funding is not getting to those of us on the frontline?

My right hon. Friend makes a concerning allegation, which I will take up for the Government, working with the House authorities. As she will be aware, we take the threat exceptionally seriously, which is why we agreed an unprecedented increase in protective security for Members of this House and other elected representatives. We should all take that threat very seriously, not least in the light of the two appalling murders of parliamentarians that I have seen in my time in this House.

When it comes to matters of national security such as this, my inclination is to work on a cross-party basis, and for us to show a unified face, but does the Deputy Prime Minister not understand that the relative weakness of the response to this terrible series of attacks, combined with his evasiveness over questions about the financial interests of the Foreign Secretary, is bound to increase people’s concerns? It is understood that Lord Cameron still has close links with the Chinese state in respect of numerous business ventures, and it was reported last week that the Government had secretly softened their policy against Chinese businesses implicated in human rights abuses. Will the Deputy Prime Minister strengthen his response, and demonstrate by his actions and through transparency that this soft-pedalling is nothing suspicious?

The hon. Gentleman says that we should have a cross-party approach, and then immediately seeks, on political grounds, to denigrate the Foreign Secretary and turn this into a party political matter. I am afraid that he will have to choose one approach or the other.

When we think ahead to the election, we should bear in mind the point raised today about artificial intelligence and the threat to democracy. We often talk about the concept of deepfake news—which used to be just fake news—but this is not just about deepfakes. It is also about the risk of rumour bombs to dissuade people from going to the polls on the day, and about voice clones; people are telephoned by someone pretending to be a daughter or other family member, who says, “Do not go and vote today.” There are many risks of which we may not even be aware, and the data that we are talking about today may be used in conjunction with data from Facebook and other sources to enable people to pretend that they are something they are not. Along with the work taking place in Government and with tech companies, could there be an education campaign, to let the public know that there are better ways to become aware of the risks that they may face during the election?

My hon. Friend has made an important point. At a time of rapidly evolving technology, particularly artificial intelligence, there will always be limits to the ability of agencies, or companies, to call this stuff out. There needs to be greater awareness among the public of the risks, and of the need to treat images of this kind with much more scepticism, and I will take that up with my colleague the Education Secretary.

Professor Jim Saker, the president of the Institute of the Motor Industry, has warned about the threat that Chinese-manufactured electric vehicles could pose, in giving China access to big data and personal information. He has said that

“connected electric vehicles flooding the country could be the most effective Trojan Horse that the Chinese establishment has”

to impact the UK. What consideration has the Deputy Prime Minister given to the threat posed by those vehicles?

That too is an important point. Obviously, any new technology or cars put on the UK market will have to meet our safety standards, and that will include an assessment of the threats to which the hon. Lady has referred. Under the National Security and Investment Act 2021, I can decide to block or impose conditions on any investments or transactions, from whichever state, and whichever company, in any country. That is another tool in our weaponry that we did not have previously.

My right hon. Friend will no doubt be aware that the Electoral Commission failed a National Cyber Security Centre cyber essentials audit at about the time when these breaches occurred. Among the failings identified was the fact that staff laptops and smartphones were running outdated systems—including Windows 10 Enterprise, which, at the time, was no longer receiving security updates. Does my right hon. Friend not agree that these failings look awfully like extraordinary negligence on the part of the Electoral Commission, and how satisfied is he that the commission has done everything necessary to regularise its procedures?

My right hon. Friend is right to highlight that issue. It is precisely because of those concerns that we have ensured that the Electoral Commission is working closely with the National Cyber Security Centre to achieve a significant step up in its capabilities and its cyber resilience. It was essential for that work to be undertaken, and it has been undertaken.

In May this year, Rotherham will hold a local election, like other places throughout the country. At the last local election, in 2021, Labour kept control of Rotherham Metropolitan Borough Council by a margin of only 54 electors. What steps are the Government taking to ensure that when people cast their votes for the Conservatives in Rotherham, those votes to end 50 years of Labour rule are secure?

I trust and hope that we will achieve that outcome. I would like to assure Members that we have every confidence in the integrity of the elections. Through the defending democracy taskforce and the action taken by the Minister responsible for local government, my hon. Friend the Member for North Dorset (Simon Hoare), who has written to all local authorities in the past week, we are ensuring that the integrity of those important elections is preserved.

I thank the Deputy Prime Minister for his statement today, and for responding to questions for over an hour.