MPs raise concerns about over-reliance on overseas technology

A crossbench group of MPs has published an open letter to the Chair of the Joint Committee on National Security Strategy (JCNSS), Matt Western, the Chair of the Science, Innovation and Technology Committee, Chi Onwurah, and the Chancellor of the Duchy of Lancaster, Darren Jones, calling for urgent changes to the National Risk Register (NRR). The letter, signed by representatives from Labour, the Liberal Democrats, the Green Party, and Plaid Cymru, argues that the current register fails to reflect the UK's lack of digital sovereignty.

While the register evaluates threats such as cyberattacks from foreign powers, the MPs claim it ignores the plausible risk of overseas governments exercising legal control over service providers and manufacturers. They highlight that the UK's increasing reliance on a small number of major technology firms, such as Microsoft and Google, is currently classified only as a chronic risk. This classification treats the issue as a long-term concern rather than an acute threat, meaning it does not warrant emergency contingency planning. 

The MPs claim that the potential for state interference is a specific and immediate risk. They argue that the secrecy surrounding existing mitigation strategies hampers public debate on digital sovereignty and insist that the NRR must be updated to address these vulnerabilities openly.

In a separate open letter from AI Minister Kanishka Narayan to Dame Onwurah, the minister explains that "decisions affecting critical infrastructure are informed by evidence relating to security, reliability and long-term resilience."

In related news this week, over 229,000 people have signed two petitions calling on the UK government to terminate its £600 million in contracts with the US technology company Palantir. Meanwhile, reports emerge that Palantir has hired 32 senior officials from the UK government and public sector since 2012. 

Training Announcement: The BCS Foundation Certificate in Information Security Management Principles (CISMP) is an entry-level programme aligned with ISO/IEC 27001 and Cyber Essentials that examines the fundamental concepts, technologies and principles of information security management. It provides attendees with practical knowledge of key concepts and techniques in risk management, security operations, and technical, physical, and environmental security. In addition, CISMP addresses legal and regulatory requirements, business continuity and disaster recovery planning, and emerging technologies. Find out more.