3 Dec 2012 : Column 41WS

3 Dec 2012 : Column 41WS

Written Ministerial Statements

Monday 3 December 2012

Business, Innovation and Skills

Employment Law

The Parliamentary Under-Secretary of State for Business, Innovation and Skills (Jo Swinson): Following the Chancellor’s announcement on 8 October that the Government would create a new employment status called employee owner, the Government have sought views on the practicalities of its implementation. This measure is part of the Growth and Infrastructure Bill which is currently before the House of Commons.


The Government will publish their response to the consultation shortly and copies will be placed the Libraries of both Houses.

UK Single Market Centre

The Secretary of State for Business, Innovation and Skills (Vince Cable): My noble Friend, Minister of State for Trade and Investment (joint with Foreign and Commonwealth Office), Lord Green, has today made the following statement:

I wish to inform the House that the Department for Business, Innovation and Skills has established the UK single market centre, a national co-ordinating team responsible for monitoring the functioning of the European single market.

The single market centre will bring together our work on all the existing tools that support the functioning of the single market, including the internal market scoreboard, SOLVIT (the problem solving mechanism that seeks to resolve the misapplication of rules by public authorities), the internal market information system, and policy responsibility for the point of single contact (the online licensing service for services directive implementation).

The objectives of establishing such a centre are to give greater visibility, and therefore focus, within Government on improving the UK’s performance in implementing internal market measures and to build stronger links between single market policy and operations to support our European policy through specific examples of market barriers. Over time, I hope that the work of the single market centre will increase awareness among UK businesses and consumers of the support available to them to trade and shop in the internal market.

The single market centre will report annually on the performance of the single market in the UK, and copies of this report will be placed in the Libraries of both Houses.

Cabinet Office

UK Cyber Security Strategy

The Minister for the Cabinet Office and Paymaster General (Mr Francis Maude): On 25 November 2011, I published the UK cyber security strategy. In the strategy I committed to report back on progress after one year, in particular on the achievements of the national cyber-security programme for which my Department has oversight. I am pleased to present this report to both Houses today.

3 Dec 2012 : Column 42WS

The strategy outlined how the internet has changed and shaped our lives. A year on from its publication, this transformation continues apace.

The UK has been proclaimed as the “most internet-based major economy”, with one recent study stating that the UK’s internet-related market is now worth £82 billion a year and rising(1). The internet provides a rich and fertile basis for industry, and small businesses in particular, to expand and grow.

Industry suffers at the hands of such threats. The 2012 PwC information security breaches survey found that 93% of large corporations and 76% of small businesses had a cyber-security breach in the past year. With the cost for a security breach estimated between £110,000 to 250,000 for large businesses and £15,000 to 30,000 for smaller ones, these are losses which UK businesses can ill afford.

And we are not immune in Government. Attacks on Government Departments continue to increase.

The UK cyber-security strategy sets out our approach to tackling the threat. It clearly states four objectives for the UK:

To tackle cyber-crime and to be one of the most secure places in the world to do business in cyber-space.

To be more resilient to cyber attacks and better able to protect our interests in cyberspace.

To have helped shape an open, stable and vibrant cyberspace which the UK public can use safely and that supports open societies.

To have the cross-cutting knowledge, skills and capabilities the UK needs to underpin these other objectives.

These objectives are delivered through the national cyber-security programme which prioritises and co-ordinates work across Government and provides £650 million of new funding to improve the UK’s cyber-security capability.

We are making good progress against these objectives and I am pleased to be able to report on some notable achievements.

Combating the threats

First, I would like to point to the work of GCHQ in addressing cyber-threats. Its work underpins our ability to contend with the many challenges of the cyber-age that threaten our national security. We have invested in new and unique capabilities for GCHQ to identify and analyse hostile cyber-attacks in order to protect our core networks and services and support the UK’s wider cyber-security mission. I cannot reveal details of this work, but it has broadened and deepened our understanding of the threat, helping us prioritise and direct defensive efforts.

As part of this work, the MOD has established a tri-service unit, hosted by GCHQ in Cheltenham. The joint cyber-unit training and skills requirements have been established and it is currently developing new tactics, techniques and plans to deliver military capabilities to confront high-end threats.

The security service has developed and enhanced its cyber-structures, focusing on investigating cyber-threats from hostile foreign intelligence agencies and terrorists, and working with UK victims. This informs the work of the Centre for the Protection of National Infrastructure (CPNI) which is helping organisations to improve their cyber-security measures.

3 Dec 2012 : Column 43WS

CPNI is actively influencing standards, researching vulnerabilities and focusing on the key technologies and systems of cyber-infrastructure. As part of this work it has commissioned a major research programme from the University of Oxford with the aim of delivering advice, guidance and products to help reduce the risk of cyber-attacks mounted or facilitated with the help of company insiders.

In terms of protecting core Government systems, work is being done across the public sector network to create a new security model for the sharing of services. This includes: a common and standardised approach to assurance—Single Sign-on—through an employee authentication hub; security monitoring; more effective policing of compliance; and greater network resilience.

2012 saw the UK hosting one of one the greatest sporting events of our time. The London Olympics was the first truly digital games and, as such, we recognised the need to address potential cyber-threats. We established unprecedented mechanisms for working hand-in-hand with sponsors and suppliers to the games in combating and managing incidents. The lessons learned from the event are informing our cyber-security national incident management plans as we go forward.

Tackling cyber-crime

The Government have invested in strengthening law enforcement and prosecutors’ capabilities to prevent, disrupt and investigate cyber-crimes and bring those responsible to justice. The Police Central e-Crime Unit has trebled in size, three regional cyber-policing teams have been established, and training on cyber-crime for mainstream police officers has been designed. This is increasing the capacity of the police to tackle cyber-crime in line with the strategic policing requirement which was issued by the Home Secretary in July 2012. The Serious Organised Crime Agency (SOCA) has increased its cyber-capability including the introduction of cyber-overseas liaison officers and a number of posts dedicated to mainstreaming cyber and digital investigations across the organisation.

The Police Central e-Crime Unit has reported that it has exceeded its four year operations performance target of averting £504 million of harm within the first year of the national cyber-security programme alone—preventing £538 million of harm at a return on investment of £72 harm averted for every pound invested. In addition and in conjunction with partners, SOCA has repatriated over 2.3 million items of compromised data to the financial sector in the UK and internationally since November 2011 with an estimated prevention of potential economic loss of over £500 million. In addition, The Crown Prosecution Service in turn is devoting more resources to prosecuting cyber-crime. As at the end of September 2012, the Department was prosecuting 29 “live” cyber-crime cases.

Joint operations between the two units have now been initiated as a first step towards their coming together in 2013 to form the National Cyber Crime Unit of the new National Crime Agency. This will deliver the next step in transforming law enforcement capability to tackle cyber and cyber-enabled crimes.

National cyber-security programme funding has enhanced Action Fraud to be the UK’s national reporting centre for fraud and financial internet crime, operating on a 24/7 basis. This enables reported incidents of crime

3 Dec 2012 : Column 44WS

to be developed into intelligence packages that national and local agencies can use for targeted enforcement activity. Over 12 months. Action Fraud received 46,000 reports from the public of cyber-enabled crimes amounting to attempted levels of fraud of £292 million.

To further assist in tackling online fraud, HMRC has established a new cyber-crime team to enhance the Department’s capability to tackle tax fraud by organised criminals. HMRC’s enhanced anti-phishing capabilities are now leading to the interception of five major threats a day and have helped the Department to shut down almost 1,000 fraudulent websites in the last 12 months.

Partnership with industry

Government cannot do this alone. We know that industry is the biggest victim of cyber-crime, and intellectual property theft through cyber-crime is happening on an industrial scale. In the past year we have cast our net wide to work with industry, academia and ever wider across the public sector to promote awareness of the need to address cyber-threats. We have produced and promoted a “Cyber Security Guidance for Business” document for industry chief executives, which sets out how board members and senior executives should adopt a holistic risk management approach to cyber-security in order to safeguard their most valuable assets, such as personal data, online services and intellectual property.

We have successfully completed a pilot Government and industry information-sharing initiative to provide a trusted environment for organisations to share information on current threats and managing incidents. This included around 160 companies across five sectors: defence, finance, pharmaceuticals, energy and telecommunications. Although industry to Government and Government to industry information exchange worked well, most value was gained through the industry to industry engagement and this is informing how we take this work forward.

Education, skills and awareness

We have been actively raising awareness among industry and the public about the problem so that people take the simple steps to protect themselves and demand better cyber-security in products and services. Working with industry, we have been raising awareness of cyber-security threats among the general public through initiatives such as the recent Get Safe Online Week, which for the first time ran in conjunction with the EU and US and Canadian partners, as part of a drive to establish a global Cyber-Security Month in October each year. The National Fraud Authority has also delivered targeted campaigns on online fraud, reminding people of the increasing threat of cyber-crime. Over 4 million individuals were reached by the Devils in Your Details campaign in spring 2012. In evaluation afterwards two-thirds of those surveyed said they would change their behaviour as a consequence.

We are investing in skills and research so that we have the capability to keep pace with this problem in the future. The first eight UK universities conducting world-class research in the field of cyber-security have been awarded “Academic Centre of Excellence in Cyber Security Research” through the Engineering and Physical Sciences Research Council. In addition, a new virtual Research Institute has been launched as a Government/academia partnership. Its aim is to improve understanding of the science behind the growing cyber-security threat. These initiatives help keep the UK at the forefront of international research in this field.

3 Dec 2012 : Column 45WS

Meanwhile we have taken steps to improve cyber-security skills among young people and to widen the pipeline of talent coming into this field. BIS has commissioned e-Skills UK to develop interactive learning materials on cyber-security for GCSE students. One hundred and twenty schools have already signed up to use the materials as part of the Behind the Screen initiative. In November, GCHQ and the other intelligence agencies launched a new technical apprenticeship scheme which aims to identify and develop talent in school and university-age students. They aim to recruit up to 100 apprentices who will be enrolled on a tailored two-year foundation degree course. We have also sponsored the Cyber-Security Challenge UK in its work providing advice, support and guidance for anyone interested in a career in cyber-security, and to create opportunities for employers and previously unidentified talent to come together. Since its launch in 2010, over 10,000 people have registered with the initiative.

Ensuring that those in the field of cyber-security get the right training and education, GCHQ has established and is building on a set of certification schemes to improve the skills and availability of cyber-security professionals. The certification for information assurance professionals scheme will help Government and industry to recruit cyber-security professionals with the right skills at the right level to the right jobs. It will also assist participants to build a career path and to have the opportunity to progress through re-assessment as skills and experience grow.

International efforts

The nature of the internet means that we cannot focus our efforts on the UK alone. International co-operation is crucial. We have continued to promote the UK’s vision of an open, vibrant and secure cyberspace internationally, for instance through our active contribution to the Budapest Cyber Conference, and to build up a wide network of international partnerships. We have strengthened relationships with traditional allies and have initiated discussions with a broad range of countries. We are also working with international partners to improve co-operation to tackle cyber-crime through legislation and operational work, and have played a prominent role in international discussions on norms of behaviour and confidence building measures in cyberspace. In October, the Foreign Secretary announced the establishment of a Cyber Capacity Building Fund for supporting cyber-security internationally, part of which will create a new Global Centre for Cyber Security Capacity Building. This centre will help to make UK expertise and technology in this field available to international partners.

Reflecting the global nature of the cyber-crime threat, UK law enforcement agencies continue to work closely with their international partners, through partnership building and joint operations. SOCA continues to lead, with international partners, on the global representation of law enforcement interests to internet corporation for assigned names and numbers (ICANN), the internet domain name organisation. Collaboration with ICANN to amend the registrar’s accreditation agreement has assisted law enforcement in crime prevention and detection. In April 2012, SOCA led a global day of action to tackle automated vending cart websites selling compromised

3 Dec 2012 : Column 46WS

financial data. Two arrests were made in the UK and 70 websites taken down world-wide, resulting in major disruption to organised crime-groups’ activities.

A fuller list of achievements from the first year of the Cyber Security Strategy and work on the National Cyber Security Programme can be found at: www. cabinetoffice.gov.uk.

Future plans

Looking forward, we are clear that there is still much work to do. We will continue the work that is under way, while regularly assessing it against priorities, and taking into account new and emerging threats.

We are reviewing our national approach to cyber-incident management, particularly in the light of the successful Olympics response outlined above. Our intention is to move towards the establishment of a UK national CERT (computer emergency response team). This will build on and complement our existing CERT structures, improve national co-ordination of cyber-incidents and act as a focus point for international sharing of technical information on cyber security.

In addition, a new Cyber Incident Response scheme, recently launched by CESG and CPNI in pilot form, will move to become fully operational in 2013. It is an HMG quality-assured service, provided by industry, that organisations can turn to for assistance when they have suffered a cyber-security incident. The scheme will enable the UK’s emerging cyber-response industry to grow, bringing further benefit to the UK in terms of skills and business opportunities.

Working with the private sector to improve awareness of the need for better cyber-security continues to be a priority. We are now focusing our efforts on making sure that the right incentives and structures are in place to change behaviour in a sustainable way. Government Departments and agencies are working with professional and representative bodies to ensure the consideration of cyber-security becomes an integral part of corporate governance and risk management processes. We are supporting the development of organisational standards for cyber-security so consumers can identify those businesses with good cyber security practices.

Building on the successful “Auburn” pilot project between Government and businesses, we are developing a permanent information sharing environment called CISP (Cyber-security Information Sharing Partnership) to be launched in January 2013. This has been a joint industry/Government design. Initially, this will be open to companies within critical national infrastructure sectors, but we intend to make membership available more broadly, including to SMEs, in a second phase.

We are constantly examining new ways to harness and attract the talents of the cyber-security specialists that are needed for critical areas of work. To this end, the MOD is taking forward the development of a “Cyber Reserve”, allowing the services to draw on the wider talent and skills of the nation in the cyber field. The exact composition is currently in development and a detailed announcement will follow in 2013.

On cyber-crime, the Government will continue to work with the law enforcement community to enhance their capabilities, particularly through the creation of the National Cyber Crime Unit (NCCU), an integral part of the National Crime Agency which, subject to parliamentary approval, will be established in October

3 Dec 2012 : Column 47WS

2013. The NCCU will bring together the capabilities of the Police Central e-Crime Unit and SOCA’s cyber-team to create an even more effective response to the most serious cyber-criminals.

Alongside tackling the threat the Government are determined to help seize the business opportunity in cyber, promoting the UK cyber security industry both domestically and across the globe. To support this, we are today forging a new joint “Cyber Growth Partnership” with Intellect, the organisation which represents the UK technology industry. Central to this will be a high-level group which will identify how to support the growth of the UK cyber-security industry, with an emphasis on increasing exports.

To ensure the UK can continue to call on cutting-edge skills and research BIS and the Engineering and Physical Sciences Research Council (EPSRC) will fund two Centres of Doctoral Training (CDT). The centres will call on a wide range of expertise to deliver multidisciplinary research and so help to provide the breadth of skills needed to underpin the work of the UK’s next generation of doctoral-level cyber-security experts. The two CDTs will deliver, in total, a minimum of 48 PhDs over their lifetime with the first cohort of students starting in October 2013. These are in addition to 30 GCHQ PhD Studentships also sponsored by the National Cyber Security Programme.

We are also building cyber security into undergraduate university degrees. We have partnered with the Institution of Engineering and Technology (IET) to support and fund the Trustworthy Software Initiative which aims to improve cyber security by making software more secure, dependable and reliable. As part of the initiative a module has been developed to educate students on technical degree courses on why trustworthy software is important. This material is currently being piloted at De Montfort University, the University of Worcester and Queens University Belfast. The IET plans to expand the pilot next spring; from 2015 education in cyber-security will be a mandatory component of software engineering degrees accredited by the institution.

On the international front, we will continue to expand and strengthen the UK’s bilateral and multilateral networks. Key opportunities to shape the future of cyberspace in the year ahead will include the Seoul Cyber Conference, the report of the UN Group of Government Experts on international security norms, OSCE (Organisation for Security and Co-operation in Europe) work on Confidence Building Measures and discussions on internet governance in the lead-up to the world summit on the information society (WSIS). We will also play an active role in discussions on the new EU cyber-strategy.

Public awareness will be a priority: we need to warn people of the risks and what they can do to protect themselves while ensuring that confidence in the internet is maintained. From spring 2013 we will be rolling out a programme of public awareness drives, building on the work of GetSafeOnline.org and the National Fraud Authority. This programme will be delivered in partnership with the private sector and will aim at increasing cyber confidence and measurably improving the online safety of consumers and SMEs. We are working now to understand the online behaviour of different segments of consumers in order to prepare the ground for these campaigns and to ensure what we do is based on evidence on what works.

3 Dec 2012 : Column 48WS

Meanwhile Government will be mainstreaming cyber-security messages across the breadth of its communication with the citizen. For example, HMRC will be automatically alerting customers using out of date browsers and directing them to advice on the threat this might pose to their online security.

Conclusion

Further details on forward plans are available at: www.cabinetoffice.gov.uk. One year after the strategy’s publication a great deal has already been accomplished in our aim of protecting UK interests in cyberspace and making the UK one of the safest places to do business online. This is not an issue for Government alone. Industry has the potential to lose the most by not rising to these challenges so together we must work to address cyber-threats which could undermine our economic growth and prosperity.

The past year has created an increasing momentum across the UK at varying levels and across all sectors in addressing a wide range of cyber-security threats. We look forward to maintaining this pace, continually assessing our progress as we go forward. I will report back on progress again a year from now.

(1)AT Kearney: The Internet Economy in the United Kingdom

Treasury

ECOFIN

The Financial Secretary to the Treasury (Greg Clark): A meeting of the Economic and Financial Affairs Council will be held in Brussels on 4 December 2012. We expect the following items to be on the agenda and discussed.

Banking Supervision Mechanism

Council will seek to agree a general approach for the Commission’s proposal for a single supervisory mechanism (SSM).

Revised capital requirements rules (CRD IV)

Council will receive a progress report on the proposals for revised capital requirements rules (CRD IV).

Economic governanceTwo pack

Ministers will seek to agree a general approach on two regulations, which are intended to strengthen fiscal discipline and financial stability in the euro area.

Credit Rating Agencies

The presidency will update Ministers on the political agreement reached on the credit rating agencies 3 (CRA3) dossier.

Macroeconomic Imbalance ProcedureCommission annual report

Ministers will hold an initial exchange of views on the alert mechanism report, the first stage in the macroeconomic imbalance procedure.

Annual Growth Survey 2013

Council will hold an initial exchange of views on the annual growth survey 2013.

Issues related to the Economic and Monetary Union

Council will hold an exchange of views on issues related to the economic and monetary union.

3 Dec 2012 : Column 49WS

Implementation of the Stability and Growth Pact

ECOFIN will seek to adopt Council decisions relating to Greece’s excessive deficit procedure.

Financial Transaction Tax (FTT)

The presidency will brief Ministers on the state of play as regards a proposal for a Council decision authorising enhanced co-operation in the area of FTT by some member states. The UK will not participate in an enhanced co-operation FTT.

VAT Quick Reaction Mechanism

Ministers will hold an orientation debate on a proposal for amending a directive on the common system of value added tax as regards a quick reaction mechanism against VAT fraud.

Annual Report of the Court of Auditors on the implementation of the budget for the financial year 2011

The President of the European Court of Auditors, Mr Vitor Caldeira, will present to Ministers the annual report of the Court of Auditors on the implementation of the budget for the financial year 2011.

HM Revenue and Customs

The Exchequer Secretary to the Treasury (Mr David Gauke): The vast majority of people and businesses pay their fair share of tax. However, the Government are fully committed to clamping down on those who avoid or evade paying their tax. The Government are today announcing a series of actions that are being taken to tackle tax avoidance and evasion through domestic and international action: new investment in HM Revenue and Customs (HMRC), further developments on progress internationally and more powers that will underpin the Government’s commitment to tackle avoidance and evasion. These announcements come ahead of the Chancellor’s autumn statement on Wednesday 5 December.

New funding for HMRC

The Government are already investing over £900 million in HMRC to secure an additional £7 billion of revenue a year, taking HMRC’s total compliance revenues to £20 billion in 2014-15. A further £77 million will be provided to HMRC in this spending review period to further expand its anti-avoidance and evasion activity focused on offshore evasion and avoidance by wealthy individuals and by multinationals. This investment will secure a further £2 billion in 2014-15, £22 billion in total. This is 70% higher than in 2010-11.

As a result of this new funding, HMRC will:

Accelerate work to identify and challenge multinationals’ transfer pricing arrangements and further strengthen its risk assessment capability across the large business sector. That will help to ensure that multinationals do not shift profits out of the UK, and therefore pay the tax due in accordance with UK tax law.

Expand its affluent unit with 100 extra investigators and additional risk and intelligence staff to target avoidance and evasion by the wealthy. Increasing the number of specialist personal tax inspectors to tackle offshore evasion and avoidance of inheritance tax using offshore trusts, bank accounts and other entities, focusing in particular on the agents and tax intermediaries involved.

3 Dec 2012 : Column 50WS

Increase capacity to tackle aggressive avoidance schemes, including long-running cases involving partnership losses by creating a settlement opportunity that offers a good deal to the Exchequer and accelerating litigation against those that fail to take up the settlement opportunity.

Create a new “centre of excellence” to develop a comprehensive approach to tackling offshore evasion. The team will be made up of HMRC staff and external experts who will look at how HMRC can best use data to identify offshore tax evasion, review HMRC’s legal powers and work with other tax administrations to close the net on offshore evasion. A comprehensive strategy on offshore tax evasion will be published in spring 2013.

Improve its risking technology, including increased use of third-party data. HMRC have today published “Closing in on tax evasion: HMRC’s approach” which sets out how HMRC are using technology to tackle those who break the law through tax evasion.

Agreement with US

A groundbreaking agreement with the US—the UK/US agreement to improve international tax compliance and to implement the Foreign Account Tax Compliance Act (FATCA)—will significantly increase the amount of information automatically exchanged between the two countries. The agreement sets a new standard in international tax transparency and will further enhance HMRC’s ability to tackle offshore evasion. The Government will look to conclude similar agreements with other jurisdictions.

Action to tackle the promoters of tax avoidance schemes

Over the summer the Government published a consultation document, “Lifting the Lid on Tax Avoidance Schemes”, on a wide range of proposals to increase information about tax avoidance.

The consultation involved constructive engagement with a large number of representative bodies and businesses. It also demonstrated very strong support from mainstream tax advisers for new measures to crack down on those who market tax avoidance schemes. In response, the Government will bring forward proposals to introduce significant new information disclosure and penalty powers that will go further than existing, general rules on the marketing of financial products and consumer protection. The new powers will allow HMRC to better target the marketing of tax avoidance schemes that pose a high risk to users and the Exchequer.

The Government will also strengthen the existing disclosure of tax avoidance schemes regime through legislation in 2013 that will extend the range of information that must be disclosed to HMRC and impose additional sanctions for non-compliance.

The introduction of a general anti-abuse rule (GAAR)

In December 2010, the Government asked Graham Aaronson QC to lead a study that would consider whether a GAAR could deter and counter abusive tax avoidance, while providing certainty, retaining a tax regime that is attractive to businesses, and minimising costs for taxpayers and HMRC. The GAAR the Government are now introducing will provide a significant new deterrent to abusive avoidance schemes and strengthen HMRC’s means of tackling them where they persist. Guidance and draft legislation on the GAAR will be published in December.