Shapps apologises to armed forces as up to 272,000 personnel affected by cyberattack

Conservative MP Tobias Ellwood (Bournemouth East) told MPs that the world is changing, with the “digital terrain being as important as the physical”, and that new rules should be drawn up on how to respond to cyberattacks.

The former defence minister said: “Had this been a physical, a kinetic attack on MoD main building, this place would be demanding some form of proportionate response.

“Indeed, you could even argue that that would be a Nato Article 5 situation.”

He added that the Rules of Engagement in the Geneva Conventions are “out of date” and that “we need to address errant nations are held to account and what constitutes a proportionate attack”.

Defence Secretary Grant Shapps responded: “He’s right that people, in some sense, differentiate between an attack which is a physical one and an attack which is a cyber attack, but both can be incredibly serious and have enormous consequences.

“I want to stress in this case, because we do not believe that the information has in fact been stolen and, because we’re monitoring it through these eight different measures very carefully, there is a degree of ‘we’ve caught it and controlling it’. But his wider point is, of course, absolutely correct.”

Senior Tories have called for tougher action on China after speculation that Beijing is responsible for a large-scale cyberattack on the Ministry of Defence (MoD).

While the government has said that state involvement cannot be ruled out, it declined to identify the culprit and said it cannot release further details “for reasons of national security”.

Former leader of the Conservative Party Sir Iain Duncan Smith urged the government to put China in the enhanced tier of the Foreign Influence Registration Scheme.

The Conservative MP (Chingford and Woodford Green) asked: “Why in heaven’s name don’t we take the decision to place this malign actor into that enhanced place and then make sure we deal with them accordingly?”

Chair of the Foreign Affairs Select Committee Alicia Kearns called on the government to “get the Foreign Office changing our position” on China.

Mark Francois, former Armed Forces minister and chair of the European Research Group, called for the Government to stand up to China, and accused the Foreign Office of being behind the Government’s refusal to name the malign actor in this latest cyber attack.

Pollsters have dismissed Rishi Sunak’s claims that his party still has a fighting chance with a general election likely to produce “a hung parliament“, writes our political editor David Maddox.

The prime minister is set to try to persuade MPs tomorrow that the result will be closer than many people predict at the first of two briefing sessions on the local elections alongside his party chairman Richard Holden and head of election strategy Isaac Levido.

The session will include a full assessment and breakdown of what the disastrous local election results mean after the Tories lost almost 500 council seats, the Blackpool South by-election and, most devastatingly, the West Midlands mayor.

Former armed forces minister Mark Francois called for the Government to stand up to China and said soldiers will feel “disrespected” that the Government will not confirm that Beijing is responsible for the hack.

The Conservative MP (Welwyn Hatfield) said: “This will be very worrying for service personnel, their families and veterans. And they’ll be disrespected that the Government seems to have briefed that it was China overnight and then not had the nerve to confirm that in the House today, because someone rang up from the Foreign Office and said ‘don’t do that’.

“When oh when are we going to start standing up to the Chinese in a way that they are clearly not frightened to stand up to us?”

Mr Shapps said: “I want to make it absolutely clear to the House, we did absolutely everything we could to avoid this being made public until I had the opportunity to come to this House.

“We proactively endeavoured to ensure that our own approach towards removing the data from being online, closing that system down, ensuring the personnel were paid, making sure that the alternative payments system were in place for expenses and other things, and all of that could happen, ideally, before we came to this house.

“We most certainly did not wish to see or brief out the story. Unfortunately, because there are a large number of people potentially impacted it was almost impossible for people not to go and then talk about, and I believe that’s how it’s come into the public domain.”

The hacking attack on the British military by China was massive in scale, with 270,000 serving personnel, as well as reservists and veterans, from all three services affected.

The Special Forces have not been caught up in the breach, as they use a different, more secure system, but it remains unclear whether members of the Intelligence Corps, part of the army, are among those whose personal details may have been taken.

David Lammy moved Labour closer to calling for an outright ban on arms sales to Israel as the row over the Middle East crisis exploded in the House of Commons.

With Labour under pressure from its own MPs and activists to take a harder line against Israel on the humanitarian crisis in Gaza, Mr Lammy used an urgent question to ratchet up his party’s position.

It follows concerns in the party leadership that Muslims and others are not voting Labour because of its position on the conflict.

Our political editor David Maddox has more:

Tory MP Bob Seely (Isle of Wight) said it was “a little frustrating” to hear his information could be compromised and wondered if he is “the most hacked MP in Britain”.

He said: “I would like to thank the minister for his call this morning, it is a little frustrating to be told that one’s bank details and National Insurance number are winging their way to Beijing or wherever they’ve gone.

“And considering I was also caught up in the Ipac breach, I’m wondering if I’m currently in the running to be the most hacked MP in Britain.”

Defence Secretary Grant Shapps responded: “I want to thank him for his service and I’m sorry he had to receive that phone call about what’s happened.

“I want to stress, actually, that we do not believe the data has necessarily been stolen, so there’s a danger here of just running a couple of steps ahead.

“What we’ve done is to respond with the eight-point plan as if it has been stolen, because we think that that is the best position to put everybody, himself included, in given the seriousness of this potential breach.”

Shadow defence secretary John Healey has said there will be “serious concern” that news of a cyberattack was reported in the media before Defence Secretary Grant Shapps was able to update Parliament.

He told MPs: “My overriding concern is for the safety of serving personnel and veterans affected. Worried about the risk to them and their families, hearing first about the data being hacked from the media and not from the MoD (Ministry of Defence).”

He added: “On the contractor, Defence Business Services say Shared Services Connected Limited (SSCL) has the MoD contract for core payroll and other business services. How many contracts does SSCL or its parent company Sopra Steria have with the MoD? What action has been taken by other government departments with similar SSCL contracts?”

Mr Healey further stated: “The media have clearly been briefed that China is behind the hack but the Defence Secretary only tells us about a malign actor. Now, the Government rightly has a very rigorous system before official accusations or attributions are made but if this deep data breach is found to be carried out by a hostile state, it would represent a very serious threat to our national security.”

Mr Shapps replied: “The media release last night was coincidental and unwelcome as far as we were concerned. Unfortunately, of course, a lot of people were involved in this. (Mr Healey) asked how many; 272,000 is the number of personnel who have been affected.”

He further confirmed that SSCL was the contractor involved and that a “full review” has been ordered of their work within the MoD.

Up to 272,000 service personnel may have been hit by the data breach, Grant Shapps told MPs.

He set out an eight-point plan to support and protect those potentially affected.

The Cabinet minister declined to identify the culprit, telling the Commons: “For reasons of national security, we can’t release further details of the suspected cyber activity behind this incident.

“However, I can confirm to the House that we do have indications that this was the suspected work of a malign actor and we cannot rule out state involvement.”

He also said: “We’ve launched a full investigation, drawing on Cabinet Office support and specialist external expertise to examine the potential failings of the contractor and to minimise the risk of similar incidents in the future.”

Initial investigations have found no evidence that any data has been removed, but affected armed forces personnel have been alerted as a precaution.