Cycle Capacity (Railways)
back to topThe Deputy Presiding Officer (Linda Fabiani):
The first item of business today is a members’ business debate on motion S5M-05106, in the name of Liam Kerr, on cycle capacity on Scotland’s railways. The debate will be concluded without any question being put.
Motion debated,
That the Parliament notes the calls on Transport Scotland and ScotRail to reverse reported plans to reduce available cycle space on trains serving intermediate stations on the Edinburgh/Glasgow - Inverness and East Coast main lines; understands that, on 25 February 2015, the ScotRail Franchise Delivery Team informed a meeting at the Parliament that there would be improvements in 2018-19, with the introduction of four and five coach InterCity 125 High Speed Trains and an expectation that these would carry at least 20 cycles; further understands that the cycling campaign group, Spokes, has discovered that the increase in bike space has been gradually reduced, which means that, for the stations on these lines, there will be fewer spaces for cycles than at present; believes that almost all ScotRail trains are Class 170 Turbostars with four official bike spaces and that, although the new plans include a total of eight bike spaces, six can only be used at the termini, with only two spaces available for stations other than the departure and arrival points; notes the calls on Transport Scotland and the ScotRail Alliance to recognise the immense contribution that it considers cyclists bring to local economies, especially in the Highlands and the north east, and further notes the calls on the Scottish Government to bring pressure on Transport Scotland and ScotRail to reverse this decision and increase cycle space on Scotland’s railways, as it understands was promised in 2015.
13:15
Liam Kerr (North East Scotland) (Con):
I thank all those members from across the Parliament who added their support to the motion, allowing us to debate what is, on so many levels and to so many different groups, a very important issue.
There are two things that I particularly enjoy—cycling and trains, and preferably together. Living in the north-east allows me to indulge in both. I frequently cycle along the old Deeside line, out past Banchory, down over the Cairn O’Mount to Montrose, where I will pick up the train back to Aberdeen. I and, often, four or five companions will stop and spend locally, perhaps at the Milton of Crathes, the Clatterin Brig or Fettercairn, which provides a no doubt welcome economic boost in the current climate.
According to Sustrans, cycle tourism such as that is worth £345 million a year to the Scottish economy. However, this is not just about tourism. The Scottish Government has an ambition for 10 per cent of journeys to be made by bike by 2020, which requires commuting. Bike parking at stations has improved tremendously, but many commuters want not only to cycle to the station but to get on their own bike at the other end.
Nearly all ScotRail trains between Edinburgh or Glasgow and Inverness or Aberdeen are three-car, class 170 Turbostars. Officially, they have four bike spaces on board: two in each of two carriages. If I get to Montrose with three friends in tow and there is a bike already on the train, one of us is stuck.
However, from summer 2018, ScotRail will start to introduce 26 refurbished class 43 sets. If members picture an Intercity 125 train such as the ones that Virgin Trains East Coast uses, that is what we are talking about. The sets are 40 years old, but they are still the fastest diesels in the world, and they will serve Scotland’s seven cities. They look fantastic. They will deliver a 33 per cent capacity increase, a reduction in journey times and a much more comfortable passenger experience. We will have all that, with completely revamped mark 3 coaches delivering what passengers told ScotRail they want.
What is more, in February 2015, on the penultimate slide of a presentation to the cross-party group on cycling, the ScotRail franchise delivery team stated:
“The Class 125s will have a capacity of at least 20 cycles”.
However, the Lothian-based cycle campaign Spokes, which is celebrating its 40th anniversary, has discovered that ScotRail has scaled that back. The new plan is for eight bike spaces per train: two in a vertical hanging rack in one of the coaches and three in each of the two power-car luggage compartments. Furthermore, the latter six spaces will be available only for end-to-end journeys such as Aberdeen to Edinburgh. They will not be accessible at intermediate stations due to the inevitable delays from getting pushbikes on and off the ends of the train.
If I want to go from, for example, Edinburgh to Inverness, some services require a change at Perth. In that case, the six spaces would not be available to me. For my trip from Montrose, I will have to take a chance on one of the two spaces in the coach being available, which is half of the current provision. I am grateful to a transport expert with whom I have been corresponding, who made me aware of the possible health and safety and loading concerns, too.
Will ScotRail review the situation? I believe so, hence my motion and this debate. I wrote to ScotRail in April to highlight the issue and ask for a meeting. That duly took place on 9 May and we covered a lot of useful ground. There are solutions. No doubt colleagues in the chamber will suggest their own. For my part, I appreciate that there could be timetable delays due to the loading and offloading of bikes at intermediate stations, but basic logistics adjustments ought to ameliorate that. Those might include allocating cycle reservations to a specific power car and booking the rider’s seats into the adjacent coach; platform markings showing the cyclist where to wait to load; station staff actively working with the cyclist and/or the guard with the cycle-passenger; or an online system showing available reservable bike spaces and their location on the train, as Great Western—which is, of course, running the new ScotRail sets right now—does already.
It is always difficult to read across directly, but I understand that French trains open their luggage doors at every station. I appreciate that it might be logistically challenging to do that at every station, but, at the very least, surely consideration should be given to opening the door at the key hub stations, such as Perth, Inverness, Dundee and Stirling. The Virgin class 43s to Inverness seem to cope with bikes in coach A and, because the bikes have to be pre-booked, the guard knows in advance when the door needs to be unlocked.
Perhaps we can look again at general capacity. Dave Holladay, a recognised transport expert, suggests having two bikes per carriage plus four or five in each of the two power cars. Questions have been raised around space in the “redundant toilets”—those unused in the new design, which will simply be locked up. In Spokes’s terms, that is “transporting air”. An earlier upgrading of the mark 3 coaches by Chiltern completely removed the toilet and luggage rack to create a large vestibule. That creates flexible bike space, but also extra space for buggies, pushchairs and so on, and for passenger surge at stations. Since the refurbishment work to fit the sliding doors will presumably involve removing the toilets and luggage racks at the coach ends to install the door pockets, would that really be so difficult?
Finally, a quick point, as I want to give the minister plenty of opportunity to clear up what I presume is a misunderstanding. I tried to draft the motion very carefully to avoid politicising the debate, but, despite it being out for nearly two months, as at today’s date not one Scottish National Party member has signed it. I am genuinely surprised at that and a bit disappointed. On issues such as this we need to put the politics aside. We need to work constructively with ScotRail to find solutions, particularly given the cycling targets that we talked of earlier. The minister will know that that absence of SNP signatures has been noted by those outside the chamber and I thought it fair to give him an opportunity to explain that omission in his closing remarks.
The Scottish Government is desperate for a modal shift to cycling by 2020, but it appears to be missing that target at the moment. ScotRail can play a major part in making cycle tourism easy, and also in encouraging cycle commuting. With the new rolling stock coming in there is a fantastic opportunity to do that. I look forward to continuing the dialogue with ScotRail with a view to a solution.
The Deputy Presiding Officer:
We move to the open debate, with speeches of up to four minutes, please.
13:22
Maree Todd (Highlands and Islands) (SNP):
I thank Liam Kerr for introducing this members’ debate. I apologise for not signing the motion; that was an oversight on my part, and not politics at all.
Scotland is, of course, a fantastic destination for cycle tourism, and in the Highlands and Islands—the region that I represent—we boast some of the most scenic cycle routes in the country. Cycle tourism brings huge benefits and value to the Scottish economy—according to Sustrans it is worth £345 million a year. That is particularly great for the rural economy, because we know that cyclists will stop and spend money locally, injecting money into local businesses.
Cycle tourism brings significant environmental benefits compared with many other types of tourism. That is mainly because cyclists tend to use public transport to reach the start of their tour and for making onward connections, instead of using their cars. However, the picture in Scotland is mixed with regard to bike-rail integration. On the positive side, bikes are allowed on most trains free of charge and can be booked in advance. On the other hand, the number of bikes allowed on a train is typically very limited—at the moment, usually only four—and prior booking is often mandatory. Those factors provide a significant discouragement to larger groups who want to travel together, and they reduce flexibility in travel planning—for example, if there is bad weather, mechanical failure or illness.
For example, I heard from a group of four people who travelled from Switzerland to go on a cycling tour in Scotland. They had a really tight schedule and a week-long plan. Not being able to get a train would have thrown out their whole programme, because they had to book in advance. If another group had been trying to take the same train, someone would have been left behind. They also mentioned that getting bikes on and off trains was hard and pressured because of timing, as Liam Kerr mentioned.
I am pleased that ScotRail will be phasing in new high-speed trains in 2018 on the routes that serve Scotland’s seven cities. The new trains will provide extra capacity, but it is disappointing to learn that, rather than the expected rise in cycle capacity, the new trains seem to offer a reduction from what is already provided. I hope that the minister will clarify whether that is the case when he sums up. As I understand it, there will be eight bike spaces, with two in a vertical-hanging rack in one coach and three in each of the two power-car luggage compartments. However, I hear that those six spaces will be available only for end-to-end journeys, as Liam Kerr said. I would really like the minister to clarify that. If someone is trying to get on at an intermediate station such as Aviemore in the Cairngorms national park—a top cycling destination—but the two bike spaces are already taken, they will not be able to get on.
Given the social and economic benefits of cycle tourism in Scotland, that approach really misses an opportunity. As a member of the Health and Sport Committee, I fully support the integration of cycling and public transport as a way to make cycle tourism and commuting easy and to encourage people to get fit and active.
What solutions can be offered? In Switzerland, on routes that are popular for tourists and cyclists, there is an additional freight-style carriage at the back of trains for people to put their bikes on. That means that passageways or disabled spaces are not clogged and there is no risk of bikes falling down or hurting someone. On other trains, there are carriages with fewer seats that are especially for people with bikes, pushchairs and other bulky equipment, which keeps those items together, rather than spread throughout the train.
Another solution is perhaps to have more ceiling hooks from which bikes hang vertically on the front wheel, which means that they take up less space. Could there be more of those on the trains? I know that a key constraint is that space is limited, because the train gauge in the United Kingdom is small due to the 19th century tunnels, so hanging options might not be feasible. Accommodating the requirements of cyclists is no trivial task, but it is a worthy endeavour when we consider the benefits that cycling and cycle tourism bring to Scotland.
13:27
Graham Simpson (Central Scotland) (Con):
I thank my colleague Liam Kerr for bringing the debate to Parliament. It is a shame that we are here, given that Abellio originally vowed to help Scotland to go Dutch and to create a Scottish cycle revolution. It took on the ScotRail franchise with big promises and a grand vision, and those of us who enjoy cycling got quite excited.
Sadly, progress has not been what we hoped for, but maybe it will get better. Let us look at Abellio’s bold vision. In its cycle innovation plan, it says that it will
“bring innovation to the relationship between the cycle and the railway; firstly, by increasing the priority given to cycles at stations and train; secondly, through the products and services that we can offer to cycle users and, thirdly, through the way that we communicate with our customers on cycling issues.”
That all sounds great but, as is shown in Liam Kerr’s motion, which came on the back of a cycling Twitter storm, the reality has been far different. Far from increasing capacity for bikes on trains, Abellio is cutting it on key routes.
The cycle innovation plan gives the game away and perhaps explains what Abellio means when it talks about going Dutch. It says:
“Our overall long term strategy in the Netherlands has been to reduce the pressure on cycle spaces on board trains by investing in better storage facilities at stations and encouraging regular cyclists to either join our Bike & Go scheme for their onward journeys or maintain a second bike at their destination stations. We intend to replicate this successful approach on ScotRail.”
We have an admirable but unrealistic target of having 10 per cent of journeys in Scotland made by bike by 2020. That is less than three years away but, at the current rate of progress, reaching the target will take us 300 years. Abellio can be part of the progress that we need, but it needs to do better.
On 25 February 2015, the ScotRail franchise delivery team told a meeting at the Scottish Parliament that there would be improvements in 2018-19 with the introduction of four and five-coach intercity trains and an expectation that they would carry at least 20 cycles.
Spokes has since discovered that the increase in bike space on trains has been gradually but significantly reduced. On the Edinburgh and Glasgow to Inverness route and the east coast main line, there will be fewer spaces for bikes than there are at present. Abellio has also proposed to cut the number of bookable spaces from six to two on west Highland tourist routes. Transport Scotland has the power to specify that current bike capacity should be maintained, as it has to approve all new train configurations.
In Europe it is common for each train to have a flexible space in every carriage, which allows more people to travel not only with bikes but with prams and bulky luggage. That also allows more standing space in peak service trains.
There is a mood in the chamber to boost sustainable transport, which is why we have a cross-party group on cycling, walking and buses, of which I am the deputy convener. However, there are those who just do not get it. Last week, for example, there was a crazy proposal to scrap South Lanarkshire’s cycle partnership but, thankfully, that was knocked on the head. Cycle routes have been ripped up in some parts of the country after pressure from people in the anti-bike brigade. Councils and the Government need to stand up to those people.
Getting people on their bikes helps physical and mental health, helps productivity and saves expense to the public purse. It matters. Abellio is not in the negative column for cycling, but it needs to go the extra mile to do better.
13:31
Claudia Beamish (South Scotland) (Lab):
I thank Liam Kerr for bringing the debate to the chamber. I am the co-convener of the new cross-party group on cycling, walking and buses, of which my colleague Graham Simpson of the Conservatives is the deputy convener, and, along with Alison Johnstone, I was co-convener of the CPG on cycling in the previous parliamentary session. I am passionate about the development of cycling opportunities, active travel and integrated public transport.
This morning, I discussed today’s debate with cycle commuters in the female changing facilities. One said that she used to travel from Aberdeen to Edinburgh regularly for work by train and that she used her bike at each end of the journey. Another told me that she regularly took her car to a park-and-ride facility and cycled from there. Another highlighted the joy of taking bikes on the train to Gourock and then on the ferry to Dunoon at the start of a cycling holiday. Whether it is for work, leisure or a holiday, nobody should have to experience the stress of worrying about whether they can get their bike on a train.
As we heard from Liam Kerr, research by Sustrans has found that cycle tourism adds £345 million to the Scottish economy every year, and Transform Scotland’s research has shown that
“further development of the national Cycle Network and other cycle routes across the country could increase this figure substantially.”
The capacity for bikes on trains is fundamental to that.
In my region we have the Borders railway, which has proved successful over the past 18 months in encouraging tourists into the Borders. Cycle tourism is a significant contributor to the local economy. The Borders are a popular cycling destination, with many bike trails and cycling paths to enjoy. However, access to the area is made difficult for cycling tourists when trains do not have adequate bicycle storage.
I have taken a keen interest in bikes on trains for some time, and I am getting a strong sense of déjà vu. In September 2013, I asked the then transport minister Keith Brown
“what provisions for bicycle access and storage on trains and at stations will be included in the contract for rail passenger services to be issued in 2014”.
I suggested—as Maree Todd just suggested—looking at solutions that are used on the continent to improve train services for cyclists, such as cycle carriages. They could be used in the tourist season and even relocated for specific road cycling events. The minister replied:
“The next ScotRail franchise will commence in April 2015. Bidders will be required to develop plans to improve rail’s integration with the wider transport system, which, of course, includes improvements to facilities for cyclists.”—[Official Report, 12 September 2013; c 22365.]
I had thought of stating today that we must be sure that the next franchise tender sets more robust and imaginative demands for bikes on trains in its criteria, but then I stopped myself. The next franchise is years away, and increasing capacity for bikes on trains is imperative.
Liam Kerr’s motion mentions a meeting at the Parliament on 25 February 2015, which I attended, at which we heard from the ScotRail franchise delivery team about the introduction of more bike spaces on rail. Now we hear that each train will be able to carry only eight bicycles and that interim stops are even more problematic.
Spokes Lothian has clearly stated that it might be possible
“to convert some redundant toilets into bike spaces”.
Liam Kerr has made many positive suggestions, as have other members, as to a way forward. Spokes Lothian suggests:
“This problem could surely be resolved by a small cash injection from Transport Scotland.”
Way back in 1998, the then Scottish administration managed this area and made arrangements through match funding. Surely the present Government could do something similar.
I strongly agree with the motion, which I support. We need action now.
13:35
Alison Johnstone (Lothian) (Green):
I, too, thank Liam Kerr for the opportunity to debate the subject. I thank my fellow co-conveners of the cross-party group on cycling in session 4, Claudia Beamish and Jim Eadie, and I look forward to working with Claudia Beamish once more this session, as well as with Graham Simpson and other members. I am endlessly thankful to Spokes, the Lothian cycle campaign group, for its tireless work on this and many other cycling-related issues. I welcome its representatives Ewan Jeffrey and Jolin Warren to the public gallery.
Constituents frequently contact me and, I have no doubt, other members to express concerns about national and local active travel infrastructure. Following the debate, I will meet constituents who are presenting a petition in Parliament—probably at this very moment—to ensure that it is possible for cyclists and pedestrians to cross the Sheriffhall roundabout in Dalkeith safely.
Having a joined-up transport network that puts people’s needs at its heart affects all of us and all modes of transport. It is one of the issues on which I am most asked to press the Scottish Government for improvements. The lack of facilities for taking bikes on trains comes up in my inbox day after day, time after time. Although better bike parking and cycle hire solutions are welcome, they are not the solution for many people. We can take the example of a family of four or five who are on holiday up north. Asking folk to hire bikes represents an additional expense. Many people are absolutely in love with their pride and joy—their custom-made bicycle. That is the bike that they want to tour round the Highlands and Islands on.
There seems to be some tension. Network Rail took some persuading that cyclists should not be banned from Waverley station. When I took the opportunity to try the Borders railway with my bike when the route was newly opened, I tried booking a cycle space in advance to be sure, but I was told that the service was unreservable. That first-come, first-served policy is an outdated way of approaching sustainable travel. Given that leisure cycling and mountain biking are rapidly growing activities and given that cycle tourism contributes £345 million to the economy annually, as we have heard, the Scottish Government needs to do more to embrace the opportunities to make this an industry that Scotland is renowned for internationally and for which we can accommodate demand the length and breadth of the country.
I do not think that there is any good reason for provision to be so poor and so out of step with the experience in other European countries. I have travelled by train in Germany a lot—I just mention that, but there are many other good examples where multifunctional carriages are the norm, and there is space for 10 bikes. If the space is not being used for bikes, the seats fold down and people can sit on them. Buggies can get on the trains no problem. There are better models in the 21st century.
Spokes has highlighted the possibility that we could use former loos that will no longer be in use—although I am not sure that that is a comfortable solution. Transform Scotland makes the point well that we should not be preventing cyclists from boarding trains simply to speed up journey times. That is not progress.
The Scottish Government has a responsibility to include provision for active travel in all new major infrastructure proposals. The Greens have consistently raised that during budget discussions each year. Along with other organisations such as the Association of Directors of Public Health, we have called for 10 per cent of the total transport budget to go towards active travel, and we will continue to press for such changes.
To honour climate change commitments that were made in Paris and to bring our infrastructure into line with that of many of our European cousins, we have to take a different approach. I am not sure who said that the vision of 10 per cent of all journeys being made by bike by 2020 is unrealistic, but it is unrealistic only because of the level of investment that we are making. There is chronic underfunding.
The Government has to ask far more of those who are awarded franchises. Having two bookable spaces is woeful in this day and age. We are going backwards after being promised more, which is what is making people very angry.
The Deputy Presiding Officer:
You must come to a close.
Alison Johnstone:
In closing, I ask the minister to stop back pedalling on the issue.
13:40
Brian Whittle (South Scotland) (Con):
I thank my colleague Liam Kerr for bringing the debate to the chamber.
I was at best an occasional cyclist. I am to be seen now and again battering away with my head down and backside up flying around the roads of East Kilbride for a maximum of an hour at a time. My neighbour, who happens to have a boat down at Loch Lomond, recently invited me to cycle down to Loch Lomond with him, have some lunch there and get the train back. I thought that I could just about manage the 30 miles. I might look like John Wayne getting off his horse after a long day on the prairie, but I could just about manage it. However, there was no chance that I would have considered cycling all the way back.
Graham Simpson:
It is easy.
Brian Whittle:
Yes, for the people beside me who have all the gear.
I am becoming more of a cyclist these days because my youngest daughter, who is now nine, has got a bike and is desperate to cycle to school. I cannot let her do that. It is probably about a mile, but the road network around there would not be safe for her, even if I cycled with her.
What I have to do now is either put bikes on the roof rack or get on the train. We have done that a few times, and it is quite an adventure for the youngsters. We get on the train, go somewhere more conducive to cycling for youngsters, spend some time cycling there and then come back on the train. It is an adventure for my daughter and it is an adventure for me and a joy to be able to do that.
My daughter desiring to cycle to school but not being able to is an example of something that is endemic in this country. We are not joining things up particularly well. My personal view about cycling is that, instead of starting off by building massive cycle routes, we should develop primary schools for active travel so that people can be active when they travel to school, whether they want to walk, cycle or use their skateboards or scooters. I would like that to be a starting point. In my day, I cycled or walked to school every day and the bike sheds at my school were rammed full—it was difficult to find a space to put a bike. I looked at my daughter’s school the other day; there are six bike spaces and I have yet to see a bike in there. Now and again, there will be the odd scooter, but the children are not getting the opportunity to cycle to school.
For me, that is where we need to be. Cycle berths on trains are the end result of a policy that we could implement much earlier in life. Kids want to do this. Three or four children in my street would cycle to school if they had the opportunity, but we just do not have the environment in which they can. If we can look ahead and start to create an environment in which active travel to school is viable as a first step, perhaps when we debate this topic again in the future we will be calling for even more capacity for bikes on trains, as cyclists queue up to board.
We need to think about this as an end-to-end issue and treat it as such.
The Deputy Presiding Officer:
Thank you, Mr Whittle. Perhaps you will address the motion next time.
13:44
Mark Ruskell (Mid Scotland and Fife) (Green):
I thank Liam Kerr for lodging the motion. The debate is very welcome because it is not often that we get the chance in the chamber to debate cycling and how cycling integrates with other transport modes. It is a good and timely topic for debate.
I declare an interest in that I have spent probably most of my working life travelling to my place of work by bike. Either I have cycled all the way; or I have taken my bike to the train station, parked it and got on a train; or I have taken my bike on the train and cycled when I get off at the other end. I have enjoyed that cycling, which has been good for both my mental and my physical health.
However, the current provision on trains for bikes, particularly in central Scotland with the class 170s, is quite bizarre. Most trains around Europe and, indeed, in the rest of the UK have a vertical hook for people to put their bikes on, which makes it easy to get and off a train with a bike and means that the trains can carry many bikes. However, the class 170s here have a horizontal rack that means that I have to choreograph stacking my bike on it alongside other cyclists and the loads of other people who are trying to get on the train. It is a complicated task and it means that I have to have a discussion every morning with four, five or six other cyclists who are trying to put their bike on the train at the same time. It is a great way to meet people and I have had great discussions with lots of people on the back of it, but it is an absolute hassle. I have to say that the guards are very helpful, though. There are only two places available in every two-car set, but most regular cycle commuters know how to stack their bikes creatively so that they can get at least four bikes into the two-place parking area.
We need to make progress on cycle capacity on trains. I recognise that the focus of Abellio ScotRail so far has been on ensuring that there are adequate bike parking facilities in our major stations, and we are starting to see some great improvements in that respect. I commend the bike & go bike-hire scheme, which I think is working well alongside other initiatives such as Nextbike. However, they do not suit everybody and they certainly do not suit people who want to join up their journeys and take their bikes with them, with tourists being a case in point. We have heard from other members that about £345 million comes to Scotland every year through cycle tourism, but we are in danger of losing that.
I am considering taking my family up to Inverness this summer for a mini-tour. We will probably take the Sustrans route down to Fort William, which is a great route that gets a lot of coverage and is very popular. However, the hassle factor on the trains is putting me off. We could be getting to a point now where it might become easier to stick a bike on a plane than to put it on a train. Obviously, cuts in air passenger duty could have an impact on that £345 million that comes into Scotland.
We have heard from members in the debate about possible solutions. I think that we could have more creative use of the vestibule areas in class 170s. I notice at peak times that not everybody wants to sit down and that people getting on for just one or two stops are quite happy to stand. Having more flexible vestibule areas would allow more bikes to come on board the trains and create more space for luggage and mobility aids. For the high-speed trains, Spokes has a good set of solutions. I hope that the minister will reflect on those and put pressure on ScotRail to open things up so that at least the Ruskell family can have an exciting holiday in the Highlands.
Ultimately, though, we recognise that bringing ScotRail back under public control would help and would give us access before profit. However, in the meantime, I hope that the minister is able to put pressure on ScotRail and that we can get a solution to the problem of cycle capacity on trains.
13:48
The Minister for Transport and the Islands (Humza Yousaf):
I thank Liam Kerr for bringing the motion to the chamber. I also want to thank him for a couple of other things, the first of which is the constructive tone of his speech, which he always seems to strike in conversations and which I very much appreciate. I thank him also for engaging with ScotRail in a constructive manner and for his enthusiasm. When I first met Liam Kerr, he told me that he was a real train buff and he has done nothing to dispel that view of him since. However, I regret seeing a picture of him in Lycra in the briefing that I looked at this morning before breakfast.
I also thank Spokes, whose representatives are in the public gallery and whose ambition for cycling in Scotland has been very well reflected by members across the chamber. There will be disagreement on some issues, which happens with any campaign or lobby group, and differences on some issues between the political parties, but it is clear to me that everybody who has spoken in the debate has been driven by their ambition for cycling in Scotland, which is a good thing.
I welcome the debate and I will try to address some of the points that have been made. The disclaimer to set out at the start is that, as members have recognised, the day-to-day operation of train fleets and how passengers are managed on board rests with ScotRail. It is currently finalising the layout of on-train cycle storage and the operational aspects of how that will be managed to maximise the number of cycles that can be carried when the 26 refurbished high-speed trains enter service on Scotland’s intercity routes next summer. It is doing so as a result of conversations in which members and campaign groups such as Spokes and many others raised concerns about on-train cycle storage.
As we know, the HSTs will come into service next summer. Some £54 million is being ploughed into them and they will of course be refurbished to the latest standards of comfort and accessibility. As Liam Kerr said, the improved passenger experience will be much welcomed.
There is a recognition across the chamber that spaces on trains are always limited. There are a range of users: cyclists, foot passengers, people with disabilities, whom it is incredibly important to consider, people with luggage and people with small children. Notwithstanding that, we have heard about innovative solutions that allow everybody to be accommodated.
As I said, ScotRail is currently finalising the layout and operational aspects of the trains. I encourage it to listen carefully to what members have said about end-to-end provision and issues at intermediate stops, which Liam Kerr, Graham Simpson and others raised, and to look for innovative solutions.
I clarify that, as a member of a Government, I would not necessarily sign a motion—I am sure that Liam Kerr will understand that.
There is a bit of confusion about the part of the motion that states:
“there will be fewer spaces for cycles than at present”.
As members said, the HSTs will have eight spaces, whereas currently there are only four spaces, two of which are bookable. Not even through creative accounting can it be suggested that there will be fewer spaces—there will be more spaces. However, Liam Kerr made the valid point that there might be fewer spaces available at the intermediate stops. I reiterate that I encourage ScotRail to look at that.
ScotRail will keep its policy on cycles under review. It is committed to training its staff in cycle capacity procedures and how to provide additional ad hoc spaces where possible.
Members mentioned the retention of the class 170s, which is great news, particularly for the central Highlands, Moray, Aberdeen and places down the east coast. However, I do not take away from what members said: ScotRail should always look for innovative or inventive solutions for cycle storage, some of which were mentioned.
Some members characterised the position on cycle integration as a choice between cycle storage at stations and on-board cycle storage. There does not have to be a tension between the two; both should be looked at, as ScotRail is doing. I am pleased about the investment by ScotRail and the Scottish Government in improving facilities, with £194,000 from the Scottish stations fund to significantly expand cycle facilities at Haymarket, with around 90 spaces, and £100,000 from the same fund to install 200 cycle spaces at Waverley. Five thousand cycle storage spaces will be provided at stations across the rail network during the franchise—1,269 spaces have been created at 44 locations already. Bike & go facilities, which Mark Ruskell mentioned, have already opened at 11 stations, including Inverness, Aberdeen, Stirling, Falkirk High and Haymarket. There has been a lot of focus on cycle storage, but that is not to take away from what members said—ScotRail should be encouraged to look at cycle storage facilities at stations and on-train cycle storage.
Transport Scotland and I will continue to encourage ScotRail to work with Spokes and other campaign groups. I reiterate that, with the high-speed trains entering service, there will be an increase in the number of spaces. At the moment, there are four spaces, two of which are bookable. In future, there will be eight spaces, and they will not be reduced due to the layout or design of the train or due to wheelchair provision. That is welcome.
We have committed to continuing our record investment in active travel. I know that other members have today urged us to go further, but we will certainly continue it where we can.
As I said, we will continue to have conversations with ScotRail, and there will be an increase in the number of spaces. In the meantime, until those trains enter service next summer, I will continue to urge ScotRail to do what it can with its current stock. I certainly would not want to deny the Ruskell family a successful holiday in Inverness when that comes.
13:55 Meeting suspended.
14:00 On resuming—
Business Motion
back to topThe Presiding Officer (Ken Macintosh):
The next item of business is consideration of business motion S5M-05787, in the name of Joe FitzPatrick, on behalf of the Parliamentary Bureau, setting out a revised business programme for today.
Motion moved,
That the Parliament agrees to the following revision to the programme of business for Wednesday 24 May 2017—
delete
2.00 pm Portfolio Questions
Economy, Jobs and Fair Work;
Finance and the Constitution
and insert
2.00 pm Statement by the First Minister: Security in Scotland
2.30 pm Portfolio Questions
Economy, Jobs and Fair Work;
Finance and the Constitution—[Joe FitzPatrick]
Motion agreed to.
Security
back to topThe Presiding Officer (Ken Macintosh):
The next item of business is a statement by Nicola Sturgeon on security in Scotland. The First Minister will take questions at the end of her statement, so there should be no interventions or interruptions.
14:00
The First Minister (Nicola Sturgeon):
I am grateful for the opportunity to give Parliament a further update following the awful events in Manchester on Monday night. In particular, I thought that it would be appropriate to set out the implications of the decision that was taken last night by the joint terrorism analysis centre—JTAC—to raise the security threat level from severe to critical. I received a briefing last night from the United Kingdom Government’s national security adviser on the reasons behind that decision. Indeed, I have spoken to him again within the past hour.
Clearly, it would not be appropriate to go into the detail of an on-going investigation but, in summary, I will say that the increase in the threat level is due to a concern that the attacker who carried out the atrocity at the Manchester Arena may not have been acting alone and that it is, therefore, possible that a further terrorist attack could be imminent. However, it is important to be very clear that it remains the case that no specific threat to Scotland has been identified.
In the light of the increase in the threat level, I took the decision last night to convene a further meeting of the Scottish Government’s resilience committee. That meeting took place in the early hours of this morning and included the Deputy First Minister, the Cabinet Secretary for Justice, the Lord Advocate, Police Scotland, the Scottish Ambulance Service, the Scottish Fire and Rescue Service and our regional resilience partnerships. The chief executive of the Scottish Parliament also took part. That meeting was an opportunity for us to discuss the immediate implications for Scotland of the heightened security status.
Clearly, the matter will be kept under on-going review, taking account of any intelligence that is available to the police. As the chief constable indicated this morning, Police Scotland has now established a multi-agency co-ordination centre at Govan police station to lead the response across the country with key partners. I will visit the centre later this afternoon to see its operations for myself and to receive a further briefing about the nature of the response. However, I want to outline as clearly as is possible at this stage what some of the practical consequences for Scotland are likely to be over the next few days and what the public can expect to see.
There has been media discussion in particular about the use of military personnel to support the police in their duties, under what is known as operation temperer. Operation temperer is an established plan for mobilising military support to the police service following a major terrorist attack, and the decision about whether to authorise it is a matter for the UK Government. It has two distinct phases. The first involves deployment of the military to sites that are currently provided with armed policing by Ministry of Defence police and the Civil Nuclear Constabulary. That frees up additional armed police officers to support police forces across the UK. The second phase involves deployment of military personnel to support the police to guard specific sites, under the control and direction of the police.
It is important to stress that, at present, only the first phase of operation temperer has been authorised. That means that military personnel will be used at civil nuclear and Ministry of Defence sites in Scotland. There is a total of 12 such sites—nine Ministry of Defence sites and three civil nuclear sites. Those sites, which are not accessible to the general public, will be secured by the military as of today. The presence of military personnel at sites of that nature in Scotland and across the UK will free up the armed police who are normally on duty there. Those armed police will create a contingency resource that can be deployed across the UK. Any decision to use that contingency resource in Scotland would be for the chief constable. However, Police Scotland has no plans, at this initial stage, to do so. It has confirmed that it has reviewed security across Scotland to ensure that the right level of policing is in place, and that it can provide that level of policing from within its own resources. That will, of course, be kept under review by Police Scotland.
It is important to point out that Police Scotland has in the past year made significant progress to ensure an increase in armed policing to around 600 trained firearms officers in Scotland. It has also increased the number of firearms officers who are on duty at any one time. As a result of the change in the threat level to critical, Police Scotland has since Monday night effectively doubled the number of armed response vehicles that are on patrol.
It is likely that the public will see more armed police on the streets than usual, particularly at transport hubs and around city centres—although it is maybe worth stressing, given the understandable attention that operation temperer is receiving, that we do not currently envisage that military personnel will be deployed in Scotland on the streets or at other public locations. However, as with all operational matters, that will be kept under review by the chief constable. As I said, it is likely that, for the duration of the increased threat level, the public will see more armed police on the streets than usual, particularly around transport hubs and city centres. I want to be clear that that represents a specific response to the increased threat level following the Manchester attack. The threat level is kept under review and will be kept at that level only for as long as an attack is judged to be imminent. Therefore, it should not indicate a more general or long-term shift to having armed police on regular patrol in Scotland.
As I said yesterday, the police are completing a review of every public event that is due to take place over the next few weeks. That includes a full review, with the Scottish Football Association, of this weekend’s Scottish cup final to ensure that there is appropriate deployment of police and stewards. That work is on-going. The other major events that are being assessed include the visit on Friday of President Obama, the Edinburgh marathon, which is due to take place this weekend, and the Lisbon Lions memorial event in Glasgow. In addition, guidance is being issued to the organisers of all large events.
I stress that the aim of the police is to allow public events to continue, as far as possible, as normal, but the public should expect additional safety measures at those events. The measures may well include full body and bag searches and the presence of armed police. For that reason, as well as urging the public to co-operate with those measures, I urge people to ensure that they leave extra time if they are going to an event or travelling through an airport or a train station. In all this, our very clear aim is to strike a balance between protecting public safety and ensuring that day-to-day life goes on as normal. The enhanced security measures are part of how we aim to do that.
As always, the public have a role to play, as well. My message to the public is that this is clearly a very anxious time, but there is no need to be alarmed. Many of the steps that are being taken now are precautionary. I repeat: there is no intelligence of a specific threat to Scotland, but I ask the public to be vigilant and to report any concerns or suspicions that they may have to the police.
I want to provide a further update to members on the specific impact of Monday night’s awful events. My thoughts and, I am sure, those of everyone in the chamber remain with the families of those who have lost their lives, the victims who were injured, and the people of Manchester more generally. Police Scotland family liaison officers are currently in Manchester providing support to the families of Laura MacIntyre and Eilidh MacLeod from Barra. I am aware that there is significant information in the media about those two young girls, in particular about the condition of Laura, but their families have requested privacy at this extremely difficult time. For that reason, I do not intend to go into further detail today. I simply want to assure Parliament that as much support as possible is being, and will continue to be, provided to them at this unimaginably difficult time. I know that we all want them to know that they are very much in our thoughts.
More widely, we know that, in total, seven people have now presented at hospitals in Scotland. I am pleased to report that all have since been discharged. It is, of course, possible that other people who witnessed the terror attack or its immediate aftermath have returned to Scotland and are feeling distressed or upset. Anyone who has concerns about themselves or their children should contact their general practitioner for support. Information has been reissued to health boards that provides guidance to adults and children who have witnessed traumatic events.
As I mentioned in my statement yesterday, the events of Monday night were upsetting for all of us, but they may have been especially upsetting for young people, so this is a time to ensure that parents and teachers talk to children about any concerns that they have. We remain in contact with Young Scot as well as with Education Scotland and local authorities to provide the guidance and support that they need to help with those conversations.
I know that this is an anxious time for everybody across the UK. However, again, my message is that people should be vigilant but not alarmed. The steps that I have been describing today are precautionary. Most important of all, people should continue, as normal, to go about their day-to-day business. The Scottish Government’s resilience operation will remain active for the foreseeable future to ensure that there is strategic co-ordination of our overall response, and I will continue to update Parliament as required. The Cabinet Secretary for Justice will also be happy to speak directly to any member who has concerns or queries.
I end—I am sure on behalf of us all—by again putting on the record my heartfelt thanks to our emergency services. Their bravery and dedication is not news to us, but at times like these it never fails to inspire. We are grateful to each and every one of them.
With those remarks, I am happy to answer questions.
The Presiding Officer:
The First Minister will now take questions for the next 20 minutes.
Ruth Davidson (Edinburgh Central) (Con):
I thank the First Minister for her statement. The defence and security services have been clear about the threat of further attack, which is why the threat level has been raised to critical. In Scotland, that means visible armed policing at key locations, a review of security and hosting at major sporting and entertainment events, and further enhanced security checks to ensure that people are kept safe. We should be vigilant. We should also be patient, because access to certain events and locations will take longer. What we should not be is fearful, nor should we be cowed.
As Chief Superintendent Roddy Irvine of Police Scotland tweeted this morning:
“Worth remembering folks, armed Scottish cops are still just Scottish cops. If you say hello, they’ll say hello back, if you :-) they’ll :-) back.”
As we face down the current threat, I know that the sight of armed police officers and service personnel at key locations may be unsettling. However, there can be no doubt that their response is necessary, and we thank them for their professionalism and bravery. It is vital that the police and the security services have everything necessary to get on with their job in the coming days. As we said yesterday, the terrorists will not win. By meeting their cowardice with calm and implacable defiance, we will show that to be the case. Can the First Minister reassure Parliament that if Police Scotland requires any extra resources over the coming days—particularly this weekend—the Scottish Government will step in to help?
The First Minister:
In short, yes—I can give that assurance. I will expand slightly on that. As I have indicated to Parliament, I am in regular discussions right now with the chief constable of Police Scotland. He participated in our meeting last night, I have spoken to him today and I will see him in Glasgow later today. He has assured me that he is able, from within the resources that he has, to provide the enhanced coverage—in particular, the armed police officers—that I have spoken about. I will continue to ensure that I, the Scottish Government, the Cabinet Secretary For Justice and the entire Government liaise closely with the police to ensure that we respond to any need for support and resources that the police request.
There are two points—one that I made in my statement and one that I will add—that we should bear in mind to give us a level of assurance. First, the justice secretary made a statement in Parliament some months ago about the fact that the police have decided to increase the number of armed officers that they have available to them. That has been work in progress throughout the year; as a result, there has been a significant uplift and there are now about 600 armed officers available for deployment by the police. Secondly, as we have discussed many times in Parliament over the past decade, Parliament has ensured that we have, in our budgeting, maintained the number of regular police officers on the streets of Scotland.
Both those moves give our police a level of resources that gives them the confidence that the chief constable is able to give me. However, that does not take away from the enormous pressure that our police officers work under—not just during times like this, but generally. We will continue to do everything that we can to make sure that our brave policemen and policewomen have the support that they deserve.
Kezia Dugdale (Lothian) (Lab):
In light of the new threat level, extra security is visible in this building and around Westminster, embassies and other civic locations, yet we are all too aware that many of the recent attacks across Europe have been at markets, high streets, music events or sporting occasions. Will the First Minister provide any additional reassurance about what people across Scotland can expect when going about their everyday lives? Separately, are there any practical steps that the public can take to support the police in their work?
The First Minister:
I will answer that question in three quick ways. First, not everyone on every street corner in Scotland will see this, but the most obvious visible difference to the general public will be more armed officers on the streets. They will be particularly visible around transport hubs, crowded places and city centres. A lot of people in Scotland who do not normally see armed police will see armed police while the increased threat level is in place.
Secondly, on what the general public can do, they have a key role to play. It is the police’s responsibility to keep the public safe, but we all know that the public’s co-operation is an important part of that. My message, again, to the public is to be vigilant. People should make sure that anything at all that is of concern or which creates suspicion is reported to the police. More generally, they should be co-operative and patient, as I know the vast majority of the public will be.
The public will be inconvenienced over the next few days—or however long the increased threat level lasts. It will take longer for people to get into places that they are visiting and there may be other inconveniences. If people find that it is taking longer for them to get into a sporting or some other event, they should remember that the reason for the delay is their safety.
Thirdly, on events more generally, I said yesterday and I have repeated today that a review of all public events is on-going. I will not go into too much detail but, clearly, a broad spectrum of public events take place, such as football matches that take place in confined spaces over limited time; there are also more open events, such as this weekend’s Edinburgh marathon or the outdoor festivals and markets that people attend. The police have all that under review in their assessment process and, because of the different nature of the events, the responses will vary from one to the other. However, we must have confidence and trust in the police to carry out those assessments and to provide the appropriate level of response. I assure those in the chamber that that work is well under way.
Patrick Harvie (Glasgow) (Green):
Those who are asked to keep our society safe have a difficult job to do—and they have our support in doing it. We have always accepted that, in the appropriate circumstances, the deployment of armed personnel can be appropriate and necessary, but the judgment is a finely balanced one. The sight of armed personnel, whether police or military, can give reassurance, but it can also increase public anxiety. What criteria would need to apply for the additional deployment of armed personnel under operation temperer to be stood down? Secondly, will the First Minister provide an assurance—or seek one from the UK Government—that the additional deployment will have no impact on the legitimate expression of political or peaceful public protest, including, for example, by the peace movement at MOD sites?
The First Minister:
On the deployment of armed police, the balance that Patrick Harvie talks about is very important. I know that the police, too, believe that that balance is important. When we have discussed issues of armed policing in this chamber before, it has sometimes struck me—I take my fair share of the responsibility for this—that we do not always distinguish between two often separate issues. The first issue is the number of armed police that we have trained and able to be deployed. The second issue is the circumstances in which they are deployed. On that first issue, the police have been increasing the numbers of trained armed officers.
It is very important to stress that, outside of periods such as this one, the general policing rule in Scotland is that we do not have armed police routinely patrolling the streets. There are very limited circumstances in which armed police are deployed: firearms incidents and where loss of life is an issue. However, during incidences such as this, we will see armed police deployed more generally on our streets. I was very careful to say today that we should not assume that this is a general move to more routine patrolling by armed police officers; rather, this is a specific response.
How long that response lasts will be very much driven by the decisions that are taken by JTAC. In and of itself, the JTAC decision to increase the threat level did not mean that operation temperer would be invoked, but that decision was also taken last night. The duration of both those things will very much flow from the progress that is made in the investigation that is under way. The threat level has been raised to critical because there is a fear that the attacker was not acting alone and that there is a risk of an imminent attack. It was not my decision to do that, nor will it be my decision to downgrade the threat level again; the decision will be driven by the state of that investigation.
As far as civil liberties and protest are concerned, I think that our police in Scotland do an excellent job in supporting people’s absolute right to peaceful protest, and I would not expect that to be different at this time. However, all of us in all walks of life should be mindful of the additional pressure that our police are under at the moment and should, as part of our contribution to meeting the needs of the present circumstances, be as co-operative as we can be with the police as they go about their task.
Peaceful protest is a fundamental part of our democracy. We should never forget that it is our democracy that the attackers are trying to undermine, and we should not allow them to do that.
Willie Rennie (North East Fife) (LD):
I am grateful for the First Minister’s statement and for the concern that she has expressed on behalf of us all to the victims, their families and the members of the rescue services, who are still dealing with the aftermath of the horrific incident in Manchester.
I have complete confidence in the painstaking and intelligent work that is being carried out by the security services and the recommendations that they have made. They have to strike a balance: we want our country to be safe and our citizens to have confidence, but we want that to happen without creating a climate of fear. In Edinburgh today, in the railway stations, on the buses and in streets such as the Royal Mile, people are out in numbers, going about their normal lives. That tells me that the balance is right.
How often does the First Minister expect to review those arrangements? How will she judge whether the balance is being maintained?
The First Minister:
As I said, all the arrangements are under on-going review. Although I have a significant part to play in the assessments, I stress that, when it comes to security and intelligence and the level of threat here, those decisions will be reviewed and judged on an on-going basis by JTAC; rightly, it will do that independently.
The judgments and assessments about the resources that the police in Scotland deploy will be made on an on-going basis by the police, led by the chief constable, because that is his independent operational responsibility. Through the Scottish Government resilience arrangements, I will make sure that we provide strategic oversight of all that. I will make sure that we understand those judgments, that we give support to the outcomes of them and, of course, that we provide vital accountability to Parliament and the public.
Those judgments and assessments will be made by all the different players on an on-going basis and, as I said in my statement, I undertake to keep Parliament updated and advised of any changes as often as Parliament considers it appropriate.
Christina McKelvie (Hamilton, Larkhall and Stonehouse) (SNP):
Given that we have the freedom to live in a country that has policing by consent, does the First Minister agree that, in times such as these, it is crucial that we embrace and uphold the values of democracy, human rights and the rule of law?
The First Minister:
Absolutely. That is fundamental, and it lies at the heart of all this. We know—we discussed this yesterday and we have discussed it in the past—that terrorists’ purpose is to undermine democracy and the rule of law and the values and freedoms that we all hold so dear, and it is vital that we do not allow them to do so.
That question has particular relevance right now, as we are in the middle of a general election campaign. As politicians, all of us will want to strike the right balance between respect for those who have been affected by the atrocity in Manchester and making sure that we do not allow the ultimate expression of democracy—an election—to be undermined. We will all be very mindful of the need to strike the right balance in getting back to the business of the election campaign as quickly, but also as decently, as possible. As we discussed in the aftermath of the Westminster attack, there are many things in the chamber and elsewhere that we disagree on. That is absolutely legitimate, but I think that we can all come together and unite around those core fundamental values and be absolutely resolute in our determination that they will not be undermined.
Murdo Fraser (Mid Scotland and Fife) (Con):
The First Minister mentioned in her statement President Obama’s planned visit to Scotland later this week. Have there been direct discussions about that with President Obama’s team, and do we expect the visit to go ahead as planned?
The First Minister:
First of all, Police Scotland is carrying out a review of all major events, including the one involving President Obama. Obviously, additional security will be provided by Police Scotland for a visit of such a nature and involving somebody in his position. Those discussions are undoubtedly on-going, but I do not think that it would be appropriate to go into any more detail about them.
I am not anticipating anything other than the event going ahead, but I make it very clear that the police are reviewing all these events, and that will lead to their making decisions on them. The aim is to allow not just this visit but all of these events to go ahead. However, I must point out—I do not want to set any hares running; I am not talking about President Obama’s visit here—that it cannot be guaranteed that none will be cancelled over the course of the next couple of weeks. The aim is to put in place arrangements that allow these events to go ahead safely, and I fully expect that to be the case with the visit of President Obama on Friday.
Ivan McKee (Glasgow Provan) (SNP):
Attacks such as that in Manchester are sadly an all-too-common occurrence in many countries around the world. What discussions are going on with the Governments of other countries on the security threats that all nations face?
The First Minister:
Obviously there are on-going discussions, principally with the intelligence and security services of other countries, to share intelligence and to make sure that that sharing of information gives as much mutual protection as possible. The Scottish Government is kept updated on intelligence or security threats principally through the national security adviser, and we have discussions on a whole range of matters with other Governments on an on-going basis. The principle of intelligence sharing is, I know, very much at the heart of the approach that is taken to intelligence and security in the UK.
Claire Baker (Mid Scotland and Fife) (Lab):
Will the First Minister expand on the on-going discussions that are being held with the UK Government on the use of operation temperer? She stresses that there is no specific threat to Scotland, but what advice and reassurance can be given to the many people who will be looking to travel across the UK this holiday weekend?
The First Minister:
Operation temperer is an established process that deals with military support for the police after terrorist attacks. It is the UK Government’s decision to invoke it; as I have explained, it has two phases, the first of which was invoked and authorised last night. It is not inevitable that operation temperer is invoked when the threat level goes up, but that is what happened last night.
Its duration is very much a matter for the UK Government, but that will be very much driven by the progress of the investigation. I repeat what I said earlier: the reason for the increase in the threat level is a concern that the individual was not acting alone and that there might be others out there and other imminent attacks. Clearly, as the investigation progresses as we hope it does, with arrests being made and people who might be involved being brought to justice, the risk will, I hope, lessen, but such judgments are informed by the security services and taken by the UK Government.
As for the public overall, I make it very clear as I did yesterday that we have no intelligence of a specific threat in Scotland. That is the case as of now, although it stands to reason that that might change in future. The measures that I am talking about are vital, but precautionary. In many respects, much of what is being done across the UK is precautionary, because of the concern that I have talked about. It is not for me to give these messages on behalf of other parts of the UK, but I think that I can say with some confidence that the message that I am giving in Scotland is the one that is being given by Governments in other parts of the UK: be vigilant, but do not be alarmed. These are precautionary measures in response to the circumstances in Manchester and the progress of the investigation so far. Because they are in place to keep people safe, people should not be alarmed, but they should continue to be vigilant.
Clare Haughey (Rutherglen) (SNP):
What resources are available to those in Scotland who have been affected by the attack in Manchester?
The First Minister:
I touched on some of this in my statement. We have Police Scotland family liaison officers on the ground in Manchester, who are providing specific support to the families of the two girls from Barra, and that support will continue for as long as is necessary.
In addition to that, for people returning home, I outlined yesterday some of the work that Police Scotland is doing in partnership with the British Transport Police to identify any possible witnesses coming back to Scotland, who may have information that is important to the investigation. There will also be, among those people or separately, people who have come back who perhaps did not witness anything but nevertheless are experiencing upset or trauma because of what they have been through, and we are working with the health service to make sure that the appropriate advice and information is available for people in those circumstances.
As I have also said both today and yesterday, I am particularly mindful of the impact on children—not just children who were at the concert, but children who are watching the scenes on the television, who will feel unsettled and scared. We have therefore worked with Education Scotland and councils as well as with Young Scot to make sure that information is available to help with conversations with young people. I recommend that those who have not seen the information that Young Scot distributed yesterday have a look at it, because it is very good. I think that parents, teachers and anybody else who has interaction with young people will find it very useful, as it tries to help with that.
A range of support is in place but, again, as with all aspects of this, we will keep it under review to make sure that anybody who has been affected and who needs support is able to access that support in an appropriate way.
Jackson Carlaw (Eastwood) (Con):
This outrage has taken place during a general election campaign. At some point, the parties will decide that it is appropriate to recommence campaigning. However, there may be many small community organisations that have been planning to hold hustings meetings, who will hear what the First Minister has said about public gatherings. Some of those meetings can attract considerable numbers of people, and those organisations will wonder what their responsibility is in these circumstances. I wonder what advice and assurance the First Minister would give.
The First Minister:
That is a very good question and a very relevant one given the time that we are in. My general advice would be to go ahead as planned, but I would supplement that by saying that anybody who is organising a local event—not just a local hustings—who has any concerns or just wants some advice and assurance should contact their local police commander to get that. I know that the police will be very happy to provide that advice locally.
That goes to the heart of what I have tried to say throughout. We want people to carry on as normal. We do not want life to grind to a halt or become abnormal. People just have to take sensible precautions. People should carry on as normal, and if they have any concerns, the police are there to try to address those concerns for them.
Portfolio Question Time
back to topEconomy, Jobs and Fair Work
back to topBrexit (Economic Risks)
back to top1. Ivan McKee (Glasgow Provan) (SNP):
To ask the Scottish Government what assessment it has made of the risks to Scotland’s economy of businesses leaving the country if there is no access to the European Union single market and a so-called hard Brexit strategy is pursued by the United Kingdom Government. (S5O-01009)
The Cabinet Secretary for Economy, Jobs and Fair Work (Keith Brown):
There are around 1,000 EU-owned companies in Scotland and they employ over 127,000 people. Membership of the single market is vital in securing that investment. According to the Ernst & Young attractiveness survey, 79 per cent of inward investors into the UK list access to the EU single market as an important factor in their investment decision. A hard Brexit will reduce the openness of the economy and have a detrimental effect on Scotland’s attractiveness as a location for inward investment.
Ivan McKee:
The cabinet secretary will be aware that in my role as parliamentary liaison officer for the economy, I take a keen interest in the economic impact of Brexit. It is generally accepted that a hard Brexit, with the UK leaving the EU single market, will act as an incentive to many businesses that are currently based in the UK and trade across the EU to move their operations to a location within the single market. What is the Scottish Government doing to encourage those businesses to locate here, rather than in another EU country?
Keith Brown:
As I have mentioned, the latest figures from the EY attractiveness survey confirm that 2016 was a record-breaking year for foreign direct investment into Scotland. It is against that background that we have to judge these issues. We have already proposed a way in which Scotland could stay in the single market even if the UK comes out of the EU, but that has been rejected out of hand by the UK Government. More worrying are some recent suggestions that the UK Government is actually scenario planning for no deal at all, which would be disastrous for both the UK and Scottish economies.
The Scottish Government will continue to do all that it can to protect Scotland’s interests in Europe during the forthcoming negotiations and, of course, to promote Scotland as a destination of choice, despite the damage that is being done by the UK Government.
Murdo Fraser (Mid Scotland and Fife) (Con):
What assessment has the Scottish Government made of the risks to Scotland’s economy of businesses leaving the country if a hard border is created between Scotland and our biggest market, elsewhere in the United Kingdom—that hard border being, according to the Scottish Government’s own experts, a consequence of pursuing a differentiated deal with the EU from that applying elsewhere in the UK?
Keith Brown:
We have no proposals, and see no reason, for there to be a hard border between Scotland and the rest of the UK. It surprises me that a Conservative Party that claims to be in favour of business wants to talk up the prospects of a hard border between Scotland and England—we have not suggested that. There has been no reference at all from the Conservatives, in questions or in debates on the economy, to the fact that we have just seen the UK trade deficit nearly double, from £2.6 billion to £4.9 billion; inflation is at 2.7 per cent; borrowing today is up to a three-year high; and there is a national debt of £1.8 trillion. That is the record of the Conservative Party in government. Why do they not talk a bit more about that in relation to damaging Scotland’s interests?
John Mason (Glasgow Shettleston) (SNP):
The Economy, Jobs and Fair Work Committee took quite a lot of evidence on Brexit and the number of Scottish companies that are very dependent on workers from the EU. Those included Angus Soft Fruits, those in the fish-processing sector and Walkers Shortbread. Does the cabinet secretary think that the UK Government understands how much our food and drink sector needs those workers?
Keith Brown:
If it does understand, it shows no signs of it. John Mason is absolutely right about the critical importance of EU nationals, not least in the sectors that he mentioned. The hospitality sector is another very obvious sector, as well as the soft-fruit sector and financial services.
The issue that is raised with me most frequently by businesses across Scotland is the threat to there being internationally mobile people who can come to Scotland and help to improve our economy. That is a real threat that is not acknowledged nearly sufficiently by the UK Government—a threat from a hard Brexit and, even more, from no deal at all.
We will continue to provide what reassurance we can to EU nationals. I am aware from higher education institutes and others that people are leaving already—people who we would want to stay are leaving the economy already. That cannot be good for Scotland.
Once again, I urge the UK Government to make it clear that EU nationals in the UK will have the right to stay—an assurance that they should have been given immediately after the Brexit referendum.
Dean Lockhart (Mid Scotland and Fife) (Con):
The cabinet secretary quite rightly highlights the importance of jobs for the Scottish economy. Has he had the opportunity to read the most recent Fraser of Allander institute report, which confirms that more than 500,000 jobs in Scotland rely on the integrity of the UK single market?
Keith Brown:
My earlier response, arguing against a hard border—which the Tories are talking up—recognised the importance of the UK market to Scotland and of the Scottish market to the UK.
I was interested to read the jobs figures, which showed a 42-year low for unemployment in the UK. That is great, but Scotland’s unemployment was even lower. We have had not one word of congratulation from the Conservatives and not one mention of that, just as there has been no mention of the EY attractiveness survey and the 122 new projects that are coming to Scotland.
It seems that the last thing that the Tories would ever want to do is to talk up the positive elements of the Scottish economy.
Jackie Baillie (Dumbarton) (Lab):
I welcome the EY survey, which makes interesting reading, but will the cabinet secretary perhaps concede that percentage growth is down substantially on last year and that foreign direct investment has accounted for even fewer jobs than it accounted for last year? Does the cabinet secretary have an explanation for that?
Keith Brown:
It is a fair point. At least part of the explanation—perhaps a large part of it—lies in the fact that around 35 per cent of those foreign direct investments involve employers who do not want to release the details of the employment consequences. The member shakes her head, but that is stated in the report—if she reads it, she will see that that is what it says. Therefore, it is not possible for us to itemise that.
I take substantial encouragement from the fact that there has been no percentage decrease in the number of projects coming to Scotland—in fact, it has gone up, from 119 to 122. That places Scotland second in the United Kingdom, behind the south-east of England. We have also seen an increase in research and development projects, which are absolutely crucial. Stakeholders tell me that they want foreign direct investment, but they also want more research coming to Scotland, and the latest figures show a promising prospect in that regard.
Supporting Women into Work
back to top2. Claudia Beamish (South Scotland) (Lab):
To ask the Scottish Government how it supports women into work. (S5O-01010)
The Minister for Employability and Training (Jamie Hepburn):
The Scottish Government is taking a number of steps to not only support women into employment but reduce gender inequality in the labour market, tackle discrimination and improve women’s position in the workplace. I recently announced funding of up to £200,000 to deliver a programme of support to women who wish to return to work after a career break, building on the £50,000 funding that I previously announced for Equate Scotland to undertake a similar programme specific to the science, technology, engineering and mathematics sector. I also chair a working group to look at pregnancy and maternity discrimination in the workplace.
We have announced funding of up to £500,000 for a workplace equality fund to address long-standing barriers to accessing the labour market, and we are establishing an advisory council on women and girls to inform our action to tackle gender inequality. On top of that funding, we are taking actions through the women in enterprise action framework to tackle the gender gap in enterprise growth. The Government continues to promote flexible working and has provided £178,700 for 2016-17 to the family-friendly working Scotland partnership to support and promote the development of family-friendly workplaces across Scotland.
Claudia Beamish:
The problem is indeed intractable, and the paid labour market in Scotland is fundamentally skewed away from women. As the minister and other members know, women make up the majority of workers in the lowest-paid sectors, such as the care, hospitality and retail sectors. Even women who are in full-time employment can be left struggling to pay rent, to feed their families and without financial independence, which is vital if they have to leave their home because the situation is unsafe due to domestic violence.
Does the minister agree that support for Labour’s pledge on a £10 living wage by 2020 would certainly be a step towards correcting that deplorable situation? What specific action is the Government taking to address women’s low pay?
Jamie Hepburn:
We are delivering a range of funding to the Poverty Alliance to take forward the living wage accreditation scheme. I have met the Living Wage Foundation, which is very pleased with the work here in Scotland—we now have more than 800 accredited employers. We lead by example, by ensuring that those who are covered by our pay policy are paid at least the living wage. That is important because, as the member rightly says, those who are on low pay are predominantly women. We know that that policy is making a difference.
Through the range of activity that I have set out, through the developing the young workforce programme and in conjunction with the Scottish Further and Higher Education Funding Council and Skills Development Scotland, we are making every effort to address some of the structural and attitudinal barriers that exist in order to ensure that women are better represented across the entire gamut of the workforce.
Ruth Maguire (Cunninghame South) (SNP):
Can the minister provide detail on how female employment in Scotland compares with female employment across the United Kingdom as a whole?
Jamie Hepburn:
The situation has certainly improved over the past year. The latest available data shows that female part-time working has decreased over the year by 13,000 while female full-time working has increased by 32,000. That has led to a situation in which the latest statistics show an employment rate for women of 70.8 per cent and an unemployment rate of 4.2 per cent. On both those measures, we are doing better than the UK as a whole.
Gordon Lindhurst (Lothian) (Con):
Does the minister believe that the loss of 152,000 college places, many of which were for part-time courses, has had a detrimental impact on supporting women into work, in particular women who are returning to the workplace after a break?
Jamie Hepburn:
I say to Gordon Lindhurst, who I know takes an interest in these matters as convener of the Economy, Jobs and Fair Work Committee, that Scotland’s colleges are doing a lot of work to help women into employment and will be taking that further through their gender equality action plans.
We know that the number of women in full-time courses is up by more than 12 per cent since 2006-07; that women account for the majority of college enrolments—they accounted for 51 per cent of enrolments in 2015-16; and, indeed, that there are still a significant number of part-time opportunities available at colleges in Scotland. The majority of total enrolments at college are in part-time further education courses—the latest figures show that almost two thirds of courses are part time.
Our college sector is playing a significant role in improving the prospects of women and, indeed, of the entire population of Scotland.
Inclusive Growth (Orkney)
back to top3. Liam McArthur (Orkney Islands) (LD):
To ask the Scottish Government what steps it is taking to deliver inclusive growth for Orkney. (S5O-01011)
The Minister for Business, Innovation and Energy (Paul Wheelhouse):
We are committed to supporting inclusive and sustainable growth across Scotland, including in Orkney. We are investing in businesses, communities and infrastructure across the islands. For example, we are investing in the new hospital and healthcare facilities project, and in Evie primary school, which opened last November. Through the regeneration capital grant fund, we are providing Orkney Islands Council with £0.5 million for the Orkney research campus project in Stromness, which will support more than 100 jobs.
Highlands and Islands Enterprise continues to work closely with ambitious businesses and communities to support growth and boost employment.
Furthermore, the Scottish Government continues to press United Kingdom ministers for appropriate support to ensure grid connections to the mainland and support for island wind projects. Both will significantly enhance the economic and social development prospects of the Orkney islands and thereby support inclusive growth.
Liam McArthur:
I thank the minister for that answer, much of which I welcome.
Part of inclusive growth is about helping communities to overcome specific challenges that they face, so that they can play to their strengths. For my constituents, that is about allowing key sectors of the local economy to compete on a level playing field. Unfortunately, the cost of lifeline ferry services continues to put our islands at a competitive disadvantage. Nine years after cheaper ferry fares were introduced on west coast routes and one year after the First Minister’s commitment to “begin work immediately” to cut the cost of ferry fares for those living in, working in and visiting Orkney and Shetland, we are still waiting. When exactly can my constituents expect a fair deal on ferry fares?
Paul Wheelhouse:
Clearly, that question is best directed to my colleague Humza Yousaf, the Minister for Transport and the Islands, but I am pleased to respond as best I can.
We recognise the effect that reduced fares options have on demand, and we recognise the case that the local community has made for help with charges. It is worth saying that a consultation on fares was carried out at the end of 2016, and further analysis of the impact on demand of different fares options and of available options for increasing demand is being carried out.
I assure Liam McArthur that consideration is being given to looking at how any subsidy could be made available to commercial operators, to allow them to provide reduced fares. As I am sure he appreciates, that is a complex piece of work. It is important to ensure that any fares mechanism is fair and compliant legally. I hope that that answers the question.
Queensferry Crossing Construction Team (Meetings)
back to top4. Peter Chapman (North East Scotland) (Con):
To ask the Scottish Government when it last met the Queensferry crossing construction team. (S5O-01012)
The Cabinet Secretary for Economy, Jobs and Fair Work (Keith Brown):
I last met Michael Martin and David Climie of the Queensferry crossing construction team on Friday 19 May, when I visited the site to view the significant progress being made in the admittedly favourable weather conditions on that day. I was hugely impressed by the progress that is being made across a number of the key activities on the project, including roads on the north side nearing completion, the removal of the tower cranes and trestles, and the installation of wind shielding, waterproofing and the first two layers of road surfacing across the Queensferry crossing.
Peter Chapman:
Given that the opening of the new bridge has already been postponed twice and is now six months late, will the minister give me the exact date when the bridge will open? If he will not, why not?
Keith Brown:
I think that Peter Chapman has heard both from the contractors and from the board of the company that oversees the contract that the bridge is scheduled to open between mid-July and the end of August. I know that he is fully aware that that window, rather than a specific date, was arranged because of the weather conditions in the Forth. It is worth bearing in mind that six months have not passed since the contract completion date, which is next month.
It is also worth comparing the Queensferry crossing with other projects. For example, it is coming in at a fraction of the cost of the Runcorn bridge although it is a bigger bridge and is being delivered more quickly. I am very pleased about the progress that has been made on the bridge.
I have made it clear to the contractors that they should proceed according to what is necessary for the safety of their employees. I am confident that it will be a world-leading bridge, in a world heritage location, that the whole of Scotland can be proud of.
Clare Adamson (Motherwell and Wishaw) (SNP):
Does the cabinet secretary agree with me that worker safety must be of paramount importance in all projects, and that those working on the bridge must follow the advice of experts regarding when it is unsafe to continue working?
Keith Brown:
Clare Adamson is right that, in all such projects, the safety of the workforce is of paramount importance. The Forth crossing bridge constructors consortium has continued to assure us that it remains fully committed to completing the project safely.
When I visited the bridge on Friday, I managed to get to the top of one of the towers, from where the level of activity taking place on the deck can be seen. It is important that that activity, which involves a number of different workstreams, is carried out in a way that ensures the safety of those involved. That includes working to detailed method statements that are based on risk assessments prepared by experts, who are, as Clare Adamson says, the people we should listen to in the construction field.
Neil Findlay (Lothian) (Lab):
In relation to a whole range of procurement issues concerning the Forth bridge contract, what has the cabinet secretary learned from the process? What would he do differently next time?
Keith Brown:
Procurement is of course dealt with by my colleague Derek Mackay, but from my previous involvement in procurement I am aware that the European procurement regulations and the guidance that has been issued have changed. Of course, that has produced some changes that we may wish to take advantage of, but if people such as Neil Findlay have their way and Brexit happens, those guidelines and standards will be absent, which could be damaging for such projects in future. I hope that that will not happen.
Finance and the Constitution
back to topPublic Sector Pay Policy 2017-18 (Equality Impact Assessment)
back to top1. Patrick Harvie (Glasgow) (Green):
To ask the Scottish Government whether its 2017-18 public sector pay policy is subject to an equality impact assessment. (S5O-01019)
The Cabinet Secretary for Finance and the Constitution (Derek Mackay):
Yes. An equality impact assessment is undertaken as part of our consideration of public sector pay policy, and the key findings from the assessment are reported in the policy.
Patrick Harvie:
I am sure that it was merely an extraordinary coincidence that the equality impact assessment was published the day after I lodged that oral question. I am happy that it is such a fortunate coincidence, though.
In previous years under the current public sector pay policy, when inflation was hovering at or well below 1 per cent, it could be argued that the Government’s approach was to ensure that those at the bottom end of the pay spectrum—particularly women and minority groups such as disabled people and those in minority ethnic groups—were protected. Now that inflation is increasing to well beyond that level, and given that even the £400 minimum uplift to those with an income that is below £22,000 is well below an uplift at the current inflation rate, surely we need to look again at how people at the bottom end of the pay scales in the public sector can be protected with at least an inflation-based increase.
Derek Mackay:
I have some sympathy with the point that Patrick Harvie has made. I have engaged on the subject with the trade unions, whose representatives I met recently.
It is true that we have targeted support to those on lower earnings within our pay control. That is why there are specific measures such as the fixed payment and other support measures.
We must get the balance right on sustaining the workforce as well as on proper remuneration. I recognise that inflation has been an issue, but I remind members that we have a policy of no compulsory redundancies, which the United Kingdom Government does not share, to ensure that we sustain numbers and support a valued workforce.
James Kelly (Glasgow) (Lab):
Bearing in mind the fact that we now know that nurses, for example, are £3,400 cumulatively worse off as a result of the pay cap, does the finance secretary accept that the cap is unacceptable? Will he take action to address that specifically when the autumn budget revision comes into play in September and there are underspends from other departments? Will he use that opportunity to give those whose pay has been suppressed by the pay cap a much-needed uplift?
Derek Mackay:
Through our budget process, we have invested hundreds of millions of pounds of extra resources in our public services. Labour did not support the budget, but we were able to put in those additional sums.
I have made the point that I am sympathetic to the workforce over the inflation issues. We know how inflation is being affected by wider economic circumstances, which have been partly caused by the Brexit decision and the pressures from that. I have said that I will continue to engage with the trade unions, and I will do so, especially as we look at our pay policy in the light of financial constraints.
I acknowledge the pressures that we face as a consequence of inflation, but I remind members that we in Scotland have taken specific measures that are distinct from what the UK Government has done on pay and that we have sustained the workforce. We have also ensured that policies are in place to target support for those who are on low pay and to make sure that we have no compulsory redundancies.
Liam Kerr (North East Scotland) (Con):
In Scotland, women earn on average £60,000 less over their working lives than men do. What specific steps is the Scottish Government taking to ensure that public sector pay policy will combat that?
Derek Mackay:
That is a surprise—criticism from the Tories of public sector pay policy. We have avoided compulsory redundancies and we are looking at measures on low pay. We recognise that there can be a gender impact, which is why we have targeted extra support towards the low paid. We also support the living wage and we have made swift progress on that policy. We will look closely at gender impact and other impacts in our pay policy, which was published as part of our considerations for the budget.
Clare Adamson (Motherwell and Wishaw) (SNP):
Does the cabinet secretary agree that all employers, public and private, should do everything that they can to provide equal opportunities for employees? Does he share my concern that the Labour administration in North Lanarkshire, which is now propped up by the Tories, has yet to deal with equal pay claims?
Derek Mackay:
I share those concerns, and I am not quite sure that that is what the parties told the electorate was their intention before the council elections.
Austerity (Impact on Scottish Government Finances)
back to top2. George Adam (Paisley) (SNP):
To ask the Scottish Government what impact the United Kingdom Government’s austerity measures are having on Scottish Government finances. (S5O-01020)
The Cabinet Secretary for Finance and the Constitution (Derek Mackay):
By the end of the current spending review period in 2019-20, the Scottish Government’s fiscal departmental expenditure limit block grant allocation will be £2.9 billion, which is 9.2 per cent lower in real terms than the figure in 2010-11.
George Adam:
Does the cabinet secretary agree that Scotland has suffered enough under the Westminster Government’s austerity? Does he agree that, although the Scottish Government has mitigated the effect where it can, many Scottish families are still struggling because of Tory austerity?
Derek Mackay:
Yes, they are, and I am sure that that debate will continue during the general election campaign, where there are alternatives to the Tories’ plans.
Dean Lockhart (Mid Scotland and Fife) (Con):
Does the cabinet secretary agree with the Fraser of Allander institute analysis that shows that there has been no reduction in the Scottish Government’s discretionary spend in real terms since the Scottish National Party came to power in 2007? Any talk of Tory austerity is merely SNP spin.
Derek Mackay:
I am sorry to say that, not for the first time, Dean Lockhart is quoting selectively from the Fraser of Allander institute. There have been real-terms reductions and, under the Tories, there will continue to be real-terms reductions in our discretionary spend.
Anas Sarwar (Glasgow) (Lab):
Unlike the cabinet secretary, I oppose UK Government and Scottish Government austerity. To rephrase—[Interruption.] They do not like the truth, do they? To rephrase George Adam, I ask the Scottish Government what impact Scottish Government austerity measures are having on local government finances.
Derek Mackay:
Local government had a fair and strong settlement from the Scottish Government. We have consistently treated local government fairly. It is unfortunate that, not only did the Labour Party not support giving those extra resources to local government, including the £120 million attainment fund, but, where Labour is in power, it has frozen the council tax, so it is clear that the settlement is better than Labour has said it is.
Hub Projects (Payment of Contractors)
back to top3. Neil Findlay (Lothian) (Lab):
Meanwhile, back in the real world, I will ask my question.
To ask the Scottish Government what action it is taking to ensure that contractors working on hub projects are paid on time. (S5O-01021)
The Cabinet Secretary for Finance and the Constitution (Derek Mackay):
As I indicated in my reply last week to the member, the standard contract forms that are used for hub projects include provision about the timely payment of contractors and subcontractors.
Neil Findlay:
The Vaughan Engineering Group business in my region has carried out extensive works for Galliford Try, which is one of the major contractors that are involved in Scottish Futures Trust hub projects. After completing work, Galliford Try unfairly withheld payment from the contractor for more than two years, and it is threatening to do so again, which is putting 500 jobs in jeopardy. I raised the matter with the finance secretary last week and he said that he would look at individual cases. Will he agree to meet me and representatives from Vaughan Engineering so that we can try to resolve this serious situation?
Derek Mackay:
I take the issue seriously. Mr Findlay said last week that he could cite a number of cases where the same position had been the case. I will look at those matters if he supplies the details of the range of cases that he has described to me, and I will absolutely take that forward.
Income Tax (50p Rate)
back to top4. Jackson Carlaw (Eastwood) (Con):
To ask the Scottish Government what its current and developing position is on the introduction of a 50p rate of income tax. (S5O-01022)
The Cabinet Secretary for Finance and the Constitution (Derek Mackay):
Analysis that the Scottish Government produced showed that a revenue risk is associated with raising the additional rate. However, the First Minister has asked the Council of Economic Advisers to consider how and to what extent that risk can be mitigated and, if we are sufficiently assured that it can be, we will consider raising the additional rate from 45p to 50p from 2018-19 onwards.
Jackson Carlaw:
I thank the cabinet secretary for repeating to me what was in the Scottish National Party manifesto a year ago. Does he agree with the analysis that was recently conducted for the Fraser of Allander institute by Graeme Roy, a former SNP Government adviser, who concluded that as a result of the fiscal framework arrangements that were agreed, a 50p rate of tax that applied across the whole United Kingdom would lead to a reduction in revenues to the Scottish Government?
Derek Mackay:
I have set out exactly what the Scottish Government’s position is and the advice that we will take, and that will be part of our consideration for the budget. We will also engage with other parties, but the First Minister has asked the Council of Economic Advisers to consider the matter and that is exactly the source of information that I will draw on.
Ivan McKee (Glasgow Provan) (SNP):
Does the cabinet secretary agree that, to avoid the risk of any changes to the top rate of income tax reducing rather than increasing the funds that are available for public services in Scotland, the Scottish Parliament needs to have powers over dividend and savings income tax, powers over taxes that are impacted by incorporation, including capital gains tax and corporation tax, and, crucially, powers to police tax avoidance?
Derek Mackay:
Presiding Officer, I know that you want shorter answers in order to get through as many questions as possible so, in essence, yes—I agree with that point.
Jackie Baillie (Dumbarton) (Lab):
On the basis that the First Minister has changed her mind about eight times on the 50p tax rate, is it not the case that she tells everybody else what to do but, when she has the power herself, she runs a million miles in the opposite direction?
Derek Mackay:
I am absolutely of the view that we have set out a consistent position on the matter and I have said that we will draw on evidence to make those decisions. However, it is abundantly clear that the Labour Party does not know what it is doing on tax, other than to suggest taxing some of the most vulnerable in our society by increasing the basic rate as well.
Small Business Bonus Scheme (Angus)
back to top5. Graeme Dey (Angus South) (SNP):
To ask the Scottish Government how many small businesses in Angus have received support from the small business bonus scheme. (S5O-01023)
The Cabinet Secretary for Finance and the Constitution (Derek Mackay):
It is estimated that the small business bonus scheme supported around 2,500 properties in Angus in 2016-17.
Graeme Dey:
I have a constituent running a now highly successful high street business who tells me that the small business bonus was the difference between surviving and failing in the early years of getting the business up and running. Has the Scottish Government done any analysis of the economic benefit that the small business bonus delivers in Angus and across wider Scotland?
Derek Mackay:
The Scottish Government has engaged with stakeholders and businesses directly. For example, the Federation of Small Businesses recently surveyed about 1,000 business owners and the results show that about a fifth of small firms reported that they would close the business if the scheme were to be abolished and that a similar proportion said that they would have to cancel investments or amend their plans for growth if that was the case.
Local Government Elections (Openness)
back to top6. Ruth Maguire (Cunninghame South) (SNP):
To ask the Scottish Government what action it took to ensure that the local government elections were open to candidates from all parts of society. (S5O-01024)
The Minister for Parliamentary Business (Joe FitzPatrick):
A wide range of people are eligible to stand for election in the Scottish local government elections. The Scottish Government would like to see that diversity reflected in the profile of those who stand as candidates and are elected to public office. One group who are underrepresented in all elections are disabled people. While the selection of party candidates is a matter for political parties, we have provided support for disabled candidates through the access to elected office fund, which was put in place to meet candidates’ additional disability-related costs. Of the 39 candidates who received support through the fund, 15 were elected to 12 local authorities.
Ruth Maguire:
Given the success of the access to elected office fund at our most recent local government elections, does the minister agree that that financial help has clearly opened up the electoral process to people who previously might not have been able to take part in it? Will he join me in calling on the United Kingdom Government to reopen the equivalent UK fund?
Joe FitzPatrick:
Yes. The fund has successfully enabled people who might otherwise have found it difficult to access elected office here in Scotland to do so. I encourage the UK Government to look at how the model has worked in this case, to perhaps get in touch with Inclusion Scotland, which administered the scheme, and, hopefully, to roll it out across the UK.
Air Departure Tax (Distributional Impact)
back to top7. Ross Greer (West Scotland) (Green):
To ask the Scottish Government what assessment it has made of the distributional impact on households of its proposed air departure tax reduction. (S5O-01025)
The Cabinet Secretary for Finance and the Constitution (Derek Mackay):
The Scottish Government fully supports and recognises the importance of robust analysis of its policies. That is why it has committed to undertaking and publishing a range of impact assessments of air departure tax. That includes an independent economic assessment, which will consider the best way to design a robust monitoring and evaluation framework, so that one can be put in place to assess, among other things, the socioeconomic impacts of ADT in the future. The economic assessment will be published in the autumn, no later than when the Government sets out its secondary legislation plans for ADT tax bands and tax rate amounts.
Ross Greer:
The cabinet secretary will be delighted to know that the Scottish Greens have already done some of that work for him. Research that we commissioned shows that the richest 10 per cent of households stand to benefit four times as much as the poorest 10 per cent. Does he agree that that is not the action of a progressive Government?
Derek Mackay:
We have been progressive as a Government in relation to currently devolved taxes such as land and buildings transaction tax and in how we have approached other taxes such as council tax. United Kingdom ADT is the highest tax of its kind in Europe and one of the highest in the world. We want to improve Scotland’s competitive position, connectivity and business growth, but of course all that will be part of the wider consideration. I will refer back to the assessments that we have commissioned.
Maree Todd (Highlands and Islands) (SNP):
What work is on-going on legislation to exempt the Highlands and Islands from ADT?
Derek Mackay:
I was also asked about that in the Finance and Constitution Committee.
We are pursuing the position with the UK Government. Given that the UK is the member state, it is for the UK Government to approach the European Union through the notification process. We are working in partnership with the UK Government to try to ensure that we can continue the Highlands and Islands exemption, which is certainly this Government’s policy intention.
Local Authorities (Income from Increased Council Tax Rates)
back to top8. Clare Haughey (Rutherglen) (SNP):
To ask the Scottish Government what additional income will be raised in 2017-18 by local authorities that have increased council tax rates. (S5O-01026)
The Cabinet Secretary for Finance and the Constitution (Derek Mackay):
The additional council tax revenue in 2017-18 will be £53 million.
Clare Haughey:
My local council, which until the recent local authority elections was a Labour-led council, chose not to raise council tax, despite years of asking the Scottish Government to lift the council tax freeze. How much money would a council tax rise have provided for local public services to spend?
Derek Mackay:
By freezing the council tax in 2017-18, South Lanarkshire Council decided to forgo £4.2 million, reducing its overall potential increase in support for local services. Although that is of course a matter for local government and for that local authority, it is in sharp contrast to what Labour said previously.
Graham Simpson (Central Scotland) (Con):
Does the cabinet secretary agree that Clare Haughey is entirely wrong in what she said about South Lanarkshire Council? It was the policy of the council not to increase council tax rates and it stuck to that, as was its right. Does he agree first, on that factual point and, secondly, that it is not for the Scottish Government to give a view on whether councils should increase council tax rates?
Derek Mackay:
I am not sure that Graham Simpson listened to my answer to Clare Haughey before he asked his question. I made the point that it was a matter for local government and for South Lanarkshire Council. I simply pointed out that the Labour Party had said for years that the council tax freeze was unsustainable, but when it was in a position to increase the tax, it froze it. I was simply pointing out the absurdity of the position of the Labour Party on that council.
For completeness, I note that there were many other Labour authorities that chose to freeze the council tax, which I think helps to make the point that the local government settlement was fair, because it put councils in a position in which they felt that they could do that.
Barclay Review
back to top9. Murdo Fraser (Mid Scotland and Fife) (Con):
To ask the Scottish Government when it expects the Barclay review of non-domestic rates to publish its recommendations. (S5O-01027)
The Cabinet Secretary for Finance and the Constitution (Derek Mackay):
The Barclay review of business rates will report to ministers this summer.
Murdo Fraser:
We look forward to seeing that report. However, given that the Scottish Government refused the request from the Local Government and Communities Committee to ask the Barclay review to reopen the period for consultation so that more evidence could be taken from businesses that were affected by the recent rates revaluation, what assurance can we have that the Barclay review will properly consider all the issues that arise from the recent revaluation and the impact that that has had on businesses?
Derek Mackay:
I have to say that the Conservative’s first position on this matter was that we should act before the review; then it was that we should rush and hurry the review; and now it is that we should prolong the review. I accept, though, that the Barclay review is of great importance as we look at non-domestic rates, and I look forward to its findings. We will act swiftly on those findings.
The Local Government and Communities Committee has encouraged the Barclay review to look again at the consultation and to review the organisations that it has engaged with, and I believe that it has done that. Of course, it will be for Government and Parliament to consider the matters that are presented to us by the Barclay review, and matters wider than that.
Having engaged with Ken Barclay, I know that he has reflected on the comments that were made by the committee and has been able to reach out to others to ensure that the consultation and engagement is as comprehensive as possible.
The Presiding Officer:
That concludes this question session. We will take a few moments before we move on to the next item of business. In the meantime, at the risk of embarrassing them, I congratulate Mr Mackay and Mr FitzPatrick on getting through nine questions and nine supplementaries. I encourage all their ministerial colleagues to take a leaf out of the ministers’ book.
Cyber-resilience
back to topThe Deputy Presiding Officer (Christine Grahame):
The next item of business is a debate on motion S5M-05733, in the name of John Swinney, on safe, secure and prosperous: achieving a cyber-resilient Scotland.
15:13
The Deputy First Minister and Cabinet Secretary for Education and Skills (John Swinney):
As we debate cybersecurity today, our thoughts are with those who were affected by the despicable attack in Manchester, and the implications for security that are now becoming clear and which were covered in the First Minister’s statement this afternoon.
What has been re-emphasised by the cyberattacks against the national health service and Monday’s attack is that, unfortunately, we, as an open society, cannot prevent all harmful incidents occurring. It is simply not possible. Opportunities have been and will, unfortunately, continue to be exploited by those who have the determination, the will and the capability to do so. What we must do is ensure that we do not let such issues drive us away from living our lives to the fullest, and we must also take the steps that it is reasonable for any Government or individuals to take to understand the nature of these attacks and prevent them from occurring.
For those in a response role, it is our duty to ensure that our arrangements are such that we can respond effectively to prevent further harm and can rigorously pursue those who seek to cause societal harm and bring them to justice in all circumstances.
Our focus in this afternoon’s debate recognises the urgency for everyone to secure their technology, data and networks from the many threats that we face, and proposes that citizens and organisations must become more resilient, aware of the risks, and able to respond and recover quickly from any kind of cyberattack.
On 12 May, there was a global cyberattack that affected the national health service across the United Kingdom. The scale and the speed of the attack were unprecedented, and it demonstrated the absolute urgency for everyone to take steps to secure their technology, data and networks from the many threats that we face online.
If we are to realise Scotland’s full potential in the digital world and the opportunities that it offers to our citizens, businesses and organisations, we must equally be aware of the new risks that that environment presents and be able to respond effectively.
Daniel Johnson (Edinburgh Southern) (Lab):
The cabinet secretary is correct that our response is vital, but so is prevention. One of the key issues with the recent attack was the volume of Windows XP installations in the health service. Does the Scottish Government have a target date for removing Windows XP from the information technology estate across the Scottish Government?
John Swinney:
The key question that we have to address is how we establish and maintain the most rigorous level of security possible on all systems that are used. In certain circumstances, there may be an appropriate use for the systems to which Mr Johnson referred. However, the crucial thing is that security arrangements must be in place to ensure that the necessary precautions are taken. I will come on to talk in more detail about all those precautions, but the key point is the importance of ensuring at all stages that we take the necessary measures to address that point. From some of the steps that we already take, it is clear that our policy approach and the requirements that we place on organisations are designed to achieve that objective.
There can be little doubt that the evolution of the internet has been the most significant development of our age. For business, digital transformation is ever present. It has been a game changer by enabling increased efficiency and international reach, as well as expanding markets, capabilities and opportunities. It has been, and will continue to be, a truly innovative force that drives economic development and prosperity.
Never before has data had such a value. In its digital form, its availability, integrity and security are critical to all businesses. Criminal exploitation of the internet is also growing rapidly. Data is the target, and businesses and citizens have lots of it. Unlike physical risks, cyber-risks are much harder to grasp, as criminals exploit systems and human vulnerabilities. Business leaders must be prepared for the cyberthreat and, more importantly, must ensure that their organisations take all steps possible to mitigate that threat.
We are used to managing risk in a digital age, but we must also consider the cyberthreat as another business risk. Any business that can successfully demonstrate that it has taken steps to protect its own and its customers’ data, as well as to respond to and bounce back from any cyberattack, is in a strong position to grow in the digital age. Organisations that can demonstrate their resilience to cybercrime can gain a competitive advantage and increased consumer confidence. Therefore, developing cyber-resilience as a core part of an organisation’s business strategy will ensure that the organisation continues to take full advantage of the internet age and to flourish into the bargain.
I am pleased to say that the Scottish Government and its partners are working together to build a strong and a cyber-resilient Scotland. We are taking action to ensure that we are adequately prepared. However, I want to be clear with Parliament that the Government cannot do that alone. It is also the responsibility of individuals and organisations, who need to take the necessary steps to ensure that they keep safe and secure online.
It has been widely commented that 80 per cent of cybercrime is indiscriminate and can be prevented by getting the basics right. That includes keeping software up to date, using proper antivirus software and making regular system back-ups. Those are simple measures that all users can and should take.
Often, our technical defences are robust but are overcome by the inadvertent actions of an individual who clicks on a link to a seemingly genuine website or potentially causes an infection by opening attachments. Social engineering is one of the simplest ways of overcoming our technical defences. We should not blame users. They are not the weakest link, as is often said; they are essential assets. Links and attachments are common in the workplace and that is why they are exploited. Therefore, part of our response must be to get the basics of online security correct. That includes raising the knowledge and awareness of all our citizens about the risks and the steps that they can take to reduce them.
As we have learned from recent events, swift action in co-ordination and sharing information limited the impact of the NHS ransomware attack. However, we must reflect on that incident, identify lessons and, more important, share those lessons with our partners so that we can help one other to put in place appropriate and effective measures to combat cybercrime.
Since I published “Safe, Secure and Prosperous: A Cyber Resilience Strategy for Scotland” in November 2015, the Scottish Government has committed to providing strong leadership and direction to help individuals, businesses and organisations to make the most of the online world. We have laid the foundations to make Scotland a cyber-resilient country and achieved much already by focusing on the key strategic priorities of leadership and partnership, awareness raising, education, skills and professional development, and research and innovation.
Dean Lockhart (Mid Scotland and Fife) (Con):
Does the cabinet secretary agree that additional availability of computing skills teaching at all school levels would help to address some of those issues?
John Swinney:
Obviously, computing science is an integral part of the curriculum, and it is part of some of the earliest stages of primary education. I have seen various coding initiatives in primary schools that have involved primary 3 and 4 pupils. I firmly support the importance of ensuring that young people are exposed at the earliest possible ages to computing education and that they are able to acquire the skills and attributes that are necessary for them to prosper.
Let me set out the focus of the work that has been undertaken as part of the Government’s strategy that was launched in November 2015. As part of the leadership effort, we established the national cyber-resilience leaders board in September 2016 to drive forward and implement the strategy across Scotland. That board is led by the director of the Confederation of British Industry Scotland, Hugh Aitken, and it is made up of key leaders from across the public, private and third sectors, who provide strategic direction across all our sectors.
The digital Scotland business excellence partnership has provided £400,000 to help businesses in Scotland to improve their cyber-resilience and work towards achieving the cyber essentials standard. We have focused efforts on raising awareness of cyber-risk and, since the beginning of this year, we have developed a joint cybercommunications calendar, which our partners have used to provide a consistent message across the board. We are linking closely in that work—this relates to Mr Greene’s amendment—with the UK national cyber aware campaign.
On learning and skills, we have already built cyber-resilience into the curriculum for excellence, and we are working to embed it in digital skills, as I explained in responding to Mr Lockhart’s question. We are looking at how we can fill our current gaps in the cybersecurity skills pipeline, particularly in apprenticeships and the qualifications that are on offer, and we are working to build the capacity of cybersecurity research across higher education. The University of Edinburgh recently became an academic centre of excellence in cybersecurity research, as acknowledged and endorsed by the national cybersecurity centre.
That work has been about ensuring that we have made early preparations so that we are equipped as a country to meet the challenges that we now habitually face.
I acknowledge the tremendous efforts of our national health service staff and the wider public sector in responding to the recent attack and providing assurances on the security of their networks. There was considerable cross-sector engagement during that event, and collaboration at that level is essential. It helps to demonstrate confidence in the public sector’s ability to respond to such acts.
The Government’s investment in the area is specifically to support a range of hardware and software measures to protect its information and communications technology systems, infrastructure and data; to improve its network monitoring capabilities; to boost staffing in the area, which is vital in order to have the skills available to handle the challenges; to establish and expand a cybersecurity operations centre; and for corporate education awareness and training across the board.
We recognise that, ultimately, the focus of our public sector work is about ensuring that we can gain our citizens’ trust as we increasingly move towards digital public services. With that outcome in mind, we have established a cross-public sector group on cyber-resilience, which is made up of technical and business experts from central and local government, health, procurement, education, academia and the third sector. All are focused on putting in place the necessary measures to protect public sector ICT skills.
It is essential that, across a range of different areas—on learning and skills, on the role of the private sector, on compliance with the European Union general data protection regulation and on the securing of our critical infrastructure—we make cohesive and coherent efforts to ensure that we are equipped to meet the challenges. That is the focus of the Government’s strategy and it lies at the heart of the approach that we are taking. We are doing that in an engaged and collaborative way with the private, third and public sectors to ensure that Scotland as a country is able to demonstrate cyber-resilience and that we are able to use our cybercapability as a foundation for economic opportunity in the years to come.
I move,
That the Parliament notes that the recent global cyber-attack demonstrates the urgency for everyone to secure their technology, data and networks from the many threats that are faced in the digital world; recognises the continuing and growing importance of cyber-resilience to Scotland’s safety, security and prosperity; resolves that citizens and organisations must be aware of the risks and be able to respond and recover quickly from any kind of cyber-attack if Scotland is to realise its full potential, and calls on leaders across all sectors in Scotland to consider their organisations’ resilience to cyber-attacks and take action to ensure that they have plans in place to respond and recover quickly from cyber-incidents.
15:25
Jamie Greene (West Scotland) (Con):
Less than two weeks ago, we witnessed one of the most severe co-ordinated cyberattacks that the world has ever seen. The attack was not restricted to either Scotland or the UK; our neighbours around the world reported attacks on their IT infrastructure that, in some cases, crippled their ability to deliver critical public services.
On our shores, our NHS electronic network was hit and doctors could no longer access patients’ files. The effects were felt as hospitals asked only urgent cases to come to accident and emergency departments in order to ease the pressure on them. Appointments and operations were cancelled, and general practice surgeries were unable to access medical records.
The so-called WannaCry ransomware attack also targeted Germany’s primary railway company, the Deutsche Bahn, and Spain’s Telefónica. It is estimated that the ransomware attack affected 230,000 computers in more than 150 countries, with Europol describing the attack as “unprecedented in scale”. We should make no mistake—the events of 12 May 2017 highlighted the fragility of public IT infrastructure the world over.
For all the benefits that economic digitalisation has brought us, the shift online has opened up an emerging threat from cybercrime and cyberterrorism. Estimates from the Scottish Business Resilience Centre put the cost to the Scottish economy from cybercrime at £393 million in 2015-16. Globally, that figure could be well over half a trillion US dollars per annum. In fact, cybercrime has become such a threat that a whole industry in cyberinsurance has sprung up in recent years.
The Scottish Conservatives will support any measures that the Scottish Government takes to increase our resilience against further cyberattacks. For that reason, we welcome the tone of the Government’s motion and will support it this afternoon.
The Scottish Government made references to cybersecurity in its “Realising Scotland’s full potential in a digital world: A Digital Strategy for Scotland”, which was published this year, and in its previous cyber-resilience strategy, which was published in 2015. Nevertheless, in the light of the recent attacks, we would like more detail on what specific action is being taken to protect public services, utilities and large public networks. In particular, we would like to know the monetary value of any such investment.
The UK Government has invested heavily in cybersecurity and last year announced £2 billion of investment. A new national cybersecurity centre was set up to operate out of London under the control of Government Communications Headquarters. It is there to assist businesses, Government bodies and academia across the UK—including in Scotland—in times of need. At the time, PricewaterhouseCoopers commented:
“The UK Government is leading the way with the cyber initiatives it is putting in place. However, the Government cannot protect the UK alone. Businesses must understand the cyber threat their organisation faces and take strong protective action themselves.”
That is a really important point. There is a shared responsibility on all of us to ensure that we are prepared to deal with online threats.
Our amendment asks the Scottish Government to ensure that it is having a proactive discussion with UK-wide enforcement and intelligence agencies and Government bodies to ensure that a collaborative approach is taken. I will personally liaise with my UK Government counterpart to highlight any areas in the Digital Economy Act 2017 pertaining to cybercrime and online protection that are relevant to Scotland.
It is clear, in the aftermath of the ransomware attack, that the evidence suggests that several hospitals did not install the updates that they had received prior to the attack, which left their systems vulnerable. Daniel Johnson was right to probe into that further today by asking whether the Windows XP replacements or updates will take place in our NHS, because a co-ordinated upgrade and end-of-life plan is a necessary part of any large-scale IT project. The public sector should be no different to mainstream corporations in that regard. Preparation is everything.
The European Commission’s 2016 “European Digital Progress Report” highlighted that half the European Union’s population access public services via online platforms. That number will surely only continue to grow. A crucial pillar in our preparedness against attacks is the understanding that the threat is truly global. In a digital world, we are not shielded by being an island: a hacker in North Korea can attack a database in North Queensferry.
DigitalEurope, the digital industry’s respected trade body, recently said:
“Cybersecurity is important. However the approach must be centered on better security practices to defeat evolving threats in a global landscape”.
The digital market is borderless and virtual and it is a workplace like no other, in which there are invisible but tangible threats.
The Scottish Conservatives will support the Scottish Government’s cybersecurity plans, but our support is conditional on realistic and measurable plans being put in place. We want the Scottish Parliament to be regularly informed of progress and we want close collaboration between all Governments and agencies to ensure that a truly UK-wide cybersecurity framework is in place.
Scotland could lead the charge against global cyberthreats and cyberterrorism. I say that because just last week another major Californian cybersecurity firm announced that it will be opening a new office in Belfast, which will create 120 new jobs in an already buoyant cybersecurity and tech sector in that city. The firm was attracted to Belfast by Invest Northern Ireland, which gave it a £780,000 grant towards the new venture. Invest NI also recently awarded £5.5M to Queen’s University Belfast to help to fund a new centre for secure IT, which brings total investment in the centre to £38 million. Belfast is becoming the world’s number 1 hub for cybersecurity, data analytics, finance technology—fintech—and blockchain technology. The skills that are required to fill those newly created posts are being nurtured locally in Queen’s University Belfast and Ulster University.
Although I appreciate the good work that is happening in Edinburgh, why cannot it also happen in Glasgow or Dundee? There must be more than words of goodwill and lip service paid to Scotland’s IT and tech industry. Targeted investment, a bank of suitably skilled workers and a can-do Government attitude can—and will—have a material and positive effect on the industry, and will open up real opportunities for jobs and growth.
Cybersecurity is so big in Northern Ireland right now that the sector has a zero per cent unemployment rate. While I let that potential sink in, I look forward to hearing the Government's response to my comments and to listening to the rest of the debate today. This is an important debate. We simply have to get this right.
I move amendment S5M-05733, to insert at end:
“; notes that cyber-crimes are often underreported and that more data is needed for a fuller understanding of the scale of such crimes; welcomes that both the UK and Scottish governments have published cyber-security strategies; notes that a number of government, security and enforcement agencies are involved in tackling cyber-threats, and believes that both governments should communicate closely to implement these strategies and to minimise the risk of attack.”
15:33
Claire Baker (Mid Scotland and Fife) (Lab):
The past few days have been very challenging and distressing for us all. It is a critical, on-going situation and it is right that we prioritise and focus on that. My thoughts are with all those families affected by the terrible attack on Monday night.
Turning to today’s debate, we must ensure that we are as safe online as we are offline. To many politicians, cybersecurity is an area in which it can often seem as if a different language is being spoken; the same is true for much of the public. As we heard in the recent debate on keeping children safe online, the internet is central to modern life, and while it brings many benefits, it also contains many risks. Cyber-resilience is an important strategy in protecting against vulnerability for individuals as well as our agencies.
The significant change to how we communicate, how we do business and how we create systems has brought considerable risks and we must always be vigilant. As quick and easy as it is for an MSP to send an email to a constituent, it can be just as quick and easy to send malware or to find the one weak spot among millions of lines of code.
I appreciate that, following the recent ransomware attack on our NHS, the Government has been active in helping businesses and organisations, but today’s debate appears to be reactive rather than proactive. Although a specific attack on a specific target is difficult to predict, the threat of such an attack is not. I appreciate the recent update from the Government on the extraordinary meeting of the national cyber-resilience leaders board, but should such meetings always have to be extraordinary?
The Scottish Government published “Safe, Secure and Prosperous: A Cyber Resilience Strategy for Scotland” in 2015. We are now two years into the five-year strategy, and it is clear that the recent attack on the NHS represents a setback to confidence in the security of information in our public services. Although I will support the Government’s motion and am inclined to support the Conservatives’ amendment, which welcomes the strategies of the UK and Scottish Governments, I want to mention the recent report of the UK Parliament’s Public Accounts Committee, which said that the UK Government needs to “raise its game” in this area and described significant skills shortages and the chaotic handling of personal data. In Scotland, we have the well-documented problems with i6 at Police Scotland and the problems at NHS 24, which raise questions of confidence in our infrastructure.
I appreciate that the Government has committed to providing a public sector action plan that will develop a set of guidelines and standards for all public sector bodies. However, as our amendment makes clear, investment is necessary to ensure that we can withstand future attacks. Improvements in infrastructure, investment in expertise and advice and the capability to build resilience all take resources, and it is difficult for our public services to prioritise when there is so much pressure on service delivery. The national cyber-resilience leaders board’s action plan is due to be approved by ministers in June, and I hope that Parliament will have the opportunity to scrutinise and monitor the plan’s implementation.
When it comes to cyberattacks, we in Scotland must not stand alone. We need to work across the UK and beyond to understand potential threats, to learn from best practice and to halt attacks as and when they strike. That process must begin with the recent attack on our NHS. We must ask why our hospitals and health centres were affected while the NHS in Wales was not. Did Wales take better pre-emptive action? Did the Scottish Government provide adequate instructions on cybersecurity prior to the attack? Was the issue given sufficient priority around the Cabinet table? I hope that those questions will be addressed by the Government in the closing speech.
According to the Government’s strategy,
“Cyber resilience is being able to prepare for, withstand, rapidly recover and learn from deliberate attacks or accidental events in the online world.”
With the attack on the NHS, we know that Scotland is not yet fully prepared to withstand such attacks and, although it has appeared to recover and deserves credit for that, we must now ensure that we are able to learn.
The world is increasingly moving online. From socialising to shopping and learning to leisure, the public—old as well as young—are conducting large parts of their lives online. As local politicians, we know that many high street banks are closing; the argument is made that most transactions now take place online. That is true for our businesses and organisations: millions of pounds’ worth of transactions take place online every day.
Cybercrime is a threat that we are all aware of, but it is also one that we believe to be underreported. It can be prevented if the right security, firewalls and precautions are in place, but computers, data and personal details are often left inadvertently exposed. We would not leave the front door or the car unlocked, but computer systems are left wide open in exactly that way. As part of my research for the debate, I found out that Britain ranks below Brazil, South Africa and China when it comes to keeping phones and laptops secure, which is a concerning statistic. Around 80 per cent of cybercrime can be prevented if we just get the basics right. That involves having strong passwords; downloading, installing and—crucially—updating security software; protecting our mobile devices and wireless networks; and being aware of suspicious emails, which often claim to be from reputable sources.
As much as we must look to individuals and businesses to take responsibility, we must ensure that here in Scotland we have the resources to tackle such crimes once they take place. We are currently in the middle of the policing 2026 strategy, and cybersecurity is one of the major challenges facing Police Scotland. We need to ensure that the right people are being recruited to fill the right roles. There is a clear need for a balanced workforce in our policing, and efforts to tackle cybercrime would benefit from that.
We also need the best minds; after all, the recent NHS situation was resolved by a self-taught individual, and we must ensure that such people can work with Police Scotland to support our agencies in being cyber-resilient and able to avoid and tackle cybercrime. Last year, I visited the Scottish crime campus at Gartcosh, which is a world-leading facility hosting specialist crime fighters. It is proof of what can be achieved by setting high-quality, highly skilled jobs alongside the right resources, but, as we know, Police Scotland is facing a significant financial challenge. We need to ensure that all our public services—from the NHS, which was attacked earlier this month, to Police Scotland—have the proper resources and investment to withstand, prevent and tackle cybercrimes.
Finally, partnership is so important, and the Scottish Government must work with the UK Government and other devolved Assemblies and agencies throughout the UK to ensure that we have the capabilities, the knowledge and the resources to keep us all safe and secure online.
I move amendment S5M-05733.2, to insert at end:
“; supports investment in public services to ensure that they are well resourced and flexible to withstand future attacks, and calls for the Scottish Government to work with partners across the UK to ensure that Scotland has the capabilities, knowledge and resources to keep people safe and secure online.”
The Deputy Presiding Officer:
Thank you very much. We now move to the open debate, and I call for speeches of six minutes.
15:41
Stewart Stevenson (Banffshire and Buchan Coast) (SNP):
On 9 February 1984, we saw the launch of the first real-time, high-value money transfer system: the clearing house automated payments system, or CHAPS. I was the project manager for the Bank of Scotland, which was the first bank ready to implement. I well remember our excitement later that year when we made our first real-time, irrevocable payment of over £1 billion pounds. By 2011, the system had processed £1 quadrillion of transactions—in other words, a thousand million million pounds, or a 1 followed by 15 zeros.
To secure the transactions, I had to gain permission from the US Department of Defense—and sign my life away—to use what was categorised as weapons-grade encryption and digital signing software. It operated from within a black box that self-destructed if someone attempted to open it to examine its contents. The technology was—and is—as secure as one could possibly imagine, and the objective today should be to ensure that every business and individual is in possession of similarly impenetrable security. We are, but we do not all choose to implement it. My point, however, is that even if we do so, we do not necessarily use it in a way that allows it to be as secure as we might imagine it to be. For the most part, it is not the technology that fails; it is humans who fail.
The motion says that
“citizens ... must be aware of the risks”.
Indeed, in his opening remarks, John Swinney said that this should not be the responsibility of the Government alone. The history of human failure to properly use secure data systems goes back a very long way. Two thousand years ago, slaves had their heads shaved. A message was written on their scalp; the hair grew back; and the slave and the message were sent elsewhere. That was all well and good—until people realised what method was being used. Having a secret method provides no real security, and that remains true today.
Indeed, effective data security systems rely on their having been published and scrutinised to confirm that their methods are sound. However, we need to keep the keys secret and change them frequently. In the 16th century, Mary Queen of Scots used a two-cover system to protect her confidential messages. The first was a secure box with two locks and a key for each—she had one key, while the other was held by the recipient; and no one else had access to either key. Mary put her message in the box, she locked it and then it went to the recipient, who used his key to lock his lock. The box came back to Mary, who unlocked her lock, and went back to the recipient, who unlocked his. It was a secure system for transmitting a message from A to B in the 16th century, because nobody shared the key or had access to it.
The second aspect of the system was encryption of the message inside the box through a letter-substitution system. However, that is where Mary fell down. She thought that the system was totally secure, because transmission was secure, but when the message came out of the box, she forgot that it was now a bit of paper that was available to anyone who might be passing. Queen Elizabeth I picked up one of her messages and was able to unscramble it, and it formed part of the evidence at Mary Queen of Scots’ trial, which caused her to be executed. Data security is quite important.
Napoleon had le grande chiffre—the great code. Common letters of the alphabet were not always coded in the same way, so that people could not break it by analysing frequency. However, encoders started to use some of the spare codes over and over again, as place names for where the fighting was, in order to save time and effort. Wellington’s code-breaker was a guy called George Scovell and, because of the weak way in which that good system was used, he managed to break in. When Wellington got to the battle of Waterloo, he knew what Napoleon’s plans were and that led to the end of an empire. Again, that was human error.
The Enigma machine, which the Germans thought was unbreakable until 1945, was actually broken by the Poles in 1932. Bletchley Park broke a later, improved version because, every day at 6 am, the Germans sent out an encrypted weather forecast. The fact that it was in the same format and at the same time every day enabled people at Bletchley Park to break what should have been a very secure system—of course, they had to do lots of other good things as well. Once again, there was human error.
Most of us know how to drive a car, but rather fewer of us know how the mechanical bits work or how to fix them when they fail. Most of us also know how to use a computer and perhaps even use the security functions that are provided with it. However, as with a car, if we do not get an expert to service it regularly or to fix it when it fails, disaster will loom. All businesses should have regular security check-ups. They will not be free, but the cost of not doing them will be even higher. It is like insurance; it is a product that a business cannot just buy when it wants it—when its reputation is trashed and its customers have flown, paying a little bit once a year will seem very cheap.
My final example of a security problem is from the modern world. I bought a good-quality second-hand car, as I usually do, and it had all the gadgets, including a Bluetooth connection for my phone. That is good technology, but an unaware previous owner of my car had left his phone’s entire contact list in the car’s memory. Do members realise that they could do that, too? I am a good guy and I deleted it, but suppose the chief executive—
The Deputy Presiding Officer:
You are such a good guy that you have to wind up now, intriguing though this is, Mr Stevenson.
Stewart Stevenson:
In that case, Presiding Officer, let me caution chief executives and chairmen of companies not to use Bluetooth in their cars unless they know how to delete data from the memory. I am a good guy and I deleted it, but not everybody is as honest and trustworthy as I am.
The Deputy Presiding Officer:
Oh my goodness, Mr Stevenson, I cannot wait for your book to come out: “Facts You Didn’t Know But I’m Going to Tell You Anyway.”
15:47
Donald Cameron (Highlands and Islands) (Con):
I refer to my entry in the register of members’ interests and the fact that I am on the board of two companies that invest in healthcare technology.
It is significant that, on a day when we are all still digesting the horrific news of a violent physical attack on our country, we are debating the need to protect ourselves from cyberattacks. The Deputy First Minister mentioned that, and I entirely endorse what he said.
Although nothing can surpass the tragic loss of so many innocent lives that Manchester witnessed, it seems to me that one of the greatest challenges that we face as a society is the sheer number and variety of threats that we must now guard against. Our enemies come in many forms, from the deadly and murderous suicide bomber of Monday night to the sophisticated cyberwarriors of two weeks ago. The ransomware attack on IT systems, which affected some 200,000 computers across 150 countries, was certainly one of the most unprecedented attacks that we have ever seen.
My comments will concentrate on our NHS, the attack on which was nothing short of spiteful, especially given the delays to patients’ treatment across the UK, and particularly in England. In Scotland, we were relatively lucky in that only 1 per cent of electronic devices were affected and the number of people whose operations required to be rescheduled was minimal. However, any delay to an operation, appointment or treatment as a result of the attack was frustrating, to say the least. Thirteen health boards were affected, and some GP surgeries.
The Cabinet Secretary for Health and Sport swiftly made a statement last week, and I am grateful for the clear manner in which she presented the known facts. Like her, I welcome the fact that there have been no reports of patient data being compromised.
I would also like to pay tribute to the IT staff in the NHS who worked extraordinarily hard to get all the affected systems back up and running. As was reported last week, very few people knew how to fix the problem, but it is a testament to those who were able to overcome it that they did so, so quickly.
I also want to thank our front-line NHS staff, who carried on serving the public as normal even if it meant a lesser reliance on IT systems to do the job. They should all be commended. The Health and Sport Committee heard yesterday from the Scottish Ambulance Service that there had been no operational impact and no loss of patient data during or after the attack.
It is plain that there are several aspects of the attack that need to be tackled, in order to ensure that future attacks can be thwarted as early as possible. Naturally, we cannot expect to prevent every attack, but as our reliance on various forms of IT continues to grow, so too will the likelihood of cybercrime. The cyberattack could have been far, far worse, and it is clear that we need to do more to ensure that our IT systems in the NHS are up to date and that we can respond to future attacks as effectively as possible.
According to the Scottish Business Resilience Centre, cybercrime cost Scotland around £394 million in 2015-16. It is an exceptionally lucrative market for those who know how to code and wish to use their talents to act maliciously. That is why we need to be on guard, but we also need people within our NHS and the wider public and private sector who possess the relevant skills to combat attacks, as and when they happen. That in turn requires people who are able to stress-test IT systems continually, so that they are protected from new viruses and malicious attacks.
I am sure that others, like me, received an interesting briefing from the University of Abertay on that point. It said that defensive cybersecurity is already fairly well established in both undergraduate and postgraduate programmes at university, with skills such as cryptography and intrusion-prevention being taught. However, it points out that offensive cybersecurity courses are not as common, and that there is a real need to consider investing in that particular avenue of learning. It says, quite simply, that
“the best way to catch a thief is to think like a thief”.
While it is clear that major ethical questions will arise, particularly in giving a new generation the skills and abilities to hack maliciously, degree programmes such as that might help to fill a skills vacancy that is all too evident across Scotland, Britain and the wider world.
Turning back to the NHS, I will focus on why the issues that I have mentioned are particularly pertinent. We know that many of our NHS health boards continue to use out-of-date software, which in many cases cannot be updated for fear of having a negative impact on the technology that is used to serve and heal patients, such as magnetic resonance imaging scanners. That software, and that updating, needs to be reviewed. The Cabinet Secretary for Health and Sport stated last week that she would seek to ascertain whether health boards have regular patching regimes in place. It would be interesting to understand whether that is indeed the case, and I hope that the cabinet secretary will report back to Parliament with an update on that in the near future.
It is abundantly clear that lessons need to be learned. Now is not the time for political posturing on the issue, but for all of us to debate, as we have, the actions that are required to ensure that such incidents are dealt with swiftly without causing public fear and panic. We must take every precaution possible to protect one of the most vital public services—the NHS. Fundamentally, I believe that long-term solutions are required for an issue such as this; short-term fixes simply will not suffice. We need to be constantly aware—let us learn from that incident and improve things.
15:53
Liam McArthur (Orkney Islands) (LD):
Dr Christopher Frei, Secretary General of the World Energy Council said 12 months ago:
“We’re in the stone age of cyber security”.
That was his assessment. He went on to add that
“Real learning will only come after the 1st major incident”.
Whether the recent global cyberattack will act as a catalyst for the real learning that Dr Frei talked about remains to be seen, but it is abundantly obvious, as all speakers have acknowledged, that this is an area that will demand far greater attention in future than it has perhaps commanded to date.
In that context, I welcome the opportunity to take part in this debate on creating a cyber-resilient Scotland and I confirm that the Scottish Liberal Democrats will support the Government’s motion at decision time. Unfortunately, due to a funeral back in my constituency, I will be unable to stay until the end of the debate and for that I apologise to you, Presiding Officer, to the cabinet secretary and to my MSP colleagues.
John Swinney’s motion makes a number of important points about the serious threats that are posed and the need for far greater vigilance on the part of individuals and organisations, and he reinforced those points in his remarks. I also welcome the amendments that were lodged by Jamie Greene and Claire Baker, which helpfully reinforce the need to improve the way in which we report on and capture the scale of cybercrimes, as well as the importance of building resilience across our public services and ensuring the closest possible working and co-operation between the UK and Scottish Governments and their partners. Without those elements at the core, our collective ambition to create a safe, secure, prosperous and cyber-resilient Scotland will inevitably be frustrated.
In the brief time available to me, I will concentrate my remarks on those and related areas. It is worth acknowledging at the start that there are two types of cybercrime. There is that that uses computer software as the tool and the end target for attacks, such as the recent ransomware attack that caused so much disruption, notably across our health service—I pay tribute to those in the health service for their endeavours in that regard. There is also cyber-enabled crime, which uses computers simply as a conduit for criminal activities that also take place offline, such as identity theft and money laundering.
It is safe to say that cyberattacks across the board have been on the increase in recent years. Unfortunately, we appear some way short of being able to assess the true extent and scale of those attacks. As Her Majesty’s inspectorate of constabulary in Scotland highlighted in its crime audit last year,
“There is currently no comprehensive data on the extent of cyber-enabled crime in Scotland”.
It went on to recommend that Police Scotland develop the ability to tag all incidents and crimes that have a cyber element and that it assess the demands on policing in Scotland. Since HMICS carried out its audit, it has acknowledged that police officers have now been instructed to tag crime reports with cybercrime markers, but that still does not appear to extend to cyber-related incidents. Indeed, as recently as November last year, the Cabinet Secretary for Justice acknowledged in response to a parliamentary question from me that
“work is required to improve the evidence base on cybercrime”.—[Written Answers, 29 November 2016; S5W-4784.]
He also acknowledged that work is needed on the way in which such crime is defined, recorded and reported.
We are not clear on the extent to which Police Scotland’s failed i6 programme is inhibiting the force’s ability to track and combat cybercrimes. It has certainly deprived Police Scotland of the cost savings promised by ministers at the time of the merger of the previous forces, and that in itself will make more difficult the task of matching police resources to the scale of the cyber challenge.
The Scottish crime recording board has been asked to consider the extent to which current crime recording practice adequately captures the scale of cyber-enabled sexual crime and victimisation, particularly for children and young people. It would be helpful if the justice secretary, in concluding the debate, updated Parliament in that regard. In the meantime, we perhaps need to take care in talking about lower levels of crime overall if we are still unsure about the extent to which there has been a shift online rather than a reduction. Even now, there seems to be enough evidence to suggest something of a displacement effect, with all the challenges that that presents through issues such as identification, recording and investigation.
As I said, John Swinney is absolutely right to emphasise the need for increased vigilance and care on the part of individuals. We all have a responsibility to do what we can to protect ourselves, albeit that some will inevitably need more help in achieving that than others. At the same time, however, the way in which Government and public bodies treat personal data and information requires greater care and consideration. Mr Swinney will be aware of the concerns that Scottish Liberal Democrats had about the Scottish Government’s recent plans to create a superidentification database. Those concerns were shared by independent experts as well as the public. It is not acceptable to sacrifice personal data in the interests of administrative efficiency, so I very much welcome the recent change of heart on that.
There seems to be growing recognition of the importance of the issue among organisations and businesses. However, as the Association of British Insurers points out in its briefing, although awareness levels among businesses about cybersecurity is high, only around half of them have the basic technical controls necessary. Moreover, although preventing such attacks has to be the priority, when they occur, it is imperative that organisations and businesses have the advice, support and wherewithal to recover as quickly as possible.
Not surprisingly, the ABI makes the case for the benefits of cyberinsurance, but it is worth acknowledging, as the Government did in its 2015 strategy, that we are fortunate in the UK to have an innovative cybersecurity, goods and services industry that can help us to meet demand not just here, but globally. For that reason, I hope that the Government will agree that it is in all our interests to ensure that that sector, alongside the work being done in our world-class research community, is nurtured.
In an increasingly digital age, our future prosperity depends on our ability, individually and collectively, to embrace and make the most of digital technologies. Although those technologies open up a bewildering array of opportunities, so too do they expose us to new risks. Preventing risk completely is as impossible in the digital arena as it is anywhere else, but we can and must minimise the risks by raising awareness, being vigilant and building resilience. I welcome the opportunity for Parliament to reinforce that message this afternoon.
16:00
Clare Adamson (Motherwell and Wishaw) (SNP):
I declare an interest as a member of the British Computer Society, and I associate myself with my colleagues’ remarks on the appalling incident in Manchester this week.
Richard Phillips Feynman was an American theoretical physicist who was known as a pioneer of quantum mechanics and quantum computing, and for introducing the concept of nanotechnology. He was also awarded the Nobel medal for physics. During his lifetime, Mr Feynman became one of the best-known scientists in the world, and the British journal Physics World ranked him as one of the 10 greatest physicists of all time. He assisted in the development of the atomic bomb during world war two, and in the 1980s he became widely known to the public as a member of the Rogers commission, which investigated the Challenger space shuttle disaster.
I would like to highlight Mr Feynman’s experience at Los Alamos and his earlier adventures. Mr Feynman was a joker and a mischief. To pass the time while working on the Manhattan project, he grew interested in locks and security. As he was working on perhaps the most sensitive project in human history, he took it upon himself to probe the security around him. That was a cause of much frustration and annoyance to the great and the good, but he believed that he was providing a necessary check to their balances. Today, we might describe Mr Feynman as a friendly ethical hacker, but I am sure that his bosses described him as something else.
Richard Feynman did not understand how to crack safes, but he knew how to break a security system at its weakest point: the human element within it. If the Presiding Officer will allow me, I will highlight just a few of the human vulnerabilities that he exposed and detailed in his essay “Safecracker Meets Safecracker”.
Mr Feynman could pick locks. He said:
“All the secrets of the project—everything about the atomic bomb—were kept in filing cabinets”
that were locked with three-pin padlocks, which
“were as easy as pie to open.”
After he exposed the weakness of the first set of filing cabinets, they were replaced. Mr Feynman discovered that when the new cabinets were left open, it was easy to identify the first two digits of the combination lock—indeed, it was as easy as pie. After about two years of practice in Los Alamos, he was able to do that within seconds, and to do it on the Manhattan project safes, which had the same locking mechanisms as some of the filing cabinets. He discovered that when a safe was left open, he could find out at least the first two digits of its combination.
Mr Feynman understood humans as well, and he knew that, more often than not, the combination would be significant to the person who set it. Having got the first two digits, he was able to look at significant dates for the people involved and their family, and then guess at the locks’ combinations. He also knew that people wrote down lock codes. Even if they used a cipher, they would almost always use a common mathematical cipher, which he could decipher because he was a mathematical genius. He also discovered that people frequently used the same combination for different locks.
When speaking to a senior military officer while visiting a uranium storage facility at Oakridge, Mr Feynman explained the dangers of leaving the cabinets and safes open. When he returned a few months later, hoping to see new security measures in place, he discovered that he had been identified as the problem. He was no longer allowed to be left alone in a room and he was accompanied at all times, but there was no instruction to keep cabinets and safes locked.
Mr Feynman’s most significant discovery, which perturbed him because he thought that he had discovered a safe-cracker, happened when he was asked to open a safe that had been locked by a military commander who was no longer on site and which needed to be opened immediately. It was his greatest challenge, so he was very excited, but when he entered the room he discovered that the safe had been opened by a technician. After months and months of worry, with attempts to work out what had happened and discussions with the chap to get to the bottom of it, eventually all was revealed. The default setting of the safe when it was delivered by the manufacturer had never been changed, and the technician knew what the default setting was.
That highlights issues around passwords being reused, systems being left unsecured and default settings being left. Anyone who was affected by the phone hacking scandal knows how easily those things have been used just recently.
There can be a false sense of security from having a physical safe in the corner or hearing that little tick on antivirus software. There can be a failure to implement the solutions when the threat is revealed.
All that tells us that, if we do not understand the threat, we cannot protect against it. The British Computer Society has produced a number of leaders briefings and strategy documents. Part 2 of the society’s most recent set is on security. There are five tips, none of which is about computing. They are all about humans, and they concern leadership from management, cybersecurity policies, face-to-face delivery of training and a culture of openness that allows people to admit when they have made mistakes. It is a human problem that requires a human solution.
16:06
Anas Sarwar (Glasgow) (Lab):
As events this week so tragically demonstrate, there are people who will wilfully seek to attack, in various ways, individuals, communities, our services and the nation’s vital infrastructure. In the area of cybercrime, it is increasingly apparent that threats and potential threats are becoming ever-more organised and, sadly, effective.
What we saw happen 10 days ago was not a random or one-off attack on the nation’s infrastructure; rather, it was the result of a predetermined and, indeed, determined act by organised forces. That is why our response and preparedness to deal with such attacks must also be determined. Eleven health boards were affected, as was the Scottish Ambulance Service. Planned procedures were cancelled. People were asked not to visit A and E unless they needed urgent and immediate action. The response from the Scottish Government was swift, although I fear that it was too late. We had been warning the Scottish Government for some time of the need for proper preparedness on the part of Scottish public bodies to the growing threat of cybercrime.
In December 2016, freedom of information requests found that more than half of our NHS boards had been subject to ransomware attacks. At that time, we called for an urgent review of cybersecurity. As recently as January, there was a similar attack on Scotland’s NHS staff, with their details being hacked. On 25 January, ministers were informed of that attack and data breach. Again, we called for a review of cybersecurity.
My colleague Richard Simpson, who is no longer in the Parliament, had regularly been asking questions on cybersecurity, specifically on Windows XP, as far back as 2010. Despite those questions, it appears that little or no action has been taken by the cabinet secretary or fellow ministers. That is quite alarming. It is also disappointing that the Cabinet Secretary for Health and Sport is not in the chamber, given that a direct attack was made on our NHS infrastructure.
I have a few specific questions that I hope the Deputy First Minister can address, and I would be happy to take interventions from him if he wants to respond directly on them. It is in all our interests to get this right.
First, why was the NHS in Scotland adversely affected by the recent cyberattacks, whereas the NHS in Wales was not? Why do we still have antiquated computer systems in our public sector infrastructure when we would not expect to have them in our homes, in our parliamentary offices or indeed here in the chamber?
Why was pre-emptive action not taken, as was done for example in Wales and which helped to prevent the cyberattacks there? What specific warnings or advice has the cabinet secretary issued to NHS Scotland to ensure that adequate resilience against cyberattacks is in place? When was any such advice given and, if it was given, will the cabinet secretary publish it as it would be welcomed by other institutions that might also face similar attacks?
What additional resources has the Scottish Government allocated in 2016-17 to specifically improve security against cyberattacks on NHS Scotland, on Scottish Government departments, and on all other agencies and organisations for which the Scottish Government has responsibility?
It would be interesting to know whether any agency or department for which the Scottish Government has responsibility has ever paid any ransom to those responsible for ransomware attacks. What advice has the Scottish Government issued on the required response to ransom demands from those responsible for cyberattacks and will that advice be published?
It is clear for all to see that the attack could have been prevented or less destructive if we had been better prepared and better resourced. The past 10 days have acted as a wake-up call to us all.
The Government has said that it will develop a set of standards and guidelines; I welcome that, but I say with regret that doing it by 2018 is not ambitious enough. Surely we can all do better than that. These are immediate attacks that are affecting our institutions right now, so 18 months is too long to wait before setting out robust guidelines and standards. I hope that the cabinet secretary will address that point in his closing remarks.
In its first three months, the national cybersecurity centre’s chief executive officer reported that the centre had handled 188 high-level cyberattacks. It has also been reported that the centre has blocked 34,550 potential attacks on Government departments and members of the public in the past six months—that is 200 cases a day. I do not think we should be waiting 18 months to put a strategy in place. We should also be quicker in moving towards accreditation of all public sector organisations to make sure that they have the essential minimum standards in place so that they can respond in a much clearer and more consistent way.
I hope that the Deputy First Minister and the Cabinet Secretary for Justice will address those issues head on. I hope that they have listened to my genuine concerns about what is happening around our infrastructure, that we can end the catalogue of IT failures that we have seen across the public sector, and that we can focus and make sure that such attacks do not happen again.
16:12
John Finnie (Highlands and Islands) (Green):
The motion, which we will support tonight, calls on
“everyone to secure their technology”,
and that is wise advice. We all know about the steps that we can take for personal security; we have been given guidance from Police Scotland. Most of us know roughly what to do about cybersecurity, and the cabinet secretary highlighted some of the training that has been done to inform people for the future.
However, I am concerned about the whole IT industry, to be perfectly honest. I was told that the equipment that I use in here would have to be replaced because we no longer support older versions. When it comes to IT, it is clear that others tell us what to do and the price that it will cost us. That is consumerism writ large. Stewart Stevenson’s car analogy does not therefore apply, because they would not say, “As of next year, we will stop repairing your car and you won’t be able to get spare parts for it.” That knocks out the standard procedure that we should all go through of inspecting, repairing or replacing something.
Stewart Stevenson:
They do.
John Finnie:
I am told that they do, so if that is the case, it is a further example of consumerism. The fact is that these corporations are holding us to ransom.
Cybercrime is underreported and it is important that we assess all risks and put in place mechanisms to reduce those risks. The risks are largely known, and many believe that the source of the risks that turned into the recent attack was also known. Specific hacking tools in the attacks were developed by the US National Security Agency. I would have to ask whose interests are served by such action. The tools were recently leaked by a group that was thought to be pre-empting retaliation by the US security services for the hacking of the Democratic national committee in the run-up to the presidential election. That might sound like a movie plot, but it had a significant effect.
A number of people have talked about the NHS being targeted, but that was not the case, and how we frame the attack is important. We should, quite rightly, ask those whose starting point is that the NHS was targeted why people would attack a health system. The NHS was not attacked, but its Windows vulnerability was targeted. Like many, I thank the public servants who responded so positively to that.
Regardless of where people were, this was a global attack and something that will require international co-operation. Something like the attack was widely expected. I will quote my colleague Patrick Harvie, who has said:
“the resilience of systems needs to be thought of more in line with public health than acute care”.
That is a health analogy that has some relevance. The security services and the Ministry of Defence will no doubt assure us that they have appropriate protection levels. Indeed, we heard from Stewart Stevenson earlier that a number of decades ago weapons-grade encryption was entirely possible as far as finance was concerned. There is no doubt a big cost associated with that, but we know that when a Government is prepared to spend over £200 billion on replacing a weapon system, money is not a problem.
As I said, we also know that we need to assess the risks. In that regard, I commend to members the report by the Jimmy Reid Foundation called “No Need To Be Afraid”. The motion talks about “safety, security and prosperity”, which is entirely right, and we know that in liberal democracies across the world the risks are all the same. The first and foremost one is cyberattack and the secondary ones relate to climate change and access to food and water, then onwards to individuals acting alone, none of which Trident would address. We should therefore be careful how we frame this debate.
We need a free and open internet, and it is the role of Government to protect its citizens from undue surveillance and cyberattacks, because the surveillance results in the state and the private sector using data and metadata to monitor and manipulate citizens.
Jamie Greene:
I am intrigued to know what the Green Party’s position is on the Government being able to access encrypted data that we know is being used for terrorist purposes.
John Finnie:
The Green Party is supportive of all reasonable measures to do that, but it is about proportionality. The level of surveillance that is being suggested by the UK Government—indeed, the level that takes place at the moment—does not help things at all. Taking people with us is the way to deal with things. The level of surveillance has the potential to impact on democratic participation as well, which is about more than just voting.
I have been encouraged to talk about the Shadow Brokers, who are apparently
“a group of hackers who dumped a set of files a collection of several alleged NSA hacking tools for Microsoft Windows systems, likely including multiple unknown exploits, or zero-days.”
Members can see that I am reading aloud about something that I do not know much about. Apparently, a
“Zero-day is a bug that’s unknown to the software vendor, or at least it’s not patched yet, meaning it’s almost guaranteed to work.”
We need to have international co-operation and we need to understand the relationship between the expenditure of public money and IT systems. As our “Digital rights are civil rights” document concludes,
“It should not be left to the Googles and Apples of the world to dictate the future and entice the rest of us to come along for the ride; government and society must create the space for shared consideration of the challenges and opportunities which lie ahead.”
16:18
Willie Coffey (Kilmarnock and Irvine Valley) (SNP):
There is nothing new or surprising about ransomware and the havoc that it can cause to vital data and computer systems. What is probably more worrying is that organisations were caught out by the latest one. Talk to software people and none of them will be surprised at all at its extent or the speed with which it managed to propagate itself around the world. It did not specifically target our NHS and it got through to about only 1 per cent of its systems, but that was still about 1,500 systems in total that should not have been exposed.
The WannaCrypt malware that caused the problem is basically in the same class of ransomware that has been doing the rounds for years, starting with the AIDS Trojan in 1989, which encrypted file names but not the data itself. Even then, the demand was that a ransom be paid to restore the file name encryption back to normal. This current one was both a Trojan that masquerades as something else that is recognisable and a worm that propagates itself around the network looking for hapless victims without the protection that they need. It is of little surprise that it had such a quick impact and was so widespread.
Interestingly, the virus software contained what is called a kill switch, which is a simple line of computer code that checks whether a web address is registered and can be located on the internet; if it is, the virus does not activate itself. As I understand it, that is how the virus was spotted and then stopped. The web address was simply registered, which stopped the virus from further executing.
So why did it happen at all? It was simply because some computer systems were out of date and were not protected from the virus. It is a wee bit like forgetting to modernise the locks on our doors and windows or the alarm systems in our house, when the clever burglar is outside with more sophisticated means than ever before of bypassing them to gain entry.
It was no surprise that this occurred, and I have no doubt that it will occur again. We have to stop using outdated computer systems that are no longer protected but are still connected to servers and networks. Data-critical systems should be upgraded and we must make sure that we regularly accept software security patches that are on offer. In fact, I do not think that it is possible to turn off Windows 10 security updates—some experts in the chamber might be able to advise us on that.
To protect data itself, experts suggest adopting what they call a 3-2-1 back-up strategy. That means that we should have three copies of all our data, two of which are on local devices but different mediums and one of which is off-site somewhere in case of the obvious risk of physical damage to or loss of the premises.
There is an on-going debate about the role of the National Security Agency in the USA, which John Finnie mentioned. It is claimed that the NSA knew about the malware some time ago but did not tell Microsoft about it to allow it to fix the problem. Microsoft had already stopped providing security updates for Windows XP around 2014, so anybody using XP was increasing vulnerable. Ironically, the NSA was then hacked and its data was dumped online, exposing that vulnerability, which was duly exploited by the malware writers—the result was what happened earlier this month.
That clearly raises serious questions about data security, even within Government agencies in the USA, and whether there should be a presumption in favour of protecting systems as soon as a threat is known or whether it is acceptable to withhold information about cyberattacks in the interest of intelligence gathering.
Members might be aware that, a year tomorrow the European Union’s general data protection regulation, which the cabinet secretary mentioned, will come into effect. I anticipate that the Scottish Government’s action plan, which will be published next month, will embrace that and offer guidance to all our public sector data users. I am pleased to note, too, that the UK Government will implement the EU regulation, despite its intention to leave the EU. That is perhaps another example of how we cannot really leave the digital single market in Europe. The regulation applies to data controllers and processors. If someone is covered by the Data Protection Act 1998, it is likely that they will also be covered by the GDPR.
The regulation covers such things as an individual’s right to be informed, rights of access, the right to have errors rectified and the right to have personal data deleted if one requests it, which is sometimes known as the right to be forgotten. Crucially, in the context of today’s debate, article 5 of the regulation sets out the data security requirements.
There are clearly many difficult challenges for all organisations that control and process personal data. From what I can see, any breaches of the regulation could result in fines of up to €20 million or 4 per cent of one’s turnover, whichever happens to be greater.
Data security is increasingly important in the modern world in which we live. With risks ranging from the lone hackers who might engage in attacks for mischief to the organised international criminals and terrorists who might be financially or politically motivated, the challenges are real and the risks are substantial. Good resourcing and planning, intelligence, vigilance and keeping systems and data up to date and safe are probably our best and only lines of defence against the inevitable further attempts to control our data that will surely come our way soon. Let us hope that we are ready for all those challenges when they come.
16:24
Liam Kerr (North East Scotland) (Con):
Digital technology is at the centre of our lives, our society and our economy. Whether it is new tech start-ups developing apps in the garages of suburbia, stock markets where money flies between countries in the blink of an eye, smartphones that we are glued to, or the internet of things, with every new breakthrough it can seem that the opportunities are endless. However, with opportunities come challenges—and threats.
The recent WannaCry ransomware attack was the biggest of its kind in history and demonstrated again the need for urgency and vigilance. It hit between 200,000 and 300,000 computers in 150 countries around the world—computers that were being run by organisations as varied as Renault, Deutsche Bahn, Telefónica, FedEx, Russia’s Ministry of Internal Affairs and, of course, the NHS across this country. The attack showed just how digitally interconnected we are, the risks that arise and how anyone, anywhere can be a hero—or a villain. It was a damaging and cowardly attack, and those who are responsible must be held to account.
The reasons why people hack are various, and there is no one type of cybercriminal. They could be the bored adolescent, testing their new skills against security systems. I saw in relation to the WannaCry attack that some experts suspect that one teenage hacker was responsible. They could be organised gangs pursuing fraudulent or illegal deals online, or they could be politically motivated hackers trying to find and leak state secrets. They could be state or commercially sponsored spies trying to grab classified papers. In that regard, according to today’s The Times, North Korea has emerged as a credible suspect for the WannaCry virus. The hackers could be terrorist groups looking to hack at the very fabric of our society.
Accordingly, attacks can be hard to predict, detect and destroy, which is why cyber-resilience is so important in preparing for attacks and building up firewalls brick by brick and code by code, for withstanding an onslaught when it comes, for rapidly recovering from an incident, and for learning from attacks so that they are not repeated.
As Donald Cameron did earlier, I note Abertay University’s briefing suggesting that we refocus and move from an overly defensive approach that involves cryptography and intrusion prevention to an approach that involves organisations looking at offensive cybersecurity and engaging security agents who think and act like malicious hackers and use the same tools and techniques. If that proposition is accepted, we have a need to train those people. That suggestion is worthy of consideration, so I note with interest that university’s proposals on an industry cluster cyberquarter in Dundee, and the cabinet secretary’s earlier comments about the University of Edinburgh.
Who is responsible for keeping us safe and secure online? In a way, we all are—individuals and businesses. However, the Royal Society of Edinburgh suggested in 2015 that 30 per cent of Scots lack basic digital skills. I would be interested to hear from the Government, in the cabinet secretary’s closing speech, how that will be addressed.
According to the Scottish Business Resilience centre, 42 per cent of Scots use the same password for multiple accounts, and many did not change it when they were advised to after a security breach. As individuals, we can create stronger passwords, update software, install antivirus software, use screen locks on our mobiles and exercise caution on public wi-fi.
Liam McArthur was right to refer earlier to the Association of British Insurers’ document, “Making Sense of Cyber Insurance: A Guide for SMEs”, which states that, although 74 per cent of businesses say that cybersecurity is a high priority, only 52 per cent have the basic technical controls that are outlined in the Government’s cyber essentials scheme.
A UK Government survey estimated that, in 2014, 81 per cent of large corporations and 60 per cent of small businesses suffered a cyberbreach, with an average cost of between £600,000 and £1.15 million for large businesses and £65,000 and £115,000 for small and medium-sized enterprises, and that 66 per cent of businesses did not consider their businesses to be vulnerable to cyberthreats in the first place.
Of course, the Scottish and UK Governments have a significant role to play, along with the public sector more generally, in leading by example. The Conservative amendment rightly welcomes the fact that both the UK and Scottish Governments have published cybersecurity strategies. As the UK Government’s recent strategy puts it, we need to “defend, deter and develop” in relation to our cybersecurity capabilities. We should be factoring cyber-resilience in to all new services and encouraging sharing of information about threats.
We should strengthen our critical national infrastructure sectors including energy, transport and the wider economy. Law enforcement must have the tools to track, apprehend and prosecute cybercriminals and to hit back, where that is appropriate.
Promoting awareness and education is key. Our tech-savvy children and young people should be encouraged to think about cyber-resilience. We should teach cybersecurity basics to the pensioner who is setting up online banking for the first time or Skyping their family overseas.
There are economic reasons to develop IT skills. An estimated 11,000 new IT jobs are needed each year to meet current demand, and average full-time earnings for tech specialists are 30 per cent higher than the Scottish average.
The events of a fortnight ago showed us the need for vigilance in, and the urgency of, protecting ourselves online. As everything in our daily lives becomes more connected, the challenges will only get more complex. However, there are practical steps that individuals, Governments and businesses can take to take the sting out of the tail of attacks and, ideally, to stop them happening in the first place. That is why I will vote for the motion today, albeit that I will also vote for the amendments in Jamie Greene’s and Claire Baker’s names, which rightly add to the debate.
16:30
Ash Denham (Edinburgh Eastern) (SNP):
We live in an age in which technology is fundamental for individuals, businesses and the public sector alike. Whether we are communicating with family and friends, accessing information, selling a product or providing social services such as healthcare, technology and the vast amounts of data that go with it are everyday components of our society.
Because technology has become commonplace, it is easy to overlook the security measures that are vital for defence against cyberattacks. Digital security is difficult to picture. It is not as palpable as locking the door against intruders and does not come with the urgency of a highly trained police and military force to protect against would-be attackers. However, as technology has become the norm, so too have threats from people who seek to use technology to inflict damage or harm. That is why, as the chair of the national cyber-resilience leaders board, Hugh Aitken, said,
“Cyber security is everyone’s business and we need to ensure all organisations have appropriate safeguards in place.”
Indeed, we witnessed the need for that nearly two weeks ago, when NHS computer systems across the UK were impacted by a cyberattack that reached most corners of the world. More than 200,000 computers across 150 countries were affected, including—as we have heard already—some of the biggest businesses including FedEx, Renault and Telefónica. Thankfully, no patient data from Scottish health boards were compromised, and steps were taken immediately to isolate computer systems that were affected by the attack. The ransomware that wreaked that global havoc—WannaCry, or WannaCrypt, as it is sometimes known—was stopped only after a security researcher from Devon found what is known as its kill switch.
The reality is that such cyberincidents and attempted cyberattacks will continue. It is no longer sufficient to be merely cybersecure; we must also be cyber-resilient. Organisations, businesses and the public sector must be prepared to respond, react and then get up and running again as soon as possible. Debi Ashenden, who is a leading cybersecurity professional and academic, uses the phrase “people and not patches”. Patches help to close loopholes that malware can exploit, but there is often a vulnerability in the workforce: employees can be targets, so turning them into the strongest line of defence is both important and possible.
The WannaCrypt ransomware exploited a vulnerability in the Windows server message-block protocol, but it likely gained entry via a phishing attachment or so-called social engineering, both of which use deception and are becoming more frequent and more sophisticated. According to data from Wombat Security Technologies, there were 1.2 million phishing incidents worldwide in 2016—up 65 per cent on the previous year. That research also found that work-related phishing scams are the most successful at getting people to click on them. Therefore, decisions that employees make every day can be instrumental in organisational cybersecurity.
Organisations can invest in employee education to improve their security. Simulation tools—which are short and snappy, include up-to-date, current scenarios and are run multiple times throughout the year—are ideal for improving employee awareness.
We all have a shared responsibility to ourselves, our families and our workplaces to ensure that the right protections are in place in the various technologies that we use. As we have heard, 80 per cent of cybercrime can be prevented by basic software updates, particularly for antivirus software, and by making regular or even daily system back-ups. Otherwise, it is like ensuring that the windows are shut and the door is bolted or even having a security guard posted outside and then accepting an unscheduled parcel delivery while being distracted by talking on the phone.
At national level, the antivirus vendor Cylance showed that not much is off-limits when it demonstrated hacking of the USA’s most popular voting machine and showed that tallies could be altered by outside interference. A national shield that would sit on top of existing cybersecurity systems, hunt for threat actors, analyse on-going events and behaviours, and then flag up suspicious activity may be needed. Avi Chesla of Empow described that as potentially an
“intelligent layer that sits on top ... observing”
and monitoring, which could be part of a defence infrastructure that would be able to collaborate and share information across national boundaries. That is important.
Following a meeting of the national cyber-resilience leaders board in Scotland on 16 May, delivery on an action plan to defend against potential cyberattacks in Scotland in the future was accelerated. That plan will include support for 121 public sector organisations to ensure that they get the proper training and accreditation that are needed to fight on-going cyberincidents.
The Scottish Government is taking steps to enhance resilience. Exercises are being organised for health boards and other agencies to learn lessons and mitigate the risks of future incidents. In addition, the Government’s refreshed digital strategy, which was published in April, will be supported by a £36 million digital growth fund over the next three years to help businesses to develop cybersecurity, data analytics and software engineering skills in their staff. Those positive actions will help us to achieve the Government’s goal of making Scotland a world leader in cyber-resilience, so that we approach threats with urgency, keep our data and networks secure, and stay aware of the constant cyber-risks and ensure that they never outstrip the benefits that technology brings to our society.
The Deputy Presiding Officer (Linda Fabiani):
We move to closing speeches. I call Mary Fee. You have up to six minutes, please.
16:37
Mary Fee (West Scotland) (Lab):
In discussing our shared ambitions to make Scotland a safer place online, I want to start by talking about issues that are still very raw and emotional, given the past 48 hours in Manchester. My heart is with the families of the young people whose lives were cruelly taken, with the injured, and with the people of Manchester. The response that immediately followed the senseless bombing shows the care and humanity that remain and that will strengthen, because we will not give in. The response came in all forms. First responders bravely ran into unknown dangers; emergency services assisted the injured; strangers took others to safety; and the wider community offered shelter, food and transport.
Online communication played a vital role in assisting people, which shows how integral it is in our lives. That is why we must promote safety and security in all our online activities and communications.
In our increasingly technological world, means of communicating are expanding—sometimes it seems that they are expanding almost daily—and making our world a much smaller place. The Government’s vision highlights the need for people to be informed and prepared, for businesses and organisations to recognise risk, and for a growing cyber-resilient community. No one can argue with that ambition.
We all have a responsibility to protect ourselves and we need to think about our own online security. How many of us use the same password or similar passwords when we are online? We shop online more, we order food and drink online, we bank online, and we talk and share thoughts and memories online. To many people, including me, the concept of being online brings new opportunities.
Online commerce is growing in Scotland and, working with the business community, we must ensure that the internet remains a safe place to carry out business. I will not pretend to be as informed as some are about cybersecurity and cyber-resilience. However, reading through the Scottish Government’s strategy to prevent and tackle cyberattacks, I see a lot of positive ambition. I believe that, to continue to prevent further attacks and promote online safety, we must place a much greater emphasis on education. The internet will continue to play a major part in our society, and teaching young people at school is a preventative step for generations to come. We rightly promote online access to the internet for our ageing and vulnerable population, but that must go hand in hand with online safety as well as the right support and help to allow them to access the internet.
Countries around the world need to respond to the increased risk of cyberattack, because we need a global response to ensure that we are all safe.
As Claire Baker pointed out, much of what we are talking about in relation to cybersecurity can sound like a foreign language to the public and to some politicians. The recent ransomware attack has brought the issue to light and has raised awareness of the threat that hackers can pose. Our public services need to have the resources available to them to ensure that further attacks do not bring down computer systems and affect service users.
Following the statements in Parliament last week and today, Anas Sarwar has raised concerns and warned of the dangers for the NHS, highlighting freedom of information requests and parliamentary questions that were asked by my former colleague Dr Richard Simpson. Those questions date back to 2010, but the Government’s response has been less than satisfactory. Action is needed—and it is needed now.
The evolving nature of online crime changes year on year. Although the Government produced a positive and ambitious strategy, it is vital that the strategy is updated every year and that the chamber is kept informed of the level of risk and attack that our public bodies face.
This has been a timely, consensual and constructive debate, with agreement across the chamber on the need to improve our online safety. We must work with the rest of the UK on the issue, which is why a future Labour Government would include cyberwarfare and cybersecurity in a complete strategic defence and security review. It is vital that cybersecurity forms an integral part of our defence and security strategy, and a Labour Government would introduce a cybersecurity charter for companies that work with the Ministry of Defence.
Several members have highlighted the role that education can play. Jamie Greene spoke of the global impact of the latest attack and Stewart Stevenson, in his own inimitable way, spoke of human failings across the centuries. Liam McArthur talked about cybercrime.
Scottish Labour’s amendment speaks of the importance of investing in our public services to ensure that they are safe and secure across their networks. Local authority budgets are under pressure, but the Government should ensure that local authorities are supported to develop and maintain cybersecurity across all our public bodies. Similarly, third sector organisations and businesses will benefit from a collaborative approach.
The Scottish Government’s aim is to create a cyber-resilient Scotland, and we will work with it to do that. We will support the Government’s motion as well as the Tory amendment, and I hope that the Government will support our amendment.
16:43
Dean Lockhart (Mid Scotland and Fife) (Con):
We have had an interesting debate in which a wide range of issues have been discussed. We have heard some remarkable data about the central role of the digital world in every aspect of our lives nowadays, and I will add a couple of other data points. In a business context, the contribution of the digital economy in the UK is now more than £1 billion a year. In a global context, there are more than 1.3 billion daily active users of Facebook, including many members in this chamber, I am sure. Closer to home, in the UK, we spend more time on media and communications than we spend sleeping. I am sure that members will recognise that.
We have heard that, when things go wrong, a cyberattack can have a massive impact, as the recent attack on the NHS highlighted. I add my commendations for the remarkable response of the NHS, first to the cyberattack two weeks ago and, now, to the on-going tragic events in Manchester.
Given our growing dependence on online technology and the risks that we face, we welcome today’s cross-party support for the need to increase cyber-resilience in Scotland. This evening, we will support the Government’s motion and Labour’s amendment.
I will pick up three points that were raised in the debate. First, what the term cyber-resilience means; secondly, what the key risks are that we need to address in this increasingly digital world; and, thirdly, what steps we can take to maximise cyber-resilience.
What cyber-resilience means is not necessarily clear to everyone. John Swinney and Jamie Greene highlighted that the concept of cyber-resilience stretches far beyond what we might consider to be cybersecurity. It is not just about having a firewall or downloading a new patch to prevent viruses getting through; cyber-resilience involves a whole range of other measures. It is about preparing for and defending against attacks or accidental system failures and it is about being ready to rapidly recover from those events and having contingency plans in place.
Cyber-resilience is particularly important for large organisations, such as the NHS or large banks, that might cause systemic risks if they are attacked. For such organisations, cyber-resilience is about having a whole-system approach to cyber-risk. The World Economic Forum has set out a list of cyber-resilience measures that it recommends that large organisations that may have a systemic risk should implement.
First, they should have the very latest operating systems and platforms in use. As we saw with the attack on the NHS, if up-to-date systems are not in place, a virus can easily spread.
Secondly, the organisations should have in place contingency plans that are ready to activate if there is a systems failure. I commend everyone involved in the NHS’s rapid response to the recent cyberattack for getting the system back up and running.
Thirdly, there needs to be better digital training for everyone within the organisation. A recent report by the Royal Society of Edinburgh indicated that 30 per cent of the Scottish population lacks basic digital skills. As Liam Kerr said, we need to address that.
Large organisations that may develop a systemic risk need to develop a culture of awareness of what cyber risk might look like. Cyberattacks often focus on the weakest link in an organisation. We have heard that that can often be individuals opening emails that, although addressed to them, are an entry point for the cyberattack.
We have heard that human weakness in encryption has been a common factor throughout history. I did not expect to refer to Mary Queen of Scots or Napoleon during a debate on cyber-resilience, but Mr Stevenson made sure that we had a bit of historical context within which to view today’s topic.
Smaller organisations that might not have the scale or the budget for some of the measures that I have set out, as recommended by the World Economic Forum, can still take important steps, as was explained by Willie Coffey, by keeping software updated as far as possible, externally backing up data, installing antivirus software, using strong passwords, training staff and raising awareness.
Enterprise agencies have a role to play in providing support and training in cyber-resilience. In phase 2 of the enterprise and skills review, we recommend that consideration be given to putting in place policy measures that require the enterprise agencies to prioritise cyber-resilience as part of their portfolio.
We must recognise that although all the additional measures will involve significant investment across the public and the private sectors, the risks and costs of neglecting cyber-resilience are significantly higher. We saw graphic examples of that, as Donald Cameron said, in the context of the attack on the NHS 10 days ago.
Attacks are also increasing in the private sector. According to the British Chambers of Commerce, one in five British firms was hit by a cyberattack last year and only a quarter of firms in the UK consider that they have in place adequate security measures to protect themselves. Last year, the Scottish Business Resilience Centre estimated the cost of cybercrime in Scotland to be about £394 million; UK wide, the figure is a staggering £11 billion.
Given the cost of what can go wrong if we do not have the necessary protections in place, we believe—as our amendment sets out—that additional steps need to be taken, and that additional investment and education and greater awareness of cyber-resilience are necessary.
What steps can be taken to maximise Scotland’s cyber-resilience? Our amendment sets out some of them. We support the Scottish Government’s current cybersecurity plans, but we would like specific proposals in response to the recent cyberattacks to be presented to Parliament for debate. We also want there to be closer collaboration with the UK Government and the new national cybersecurity centre. That should include active participation with the UK-wide industrial strategy as a platform to expand our skills base in the digital sector, in which the UK Government is investing more than £2 billion, and to develop our digital technology.
In addition—I raised this with the Cabinet Secretary for Education and Skills—we want action to be taken to increase the number of science, technology, engineering and mathematics teachers across Scotland. In particular, we want there to be an increase in the number of teachers who are qualified to teach computing skills, as that will be critical in enabling future generations to deal with the increasingly complex digital world.
16:51
The Cabinet Secretary for Justice (Michael Matheson):
I am very grateful for the valuable contributions that members have made, in which they raised many notable and interesting points that deserve further consideration.
We intend to accept both amendments to the motion. The tone and the nature of the debate have demonstrated a genuine interest in making sure that, as a country, we do as much as we can to enhance and improve our cybersecurity.
There is no doubt that the digital revolution has the potential to enhance the lives of everyone in Scotland, but it is vital for our security and our economy that, in using digital technology to run essential services and support our critical infrastructure, we do so with a system that is safe, secure and—importantly—resilient.
No member should be under any illusion about the threat and the enormous challenge that Scotland, the UK and countries across the world face from cyberattacks. Whether we work in the public sector, the private sector or the voluntary sector, we all have an important role to play in addressing cybersecurity and treating the need to deal with the threats that we face online as a shared responsibility. Neither the Scottish Government nor the UK Government, or even the EU, can tackle the issue alone—we must all accept that we have a collective responsibility to work collaboratively to address the risks to cybersecurity that exist.
Jamie Greene highlighted the importance of collaboration and working in partnership to tackle the issue. As a Government, we take that very seriously, as we set out in the strategy that the Deputy First Minister published back in November 2015. Bringing together the Scottish and UK Governments is a key part of that, but as well as bringing together the work that we do with the work that the new national cybersecurity centre is doing, we must bring together all the different sectors that have a part to play in the delivery of cybersecurity—in other words, the public sector, the private sector and the voluntary sector. There is no point in our taking a particular approach and having robust systems in place in the public sector if we do not share that understanding and expertise with the private sector. Harnessing and utilising the expertise of the private sector in our public and voluntary sectors is equally important, and that is the approach that we are determined to take.
Jamie Greene:
I do not disagree with anything that the cabinet secretary has said, but what would be the means of collaboration between the public sector, with its own investment in IT, and the private sector—and vice versa?
Michael Matheson:
I was about to come on to that very issue. That is why the Deputy First Minister created the national cyber-resilience leaders board, which is chaired by the chief executive of CBI Scotland and includes the voluntary sector, the public sector and the private sector. We now have various organisations working collaboratively to learn from and support one another in tackling some of the issues with cybersecurity, and Scotland is the only part of the UK with such a structure in place to ensure such collaboration. There is no doubt that our experience over the past few weeks of collaboration and support in dealing with the recent cyberattack provides a lesson that could be utilised in other parts of the UK, and we are more than happy to share with the UK Government our experience and the benefits that could come from it.
I turn to some of the issues that have been raised; indeed, I will address some of the myths that have been peddled in the debate, particularly the claim that this was an attack on the NHS. It was not a cybersecurity attack on the national health service; as Jamie Greene and others have pointed out, more than 150 countries were affected by it. Public sector and private sector organisations in different parts of the world were affected. It is not about the public sector not doing enough; it is about the increasing complexity of the cybersecurity challenges that we face. The reality is that many of our public sector bodies, including the NHS, and private sector companies are facing security attacks and cybercrime every day.
Claire Baker:
I fully accept the cabinet secretary’s point that it was not an attack on the NHS; if I suggested as much in my speech, I think that that was due to the impact of the limitations of time on my explanation of the situation. However, the fact that the NHS was affected by a global attack has exposed some weaknesses in our public sector that need to be addressed.
Michael Matheson:
Absolutely. It is very important that we recognise the effect of the attack on some parts of our NHS, and there are clear lessons to be learned. The NHS in Wales was affected, too; at the meetings of the Cabinet Office briefing room A—COBRA—committee in which I participated and discussed the issue, the Welsh Government was represented because of some of the challenges that it was facing. There was also no doubt that the NHS in England was more adversely affected than any other part of the NHS in the UK. I also point out that two of our biggest boards in Scotland were not affected; others were affected to a limited degree; and others still were affected to a greater degree. We have to understand why that was the case. Why were some of our NHS boards not affected at all, some only on a limited basis and others to a greater degree?
Daniel Johnson:
So why was that?
Michael Matheson:
I will make this point first, if the member does not mind. That is why the important measures that we are taking forward through the national leaders board that we have established will include a lessons-learned exercise involving NHS Scotland and the wider public sector, the private sector and the third sector in Scotland. Fortunately, we also have the benefit of the expertise of KPMG, which has offered to host the event to ensure that we learn as much as we can from such attacks.
Patrick Harvie (Glasgow) (Green):
Will the cabinet secretary give way?
Michael Matheson:
I do not recall the member being in the chamber for the debate. In any case, I want to make progress on addressing the points that members have made.
Cybercrime is an important and growing issue that is also growing in complexity. The organisations that are behind such crimes are not individuals who operate from their bedrooms, but sophisticated serious organised crime groups that use multimillion-pound systems to perpetrate cyberattacks. That is why we, as a country, need to make sure that we work in a collaborative fashion.
I have had the benefit of the insight that is provided through the European cybercrime centre—EC3—programme, which is run by Europol and which works in a collaborative fashion right across Europe to tackle cybercrime. It is crucial that we maintain and protect that partnership because we know that cybercrime is underreported and that it is a growing issue. As we move forward with our policing 2026 programme, we also need to make sure that we have a workforce in the police service that is able to respond to the issues effectively.
I will draw my remarks to a close, Presiding Officer. Many valuable points were raised during the debate, and I have no doubt that the Deputy First Minister will take them away and consider them as we move forward with looking at how we can improve the delivery of cybersecurity in Scotland. Key to that is a recognition that we all have a part to play as individuals, given the ways in which we operate our computer-based systems, and that companies and the public sector play important roles in tackling cybercrime. With the work that we will take forward under the strategy, we are determined to make sure that that is what we will do here in Scotland.
Business Motions
back to topThe Presiding Officer (Ken Macintosh):
The next item of business is consideration of motion S5M-05765, in the name of Joe FitzPatrick, on behalf of the Parliamentary Bureau, setting out a business programme.
Motion moved,
That the Parliament agrees the following programme of business—
Tuesday 30 May 2017
2.00 pm Time for Reflection
followed by Parliamentary Bureau Motions
followed by Topical Questions (if selected)
followed by Ministerial Statement: Social Security Benefits
followed by Ministerial Statement: Widening Access to Higher Education
followed by Equalities and Human Rights Committee Debate: Hidden Lives - New Beginnings: Destitution, asylum and insecure immigration status in Scotland
followed by Business Motions
followed by Parliamentary Bureau Motions
5.15 pm Decision Time
followed by Members’ Business
Wednesday 31 May 2017
2.00 pm Parliamentary Bureau Motions
2.00 pm Portfolio Questions
Rural Economy and Connectivity;
Environment, Climate Change and Land Reform
followed by Scottish Government Debate: Protecting Workers’ Rights
followed by Business Motions
followed by Parliamentary Bureau Motions
5.00 pm Decision Time
followed by Members’ Business
Thursday 1 June 2017
11.40 am Parliamentary Bureau Motions
11.40 am General Questions
12.00 pm First Minister's Questions
followed by Members’ Business
2.30 pm Parliamentary Bureau Motions
2.30 pm Stage 1 Debate: Child Poverty (Scotland) Bill
followed by Business Motions
followed by Parliamentary Bureau Motions
5.00 pm Decision Time
Tuesday 6 June 2017
2.00 pm Time for Reflection
followed by Parliamentary Bureau Motions
followed by Topical Questions (if selected)
followed by Justice Committee Debate: Inquiry into the Role and Purpose of the Crown Office and Procurator Fiscal Service
followed by Business Motions
followed by Parliamentary Bureau Motions
5.00 pm Decision Time
followed by Members’ Business
Wednesday 7 June 2017
1.30 pm Parliamentary Bureau Motions
1.30 pm First Minister’s Questions
2.15 pm General Questions
2.35 pm Portfolio Questions
Culture, Tourism and External Affairs;
Justice and the Law Officers
followed by Business Motions
followed by Parliamentary Bureau Motions
3.15 pm Decision Time—[Joe FitzPatrick].
The Presiding Officer:
The next item of business is consideration of motion S5M-05766, in the name of Joe FitzPatrick, on behalf of the Parliamentary Bureau, setting out a timetable for the Forestry and Land Management (Scotland) Bill at stage 1.
Motion moved,
That the Parliament agrees that consideration of the Forestry and Land Management (Scotland) Bill at stage 1 be completed by 10 November 2017.—[Joe FitzPatrick.]
Motion agreed to.
Parliamentary Bureau Motions
back to topThe Presiding Officer:
The next item of business is consideration of two motions on the approval of Scottish statutory instruments.
Motions moved,
That the Parliament agrees that the Registration of Social Workers and Social Service Workers in Care Services (Scotland) Amendment Regulations 2017 [draft] be approved.
That the Parliament agrees that the Public Bodies (Joint Working) (Prescribed Local Authority Functions etc.) (Scotland) Amendment Regulations 2017 [draft] be approved.—[Joe FitzPatrick.]
The Presiding Officer:
The questions on the motions will be put at decision time.
Decision Time
back to topThe Presiding Officer (Ken Macintosh):
There are five questions to be put as a result of today’s business. The first question is, that amendment S5M-05733.1, in the name of Jamie Greene, which seeks to amend motion S5M-05733, in the name of John Swinney, on safe, secure and prosperous: achieving a cyber-resilient Scotland, be agreed to.
Amendment agreed to.
The Presiding Officer:
The next question is, that amendment S5M-05733.2, in the name of Claire Baker, which seeks to amend the motion in the name of John Swinney, be agreed to.
Amendment agreed to.
The Presiding Officer:
The next question is, that motion S5M-05733, in the name of John Swinney, as amended, be agreed to.
Motion, as amended, agreed to,
That the Parliament notes that the recent global cyber-attack demonstrates the urgency for everyone to secure their technology, data and networks from the many threats that are faced in the digital world; recognises the continuing and growing importance of cyber-resilience to Scotland’s safety, security and prosperity; resolves that citizens and organisations must be aware of the risks and be able to respond and recover quickly from any kind of cyber-attack if Scotland is to realise its full potential; calls on leaders across all sectors in Scotland to consider their organisations’ resilience to cyber-attacks and take action to ensure that they have plans in place to respond and recover quickly from cyber-incidents; notes that cyber-crimes are often underreported and that more data is needed for a fuller understanding of the scale of such crimes; welcomes that both the UK and Scottish governments have published cyber-security strategies; notes that a number of government, security and enforcement agencies are involved in tackling cyber-threats; believes that both governments should communicate closely to implement these strategies and to minimise the risk of attack; supports investment in public services to ensure that they are well resourced and flexible to withstand future attacks, and calls for the Scottish Government to work with partners across the UK to ensure that Scotland has the capabilities, knowledge and resources to keep people safe and secure online.
The Presiding Officer:
The next question is, that motion S5M-05639, in the name of Joe FitzPatrick, on approval of a Scottish statutory instrument, be agreed to.
Motion agreed to,
That the Parliament agrees that the Registration of Social Workers and Social Service Workers in Care Services (Scotland) Amendment Regulations 2017 [draft] be approved.
The Presiding Officer:
The final question is, that motion S5M-05768, in the name of Joe FitzPatrick, on approval of an SSI, be agreed to.
Motion agreed to,
That the Parliament agrees that the Public Bodies (Joint Working) (Prescribed Local Authority Functions etc.) (Scotland) Amendment Regulations 2017 [draft] be approved.
National Parks
back to topThe Deputy Presiding Officer (Christine Grahame):
The final item of business today is a members’ business debate on motion S5M-03832, in the name of Finlay Carson, on the establishment of new national parks. The debate will be concluded without any question being put.
Motion debated,
That the Parliament recognises the value of Scotland’s outstanding natural beauty, which creates jobs, contributes to the economy and attracts millions of tourists from Galloway and West Dumfries, the rest of Scotland and the world; notes what it sees as the success of the Cairngorms and Loch Lomond and The Trossachs national parks in conserving and enhancing the natural heritage of these areas, and notes the calls on the Scottish Government to conduct a review of national parks and consider the establishment of new ones.
17:04
Finlay Carson (Galloway and West Dumfries) (Con):
I thank the members who supported my motion, allowing this debate to take place. Many of my colleagues will know that I have campaigned enthusiastically on this issue for many years, first as a councillor in Dumfries and Galloway and now as the MSP for Galloway and West Dumfries. I believe passionately that Galloway should have the recognition that it deserves, with its very own national park.
John of the mountains petitioned the US Congress for the national park bill that was passed in 1890, establishing the Yosemite national park. John of the mountains, better known as John Muir, profoundly shaped how people now understand and envision their relationship with the natural world. With a Scotsman as the original promoter of national parks and our world-renowned natural beauty, it is incredible that we have only two national parks in the whole of Scotland. That is something that I believe we need to change.
To set the scene, we currently have two national parks—the Cairngorms, and Loch Lomond and the Trossachs—and there are 10 in England. National parks are protected areas, which are designated because of their beautiful countryside, wildlife and cultural heritage. People live and work in the national parks, and the farms, villages and towns are protected along with the landscape and wildlife. National parks welcome many visitors and provide opportunities for everyone to experience, enjoy and learn about the park’s special natural qualities.
Specifically, the Scottish national parks have four aims, as laid out in the National Parks (Scotland) Act 2000:
“(a) to conserve and enhance the natural and cultural heritage of the area,
(b) to promote sustainable use of the natural resources of the area,
(c) to promote understanding and enjoyment ... of the special qualities of the area by the public, and”—
crucially—
“(d) to promote sustainable economic and social development of the area’s communities.”
Too often, national parks are seen as planning controls max. However, the current legislation enables the Scottish Government to propose areas for designation, and allows considerable flexibility in the design of national parks so that they can be tailored to local circumstances and local needs.
In Galloway we have one of the most man-made or man-shaped landscapes in Scotland and it is constantly changing. Perhaps, unlike the Cairngorms, we do not want to mothball our area—it is not about restrictions. The 2000 act requires national parks to pursue sustainable economic and social development alongside conservation and recreation.
Importantly, national parks in Scotland are governed by boards that are made up of directly elected local people, local councillors and national experts. Having local people engaged and working towards the sustainable development and management of an area can bring limitless benefits to that area and the local communities within it. I do not believe that anybody can make better decisions about how to manage an area than the people who live and work there.
The Scottish Campaign for National Parks and the Association for the Protection of Rural Scotland have highlighted seven areas of the country that could be designated national parks, from Harris right down to Galloway. A Galloway national park would inevitably be very different from the two that we currently have. We are not looking to replicate what is there in the Cairngorms or Loch Lomond and the Trossachs.
We already have many components of what is expected of a national park: the United Kingdom’s largest forest park, three national scenic areas, the Galloway and southern Ayrshire biosphere and Europe’s first dark-sky park; we could also incorporate an additional marine component in the Solway Firth. There is a rich variety of dynamic coastal scenery and, together with the forest park, visitors can see a gradual transition from the coastline through a well-wooded farming landscape to the upland hills. There is a huge diversity of landscapes, making Galloway an outstanding example of the type of fine landscape that Scotland has to offer beyond its classic and best-known Highland scenery. In Galloway we tick all the boxes—we just need that world-renowned and recognised designation.
Kate Forbes (Skye, Lochaber and Badenoch) (SNP):
I ask this in all seriousness as a member of the Scottish Parliament who represents the Cairngorms, which is a fantastic national park. Mr Carson talked about the four different aims. One of the real challenges is the difficulty in meeting those four aims—they can sometimes come into conflict. Has he considered how that would work in other national parks?
Finlay Carson:
Absolutely—Kate Forbes has raised a good point. It is vital that there is flexibility, and that is in the legislation. We often describe the national park that we would like to see in Galloway as national park lite, to ensure that it addresses a lot of those potential issues.
Dumfries and Galloway Council, which has agreed to be actively involved in any proposals that are being developed for a Galloway national park, has endorsed the approach that has been taken to date by the community-based group leading the proposals. It is clear that there needs to be a wide-ranging and inclusive engagement process that seeks to build consensus among communities. It is crucial that the park is demanded by the community and not seen as being imposed on it.
Council officers have actively promoted the need to consider the Solway coast as part of the emerging proposal, recognising the environmental, social and economic attributes that the coastal area could bring to a national park proposition. A study that was commissioned by Dumfries and Galloway Council into the feasibility of a national park noted that there is a significant economic opportunity waiting to be developed in the area. The study went on to suggest that the costs of running the national park could be more than offset by the economic benefits.
Why now? The Scottish Government has told me previously that the designation of new national parks is not a priority. As a Conservative, I understand the importance of prudent public spending, but the arguments for more national parks in Scotland are compelling. National parks help to boost employment in rural communities through sustainable development. Permanent staff would be employed directly by the national park authority and jobs would be created through increased tourism and visitor numbers in the area.
Scotland has world-class scenery and people come from all over the world to experience it. Our economy relies heavily on tourism, much of which is focused on the incredible beauty of our countryside. In 2015, well over 200,000 people were employed in the tourism sector in Scotland, which was 9 per cent of total employment. Spending by tourists in Scotland generates around £12 billion of economic activity in the wider Scottish supply chain. A report by VisitScotland found that 17 per cent of all visitors to Scotland went to the Loch Lomond and the Trossachs national park and that 12 per cent went to the Cairngorms national park, which demonstrates the huge pull that national park status can have.
It is not only tourism that benefits. Small lifestyle businesses that are based on the sustainable use of natural resources such as timber, fish, wildlife or geology can thrive in a national park environment.
The south of Scotland would benefit hugely from the proper recognition that Galloway deserves, and that is national park status. The Scottish Government says that it takes climate change and enhancing biodiversity seriously. If that is the case, it must look at designating more national parks in Scotland. That would inspire pride and passion from local people and visitors alike, boosting Scotland’s image worldwide. Let us give Scotland’s outstanding natural beauty the recognition that it deserves by using the powers that we have in the Parliament to designate more national parks.
17:12
Emma Harper (South Scotland) (SNP):
I am pleased to speak in the debate and I congratulate Finlay Carson on securing it. Mr Carson’s motion asks for a review of national parks across Scotland. I represent the South Scotland region, so I will focus on that area. Finlay Carson and I are both privileged to represent areas of outstanding natural beauty in Scotland. The landscape and surroundings in the south of Scotland and the south-west of Scotland are integral not just to our natural heritage but to the economy, as Finlay Carson said.
The south-west of Scotland is one of the most beautiful places on the planet. We are fortunate to have the Galloway and southern Ayrshire biosphere and within that the dark-sky park and the Galloway forest park. Last month, I was pleased to host the team behind the Galloway and southern Ayrshire biosphere in the Scottish Parliament to highlight their work to members. That was the first event in Parliament supporting the biosphere programme.
Biosphere reserves are places with world-class environments that are designated to promote and demonstrate a balanced relationship between people and nature. They are places that value and protect the biological and cultural diversity of a region while promoting environmentally sustainable economic development. The 5,268km2 of the Galloway and southern Ayrshire biosphere holds a United Nations Educational, Scientific and Cultural Organization designation. I was particularly struck by the words of Dr Beth Taylor, chair of the United Kingdom national commission for UNESCO, when she spoke at my event in Parliament. Dr Taylor described UNESCO’s global networks as a
“powerful mechanism for collaborating with colleagues across borders, and helping friends around the world”.
That sentiment neatly sums up the reason why I was first attracted to the idea of the biosphere. For me, it is outward looking and international and it promotes ecological diversity and sustainable development.
The Ramsay report in 1945 identified the area around Merrick and Glen Trool as “eminently suitable” for a national park, but a proposal for a Galloway national park will need to work for the whole region. Feedback from local people who I have spoken to so far has been mixed. If a new park is to proceed in Galloway, it is vital that support is garnered from as wide a range of stakeholders as possible, as Finlay Carson noted.
There are advantages and disadvantages to having more national parks, but certainly there is potential in the idea. I was pleased to attend Finlay Carson’s parliamentary event in January to hear the case being made by the Scottish Campaign for National Parks. The event was well attended and supporters spoke eloquently and passionately about why they believe that establishing the national park would be good for Scotland.
In meetings and surgeries over the past year, I have heard a variety of people voice different and sometimes opposing views on having a national park for the south-west or for Galloway. It is important that any proposals come directly from the people of the south of Scotland and are for something that people who live and work there are happy to support and live with for the long term.
National parks are not a silver bullet and they carry considerable costs. It is important not to lose sight of the many positive examples already in place in the south-west, and the benefits that they are delivering. I read with interest a document produced by the Scottish Campaign for National Parks that details various governance models, and I am attracted to the idea of a governance model consisting of a park committee that is overseen by the local authority. That would solve one of the problems that I described, by avoiding the relatively complex and costly arrangements that are in place at Scotland’s two existing national parks.
I thank Finlay Carson for bringing the issue to the chamber. It is important to have this debate and to seriously consider whether the creation of a national park would make the situation easier or more difficult for the wider rural economy. If we create a national park, the best way to go about it will be to encourage all stakeholders to be involved.
17:16
Maurice Corry (West Scotland) (Con):
I congratulate my colleague Finlay Carson on securing the debate.
As I come from the west of Scotland and live very near the Loch Lomond and the Trossachs national park, I understand the benefits that having a national park can bring to rural communities. We are lucky enough to have the Loch Lomond and the Trossachs national park protecting the natural beauty of our area and encouraging thousands of tourists to come to our part of Scotland every year, bringing with them massive economic benefit to local business and those who live in our communities. In our 2016 election manifesto, the Scottish Conservatives supported the creation of further national parks so that those benefits can be rolled out across Scotland.
Our countryside’s natural beauty is undoubtedly one of our greatest assets. Scotland’s countryside is world renowned and is one of the major reasons why people decide to visit here. Research has shown that more than 60 per cent of visitors are interested in visiting our countryside and that it was high up on the list of their potential activities. Further research by VisitScotland showed that 58 per cent of visitors stated that their motivator for visiting Scotland was the scenery and landscape. The second most popular motivator on that list, with 31 per cent, was to learn more about Scottish history and culture, both of which national parks protect and enhance.
Those figures prove that a large number of our international tourists want to take advantage of our countryside when they are here, and figures show that national parks attract large numbers of overseas visitors. We should be seeking to take advantage of that by spreading the benefits to more areas across Scotland. Opening more national parks would help to do that.
Kate Forbes:
Will the member give way?
Kate Forbes:
On Loch Lomond and the Trossachs—
The Deputy Presiding Officer:
Kate Forbes.
The Deputy Presiding Officer:
Enthusiasm is no bad thing, Ms Forbes.
Kate Forbes:
I am generally in favour of national parks, but one of the challenges is that, when a national park is established, house prices start to rise, which makes it harder for local people to buy houses and stay in the area. It is also far harder to build houses in national parks. Has that been the case in Loch Lomond and the Trossachs?
Maurice Corry:
Yes, it has been. There is an anachronism in the Loch Lomond and the Trossachs national park, which is that, in order to build in the national park, one has to work in it. That is being addressed by the council that I was previously a councillor on—I must declare an interest: I was a councillor on Argyll and Bute Council prior to 4 May. That was an issue in my ward of Lomond North, and a constant battle is going on there. That is being addressed, but Kate Forbes is right, and the effect has been to put up the value of the small number of houses there. Another reason why they are going up in value is the expansion of Faslane, but that is another issue altogether.
It is worth noting that many countries have a larger number of national parks than we do, and that they often play a significant role in the advertising of the country. For example, Kenya actively advertises the fact that it has more than 45 national parks and reserves. That is the same in South Africa, which I visited. The “national park” label is probably the best-known countryside protection designation in the world. Although national parks are run slightly differently in each country, people recognise that term as referring to somewhere of outstanding natural beauty and interest and somewhere that they should go and see.
Although it is important and right that we have more national parks, we need to ensure that we use them effectively and that we market them abroad effectively, as we are marketing rural Scotland and its many attractions. If we could improve our national park system and the advertising and marketing of it, the benefits that it would bring to rural communities would be numerous and varied. Tourists in rural areas bring substantial assistance in sustaining local services that might otherwise not be commercially viable. The increased levels of expenditure in local shops, on rural public transport and in restaurants and cafes can help to sustain those services for local people while creating jobs for people in rural areas. I know that many communities in Scotland would benefit from that.
I firmly believe that rural Scotland would benefit from making national parks a central theme of how we encourage people to come and visit Scotland. Therefore, we need to increase the number of national parks that we have in Scotland.
17:21
Colin Smyth (South Scotland) (Lab):
Like other members, I am grateful to Finlay Carson for the opportunity that the motion gives us to celebrate the success story that is Scotland’s existing national parks, and also to make what is a powerful case for the establishment of new national parks in Scotland.
It is now 17 years since the Parliament passed the National Parks (Scotland) Act 2000, which paved the way for the Labour-led Scottish Executive to create the Loch Lomond and the Trossachs national park in 2002 and the Cairngorms national park in 2003. Those parks have helped to deliver a major economic boost to those areas, supporting local businesses, generating jobs for young people, providing affordable homes, promoting investment in sustainable rural development and growing the tourism sector. They have also delivered an environmental boost, restoring paths and peatlands, conserving native woodlands and assisting with species recovery.
However, that is, to coin a phrase, “unfinished business”. Despite our outstanding natural beauty and the acknowledgment that national park status is an internationally recognised successful brand, Scotland has just two of the United Kingdom’s 15 national parks, with 10 in England and three in Wales. When it comes to national parks, we are a poor relation not just to the rest of the UK but to topographically similar countries such as New Zealand, which has 14 national parks, and Norway, which has 37.
The Parliament and the Government have never said that only two areas in Scotland are worthy of national park status, so the time is right to seriously debate the case for and merits of building on our success and developing new national parks. That case is compelling, given our world-class scenery, the protection and management that national park status gives to that scenery, and the positive impact on tourism and rural development of the national park brand.
The Scottish Campaign for National Parks report, “Unfinished Business”, sets out that compelling case in detail. That report was of course targeted at the time to provide a framework to support the 2011 Scottish National Party manifesto commitment that pledged to
“work with communities to explore the creation of new National Parks”.
Although that commitment was missing from the SNP’s 2016 manifesto, there is support from the other four main parties, including my party, which made a commitment to consider options for a new national park. Importantly, that means that there is a parliamentary majority in favour of at least considering new national parks.
The SCNP document “Unfinished Business” not only makes the case for new national parks; it goes on to propose seven possible areas that could be designated and could benefit from such status. That includes two areas in my South Scotland region, namely the Cheviots in the Scottish Borders, where the very active campaign for a Borders national park will shortly publish a feasibility study for its proposed park, and Galloway, where the Galloway national park sssociation has been set up and is developing a strong case for a national park covering parts of Galloway and South Ayrshire.
Until I stepped down as a councillor last month, I had the privilege of chairing Dumfries and Galloway Council’s economy committee. We commissioned the Southern Uplands Partnership to consider whether such a proposal would be beneficial for our region. The work was undertaken in partnership with the Galloway and southern Ayrshire biosphere, which had been highlighted as being part of the geographical area covered by such a proposal.
Finally, the report “A Galloway National Park...?”, to which Finlay Carson referred, addressed areas of concern around the administrative and legislative framework of any national park, making it clear that there is no one-size-fits-all model for a national park, and that they can be developed to suit the needs of the local community. That report also outlined the considerable benefits and economic opportunities associated with the establishment of a Galloway national park—and there are many. It would recognise the world-class scenery of the south-west of Scotland, it would protect and manage that scenery, it would act as a stimulus for tourism and rural development, and it would reinforce Scotland’s national identity.
Not surprisingly, the report was supported by the biosphere partnership board and endorsed unanimously across by councillors from all parties in Dumfries and Galloway Council in November 2016, when we agreed to support the campaign for a Galloway national park. I was also pleased to see that that commitment will continue in the partnership agreement that was signed this week by the new Labour and Scottish National Party administration on Dumfries and Galloway Council.
Galloway national park association believes that a new park could attract between 250,000 and 500,000 new visits each year and £30 million to £60 million per annum of additional spending in the short term for the local economy, as well as helping support or create between 700 and 1,400 additional jobs. The association argues that a Galloway national park authority could provide direct employment for between 40 and 80 rangers. In short, it says that a Galloway national park would be a social and economic game changer for the region, which the Government knows has massive economic challenges.
I hope, therefore, that the Scottish Government will recognise that is there not only a parliamentary majority in support of considering new national parks but a compelling case and growing public support for that case.
17:25
Graeme Dey (Angus South) (SNP):
I begin, as is customary, by congratulating Finlay Carson on bringing the debate to the chamber. He, like Emma Harper and Claudia Beamish and me, serves on the Environment, Climate Change and Land Reform Committee, which has oversight of national parks. Additionally, a small part of my constituency falls within the boundary of the Cairngorms national park. I look forward to the publication of the final version of its partnership plan for 2017 to 2022 shortly.
The establishment of the Cairngorms national park has been a good thing but, as Scottish Land & Estates has acknowledged, being able to see the benefits of national park status does not necessarily translate into automatic support for the creation of more national parks, as that is a more complicated issue. Conflicts will always arise around how national parks operate. In Loch Lomond and the Trossachs, we have seen the controversy over the approach to tackling wild camping issues, and in the Cairngorms, we have seen the park authority oppose wind farm applications from sites outwith its boundaries. Access to housing for local people has also been a problem.
By and large, from the environmental perspective, national parks are a vehicle for good, so I get the desire on the part of some for more parks. I also have some sympathy with the call for a marine national park. However, to paraphrase what the UK Prime Minister said on another matter, I wonder whether now is the time.
Although I entirely respect Finlay Carson for speaking up for his area, I will play devil’s advocate from a Scotland-wide perspective. Committee colleagues know that I quite enjoy playing that role, and I hope that my remarks will be accepted in that spirit.
The motion refers to calls for a review of national parks and the consideration of establishing new ones. What form would such a review take and what resource would it tie up? At a time when the relevant area of the Scottish Government has, for example, action on deer management, biodiversity, and wildlife crime issues to consider and implement, and a Scottish Natural Heritage report on the future vision for Scotland’s uplands to digest and act on, is it realistic to increase that workload, especially as it is set to be added to greatly by the consequences of Brexit? We should recognise that deer management, wildlife crime, land use in the uplands and biodiversity are, to varying degrees, issues of direct relevance to the existing parks and they would therefore be caught up in any such review.
My understanding is that the creation of a new national park would then take anything between two and four years, depending on the level of support, functions and governance structures, and the number of parks involved. As we have heard acknowledged, the level of support is critical. We would need to be clear that there was, if not a clamour, then certainly majority support for such a structure to be introduced among the local authorities and the affected communities.
How many new parks, whether all-singing or lite versions, would there be? Seven possibilities have been advanced.
Then there is the cost that will be involved. The financial memorandum that accompanied the 2000 act estimated the annual running costs for the two parks that we now have to be £6 million each when adjusted for inflation.
Claudia Beamish (South Scotland) (Lab):
Is it not the case that a light-touch national park, as other members have said, would be of value and—
The Deputy Presiding Officer:
Ms Beamish, where is your microphone? [Interruption.]
Claudia Beamish:
At this time of night, I hope that I can remember what I just said.
The Deputy Presiding Officer:
And you an experienced MSP.
Claudia Beamish:
The light-touch issue that has been highlighted by other members is important—I will leave it at that or Mr Dey will not have any of his time left.
The Deputy Presiding Officer:
I will give you your time back, Mr Dey.
Graeme Dey:
Thank you.
I get exactly where Claudia Beamish is coming from, but I point out to her that, whether it is light touch or whatever, the communities still have to go along with it and there are still associated costs. As I said, in making my comments, I am playing devil’s advocate rather than trying to shoot down the idea. Without considering the impact of Brexit, where would the money to fund new national parks come from at a time of constrained and, indeed, shrinking budgets? Would the expectation be that we would cut the funding for the existing parks? Can members imagine the reaction to that?
As I have indicated, I make my comments in the role of devil’s advocate because we need to explore certain issues. In principle, I support the idea of having more national parks. I get the desire to have more national parks but, as I noted earlier, there are questions to be asked and answered about prioritisation, justification and the scale of the demand.
17:30
Edward Mountain (Highlands and Islands) (Con):
I, too, thank my colleague Finlay Carson for securing a debate in the chamber on the important subject of establishing new national parks.
As we know, Scotland has only two national parks: Loch Lomond and the Trossachs, and the Cairngorms. Together, they cover only about 8 per cent of Scotland’s land area, which seems far too small an area for a country as beautiful as Scotland. When the Cairngorms national park was formed, I was actively involved in land management in the Cairngorms. In the run-up to the formation of the national park, I attended numerous meetings and discussions about the proposal. The idea of the national park was, in principle, welcomed by all, and it was certainly not imposed, which is important.
The creation of the Cairngorms national park was not without problems—the biggest two were probably the boundaries and the governance. The discussions over the boundaries could have gone either way, and the decisions were somewhat arbitrary—or they seemed to be, at the time. The issue of governance has rumbled on and has yet to be fully resolved by the Cairngorms National Park Authority. The park board has elected representatives not only from areas within the park but from councils whose areas form part of the park. Thus, Moray, Highland, Angus, Aberdeenshire and Perth and Kinross councils all have representatives on the park board, which can cause confusion.
As we heard from Kate Forbes, planning decisions can be slow, especially if they are called in by the Cairngorms National Park Authority. New housing developments in the park have been frustratingly slow and the result, as we have heard, is that house prices have risen, which is taking houses outwith the purchasing power of many local people. That is something that we need to learn from and avoid.
However, those two negatives do not mean that having a national park is a bad idea. Indeed, the national parks are an asset and provide a much-needed designation that can protect our beautiful landscapes and fragile areas. That is why I find it strange that the Scottish Government finds “no compelling business case” for establishing new parks.
If we could take just the best from the two existing parks and ditch the aspects that stifle good and effective management, we could have a winning combination that could streamline the management process and take it to a new local level, promote local and sustainable development, assist species recovery—as we heard from Graeme Dey—conserve native woodlands, and support local businesses. National parks can also attract external investment and encourage sustainable rural development. In addition, as we have heard, the existing national parks have developed the tourism industry, and will continue to grow it.
For those reasons, I struggle to understand the Government’s reluctance to establish new national parks. Perhaps the Government fears more control being given to the local level. However, it seems to me that the proposed Galloway park, which would potentially stretch across two council areas, is an ideal candidate for a national park. It could keep costs low, promote environmental protection and allow economic growth to happen faster in that area.
As has been mentioned by my colleagues, there is an appetite for the establishment of new national parks: I believe that four out of the five political parties in the Scottish Parliament, including my own, support the call for more national parks.
Emma Harper:
Will the member take an intervention?
Edward Mountain:
I will, if I have time.
The Deputy Presiding Officer:
I will give you the time back.
Edward Mountain:
In that case, I will take the intervention.
Emma Harper:
Graeme Dey has just made a compelling argument about the money that is involved. The Government has not made a decision yet, and the Cabinet Secretary for the Environment, Climate Change and Land Reform will speak later in the debate. However, for now, is not the compelling argument against having new national parks that there is currently a financial constraint?
Edward Mountain:
When we look at business cases—as I did during my business career—we have to look at the opportunity cost and the potential net gain to the environment and the local economy. Sometimes the opportunity costs are worth it and sometimes one has to take difficult decisions in order to grow the business as a whole. I therefore refute what Emma Harper said. Delaying the decision just delays the chance to gain the benefits.
I had very nearly reached the end of my speech when Emma Harper intervened. I call on the Government to conduct a review of establishing national parks, and to consider whether Galloway and West Dumfries is a potential site for a national park.
I accept that the Government did not mention the formation of national parks in its manifesto, but that should not stop it reacting to the calls from other parties in Parliament. It should accept the surge in support for national parks, listen to the voice of local communities, campaigners and other political parties and then make the best decision for the rural areas of Scotland.
17:36
Alison Johnstone (Lothian) (Green):
I am very pleased to speak in today’s debate and to reaffirm my support for having more national parks in Scotland. We have two wonderful national parks, but Scotland has many areas of outstanding natural beauty that merit that internationally recognised designation, and which are often overlooked.
As we have heard, the Scottish Campaign for National Parks identified seven possible sites. Creating new national parks would bring a range of environmental, social and economic benefits to those areas. There is very strong support for creating more national parks among most of the parties, and there are well-developed local campaigns for new national parks in Dumfries and Galloway and in the Borders. There is an extremely compelling case for a marine national park to conserve coastal habitats and our dynamic marine ecology. Indeed, there are convincing reasons to award national park status to any of the seven sites that the Scottish Campaign for National Parks has identified.
I would welcome a broad national conversation and consultation that would take account of local demand for new parks, would seek to protect a range of natural habitats, scenery and cultural heritage, and would fully involve the bodies that are already up and running and which are having such conversations across Scotland.
I hope that the Scottish Government is prepared to listen to the Galloway national park association, which presented a robust case for the local economic benefits that a new national park would bring, as it would attract an estimated 250,000 to 500,000 new visits every year and support between 700 and 1,400 jobs.
The Borders national park campaign points out that the Cheviot hills north of the border are every bit as beautiful and worthy of national park status as the Northumberland national park, which receives 1.7 million recreational visits each year, bringing in around £190 million in visitor spending. It is no surprise that the visitnorway.com website boasts of 44 national parks. Norway is four times the size of Scotland, so that is fair enough, but I repeat that it has 44 national parks. The Northumberland national park brought in that spending in 2013-14 with a budget of less than £2.8 million. I understand that the Government’s hesitance to support new national parks is cost related, so I ask that it take a long-term view, and that we have a discussion and look at the role that national parks play in rural development and the contribution that they make to our tourism sector.
A study for National Parks England outlined that in 2012 England’s national parks generated between £4.1 billion and £6.3 billion gross value added, which is comparable to the GVA of a small city such as Coventry.
The Scottish Campaign for National Parks also points out that it would not be as costly to establish and run future national parks as it was to establish and run our first two, because they would cover smaller areas and encompass areas of only one or two local authorities. Its report on future governance models estimated that their running costs may be as little as £1.5 million to £3 million. That would be an important investment in our rural economy and it would provide vital protection for our natural landscape.
Our national parks can have an even stronger role to play in protecting Scotland’s iconic species. As species champion for the hare, I have asked the cabinet secretary to consider using her powers to introduce a nature conservation order that would prohibit culls of the mountain hare in our national parks. The mountain hare is found only in Scotland but, sadly, they are routinely culled in many of our upland sporting estates, even in the Cairngorms national park. I look forward to any comment that the cabinet secretary might have on that.
Finally, there can be no doubt that, as well as delivering economic benefits and environmental protection, national parks benefit our wellbeing. As John Muir, one of the earliest advocates of national parks, once wrote, national parks allow thousands of people
“to find out that going to the mountains is going home, that wildness is a necessity”
and that our natural landscapes are useful not only
“as fountains of timber and irrigating rivers, but as fountains of life”.
17:40
The Cabinet Secretary for Environment, Climate Change and Land Reform (Roseanna Cunningham):
A lot has been said in this debate about the success of our national parks, and I endorse those remarks. Part of my constituency falls within the Loch Lomond and the Trossachs national park and, in my role as a constituency MSP, I have seen at first hand the good work that is done by the park authority. The work of the two parks in protecting species and habitats, promoting tourism and providing social and economic benefits to the communities that they serve is fully recognised and valued by the Scottish Government.
Of course, we have debated this issue in the chamber before. In November 2013—I appreciate that some members who are here today were not members of the Parliament at that time—there was a debate that was similar to this one. It followed the publication of the report “Unfinished Business” by the Scottish Campaign for National Parks and the Association for the Protection of Rural Scotland. That report called on the Scottish Government to develop a long-term strategy for more national parks. Today’s motion calls for a review of national parks with a view to considering new ones.
I am, of course, aware of Mr Carson’s specific interest in the designation of a national park in south-west Scotland but, as a number of members have noted, that is just one of the seven locations that is contained in “Unfinished Business”.
Dumfries and Galloway currently benefits from a range of landscape designations that are aimed at increasing tourism, boosting jobs and bringing investment to the area, including the Galloway forest park, the Galloway and southern Ayrshire biosphere, which was spoken to passionately by Emma Harper earlier, and a number of national scenic areas. National park status is, therefore, by no means the only positive landscape designation that can stimulate an area’s potential economic growth.
The case for more national parks is understandably expressed most strongly by those who have dedicated a lifetime to the cause, but there are challenges and requirements that go with national park designation. There are a number of key considerations that still lead the Scottish Government to believe that it would be wrong to raise expectations over any near-future designation of new national parks.
Mark Ruskell (Mid Scotland and Fife) (Green):
Is Graham Dey right when he suggests that SNH does not have the budget to run a national consultation, or even a conversation, about where future national parks could be?
Roseanna Cunningham:
I am about to come on to the issue of costs, because it is central to this issue.
The Scottish Government has real concerns over the costs that would be associated with the designation of new national parks in Scotland. I appreciate that that is a little bit further down the line from the situation that Mark Ruskell is raising, and I will come back to that point. However, I am afraid that we do not share the optimism that new parks could be set up at minimal cost. What has changed since that debate in 2013? The answer is that very little has, in terms of substance, with one huge exception: Governments have less money now than they did then. The reality of the financial situation in Scotland, driven by Westminster cuts, is that funding for new parks would have to be found from elsewhere. Where would that elsewhere be? I note that no one—not one member—had any suggestions in that regard. That silence is telling.
Colin Smyth:
The cabinet secretary will be aware of the point that I made about the potential for a Galloway national park to bring something in the region of £30 million to £60 million into the local economy as a result of its success. Given the concerns about the cost that the cabinet secretary has outlined, what assessment has the Government made about the cost of setting up a Galloway national park?
Roseanna Cunningham:
Colin Smyth raises one new national park. However, the fact is that the report that has triggered the debate talks about seven. Our two current national parks have a combined annual budget of about £12 million that comes out of the portfolio budget. We simply do not have tens of millions of pounds of spare cash to divert towards new national parks at this time. The cost of even one of the seven national parks that are being called for would run into millions of pounds and the costs associated with all seven would run into tens of millions of pounds.
I heard the point that Mark Ruskell was making about asking SNH to do yet another review. I have constant conversations with SNH about the number of things that we refer to it. It is not unreasonable for me to take a view that, if we are to burden SNH with yet more requests, we should think carefully about what long-term outcomes we expect there to be from the work that it does. We are talking about asking it to do something that is premature, not because we are opposed to national parks—anything but—but because, in the current circumstances, we can see no likelihood of being able to assign the finances that are necessary to set one up.
Edward Mountain rose—
Roseanna Cunningham:
I need to get on just a little.
The National Parks (Scotland) Act 2000 clearly sets out the process for the designation of new national parks and the statutory aims that they would be expected to deliver. The estimated timescale for completion is around two years—although I note that Graeme Dey seemed to have a briefing that suggested that it could take longer—assuming that there was a strong case and unquestioned support. I am not sure that we can always just assume that.
The intention behind the act is clear: although national park status can deliver clear benefits to an area, detailed consideration and scrutiny need to be undertaken before decisions are taken to apply the designation to new areas. I applaud the desire to protect Scotland’s iconic landscapes, but the national park model envisaged by the Parliament is somewhat different from the model in other countries, particularly in relation to the act’s fourth aim of promoting sustainable economic and social development. A number of members noted that, but I think that they will also accept that there are many people outside the Parliament who think that the national park designation is about conservation, not socioeconomic development.
Scotland’s national parks are much more than just landscape designations. They are living, breathing places. They are generators for growth that attract business, innovation and, where appropriate, sustainable development. The challenge has been and continues to be balancing the conservation needs of special areas while maximising their potential economic benefits locally and nationally. That is not always easy. Therefore, before applying national park status to new areas, careful consideration must be given to the impact on those areas—not just the conservation benefits but wider opportunities that may be gained or lost. In that regard, I note the exchange about increasing house prices between Maurice Corry and Kate Forbes.
To date, we have seen no convincing evidence on how proposals for the creation of seven new national parks will satisfy the statutory requirements set out in the National Parks (Scotland) Act 2000 and the vision agreed by the Parliament on the role of our national parks.
Edward Mountain:
The argument that the cabinet secretary is advancing is that we create all seven at once. That is not a legitimate way of doing it. She will remember, as I do, that, in 2003, the Cairngorms national park grew from the Cairngorms Partnership, which was already in place. Will she consider promoting local areas working towards getting national park status if she is not in a position to fund new national parks yet?
Roseanna Cunningham:
There is nothing to stop local campaigning and consideration. The point that I am making is that it is not right for me to lead people to expect that that will automatically result in designation. Let us not forget that there will be a huge competition about designation. I am suggesting not that all seven be designated at once—that would be an absolute impossibility—but that there would be a vigorous conversation about which should be first. That in itself would take time to resolve.
There are major issues about affordability that have been glossed over. I listened to Colin Smyth and I take on board the fact that the two national parks were put in place under the previous Administration. However, that Administration was in the glorious position of having so much money that it could return money to Westminster because it could not think of things to spend it on. We are not in that position right now, and we are not likely to be in the near future.
Finlay Carson:
Will the cabinet secretary take an intervention?
The Deputy Presiding Officer:
The cabinet secretary is almost concluding.
Roseanna Cunningham:
Although community support is important, unequivocal local authority support would be essential and would have to address and secure agreement on important issues relating to development planning.
I fully recognise the enthusiasm and desire to build on the success of our existing national parks, but I do not believe that we can divert resources from other priority areas for the creation of new national parks at present. National park status is just one of many landscape designations that can help to boost the economic opportunities of an area. I hope that more attention can be paid to some of those other designations.
Meeting closed at 17:50.