The Rest Is History: Introducing... The Rest Is Money

Hello everybody, Dominic Sambrog here. Now, rest assured, you can rest easy. I know this

episode is entitled, The Rest is Money, but you can relax because Tom would be delighted

to know that this is not going to be an economics themed episode of The Rest is History. Now

Tom himself is away on his summer holiday, so he's off doing his thing, kind of digging

for coins or talking to dinosaurs or campaigning on behalf of the Stonehenge Tunnel, which

I know he's very keen on. But actually what this is, it's a quick message to let you know

that Goalhanger, that's the company that produce The Rest is History, have launched a new podcast

presented by Robert Peston and Steph McGovern, and it is called, The Rest is Money, catchy

title. Now, if you know those names, you will probably know Steph Best from her Channel

4 TV show, but for over a decade, she was a business correspondent for BBC News. And

I don't know how many people know this, but she actually began her career as Robert Peston's

producer at the BBC back in the days of the financial crisis of 2007 to 2008. And if you

are a British listener, then you will undoubtedly be familiar with Robert Peston, who is currently

ITV's political editor and was previously the economics editor at the BBC. So if you

enjoy the financial and economic history that we sometimes touch on and The Rest is History,

and frankly, left to me, we would touch on it more often, but that's a different issue.

Anyway, if you enjoy the financial and economic history, then I know that you will enjoy this

new podcast. The show is all about following the money, charting the latest developments

from the world of economics, business and finance, both at home and abroad. So just

search for The Rest is Money, wherever you get your podcasts.

I know everybody wants to know what's in the first episode, I'm going to tell you. In the

first episode, Robert and Steph discuss whether the British high street can survive. Why has

the UK stock market, the British stock market, why has it fallen from being one of the biggest

in the world a decade ago to lagging behind Saudi Arabia's stock market in 2023? Shocking

scenes. How is it that cyber attackers are targeting at critical infrastructure like air

traffic control and the national grid? And just why is the French government paying its

farmers 200 million euros to destroy their wine surplus? Absolute textbook French behavior.

You would not see us destroying our real ale surplus. So hold on to your hats because

here is a quick clip from the first ever episode of The Rest is Money. Enjoy.

We're now going to look at, well, you know, an issue that's been blighting, you know,

hundreds and hundreds of thousands of people, which is, you know, the collapse of air traffic

control, but we're going to broaden it. We're going to look at critical infrastructure.

Before we do, can I ask a question? Because whenever something like this happens, your

phone normally goes wild. So come on, you'll know the truth. Was it a technical issue?

Okay, so look, obviously, I've tried to sort of get to the bottom of this by talking to

spooks, ex spooks about whether or not this was a cyber attack.

Do you have them saved in your phone as spook?

That would be telling. Now, and I have to say the consensus in that community is that

this was a cock up by a traffic control rather than a cyber attack. I suppose the only thing

I would say is from long and slightly painful experience is they would say that, wouldn't

they? But in the end, having spoken to a lot of people about it, I think this probably

was, you know, choose my words. Carefully, some would say it's incompetence and truth

is air traffic control do need to reassure us that we need to get to the bottom of why

this happened given the disruption. But it looks as though this was a management failure

rather than attack. But one of the things that I have been thinking an enormous amount

about actually broadly, since COVID is the potential for catastrophe in this country,

right? COVID, the banking crisis, these were catastrophic events that we didn't protect

ourselves against. Another potential catastrophic event would be the failure of critical infrastructure.

Now, the air traffic control system is critical infrastructure. It caused massive disruption

to lots of people. It was bad. It'll have an economic cost as well as massive inconvenience

to lots of people. But there are failures of infrastructure that can bring the country

to its knees. And the question, therefore, is whether we are protecting ourselves enough

against those risks? You must have been into an air traffic control

centre as well, because it's incredible when you go into these places, isn't it? And it's

hard for people to picture. You know, if you think about it, there's something like two

and a half million flights in UK skies every year. And what you've got when you go into

these air traffic control centres are people who are basically sat intently looking at

screens. So this is so computer based. And that's part of where the vulnerability is,

isn't it? But I remember when I went to one of them, I was just amazed because you have

to think in 3D when you sat watching the screen, which I couldn't really do. I couldn't, to

me, I looked at the screen and I thought loads of planes were about to crash into each other.

But this person obviously was so well trained and intently staring at this. But, you know,

I remember them saying that they have to have quite a lot of breaks because of this. They

can only sit looking at that screen for so long before they have to leave. And they're

encouraged to have naps of its night times and things like that. But the fact, my point

being is the fact that it's so computer based means that that is a vulnerability, isn't it?

All our critical infrastructure is now based on network computers. And, you know, that

means if there's a bug in the system, it could be an accident. That's, you know, that can

cause a big problem. And if, as I say, a bad actor, well, let's go back to the WannaCry

worldwide attack, which caused mayhem for the National Health Service in 2017. You know,

huge amounts of the... Your mind is what happened again.

So in 2017, huge amounts of the NHS's computer systems were brought down by a cyber attack.

It was known as WannaCry. This was a global attack. And actually, the NHS systems were down

for days until they found, you know, what's known in the trade, the kill switch. So we've had

experience in this country of the damage that this can do. Now, on the plus side, the government

has become more aware of these risks. And every two or three years, it publishes a book, a book

which goes through all the potential catastrophic risks that the country might face.

This is the National Risk Register.

It's the National Risk Register. The latest one came out just a few weeks ago after Parliament

rose. Actually, it didn't, in my view, attract as much attention as it could. Now,

one of the risks that it categorizes as the most serious is what it calls the failure of the

National Electricity Transmission System. And I want to read you what it says about this.

It says, a nationwide loss of power would result in secondary impact across critical

utilities networks, including mobile, internet, water, sewage, fuel and gas. This would cause

significant and widespread disruption to public services provision. We're talking about the NHS

here. Businesses and households as well as loss of life. And it also says that if the electricity

transmission was brought down in the way that it fears could happen as a result of a cyber attack,

the restoration of critical services may take several months. So we are talking about a risk

that is not just going to cause us inconvenience for a few days, but could actually undermine the

functioning of the economy. I don't know in the end how much weight we put on these things,

but it also puts a probability on the risk of this kind of collapse of the National Electricity.

And it says there is a risk of between one and five percent. So that's a one in 20

risk of this system going down. That sounds scary. And so you just have to assume,

if there's a one in 20 risk, that they are spending whatever it takes to protect us.

Because we saw in the case of the collapse of our banks in 2007, 2008, and we saw in the case of

Covid, that risks that would have been considered roughly the same, something like one in 20,

happened. And we weren't prepared for the banking crisis and we weren't prepared for Covid.

So we just got to hope that actually they have put in place serious contingencies for this already.

So this to happen, we're talking about something like the National Grid having a cyber attack,

aren't we? Well, the National Electricity Transmission System is indeed another way of

looking at the National Grid. Yeah. So to explain what that is, this is basically the company that

manages the network and distribution of electricity, that powers all of our homes and businesses.

And it's a very complex system. I think you've actually been in the game of the control room

and it can see where the power is going. If there's too much power going in one place and they

haven't got enough supply, they're able to shift it from other bits of the country. It's a complex

and important operation. Honestly, it looks like you're on admission impossible or something like

that when you go into the National Grid control room. Because I mean, when I was last there

in the Chief Executive, you've just got this massive screen that's constantly monitoring

how much we're consuming, which obviously changes at the course of the day. It shows the amount

we're generating and their job is obviously to try and balance this up. It shows the breakdown of

where the power is coming from, which has always been interesting actually in terms of where we're

relying on our sources of energy. And then they predict how much we're going to use. And what's

interesting, you say that point about, are they prepared for this? They've got quite a lot, the

National Grid put out quite a lot about what they're doing around cybersecurity. So for example,

they've said over a 24-hour period, their cybersecurity teams identified 1.1 million emails,

all attempting to reach the National Grid email address. 0.7 of them, million, were recognised

as potentially malicious and therefore blocked from entry. And obviously the rest 0.4 were deemed

as safe. But that's incredible that proportion of dodgy emails essentially.

The other thing to bear in mind is some of these risks are the direct, when I talk about

National Critical Infrastructure, some of these risks are directly the responsibility of the

government. So the NHS will be a case in point. But quite a lot of our critical infrastructure

is in the private sector, take a bank. So again, the National Risk Register looks at the risk of a

cyber attack on a bank or a financial market. Now, again, obviously, resilience against either a

cyber attack or failure is something that any business will take seriously. And it is obviously

something that the government will take seriously. But, and this is the thing where I wonder whether

or not, whether you're in the private sector, the public sector, you've got your priorities right.

On any given day, what you're most obsessed with is, are you delivering the service as best you

can to customers? You know, are you essentially, if you're in the private sector, supplying the

services that are going to bring in the cash today, that are going to pay your wages, generate your

bonus and all the rest of it. And there is a natural human temptation. And we see this in

business and we also see this in government, that if there is a risk of catastrophic failure,

but it looks quite small, you think, oh, well, I'll spend the money on protecting us from that

tomorrow because I want to invest today in getting as many people in through the door or

providing as many operations on the NHS rather than making the systems as robust as we possibly can.

We are bad culturally at making those long-term decisions, spending money for the long term

against a risk that seems remote. And we can see the failure and the costs of that, as I say,

in the banking crisis, where we didn't put in place the relevant protections ahead of time.

We can see the failure of that in the way that we didn't protect ourselves. This is what that

great national inquiry into COVID-19 is looking at. We did not protect ourselves against the risk

of a pandemic in the way that we should. And so this is the beginning of a conversation on this

programme or the end of a conversation. You know, one of the things that we're going to have to look

in the course of this series is, our businesses is the government spending the money now to protect

us against these catastrophic risks. And I'm afraid to say, I just don't have a confident answer to

that, partly because quite a lot of people who've been at the heart of government have consistently

said to me that government is too focused on the short term, what's going to win them a general

election, what's going to stop the public accounts committee criticising them, because one of the

problems with spending a lot of money on a risk that never materialises is people then say, well,

you wasted all that money. I don't know if you remember, a lot of money was spent on protecting

us against a flu epidemic that never came. And people got criticised for spending that money.

Well, actually, I think that was the right mindset.

But it's working out which area to spend it in as well. I talked to a lot of small businesses,

and for them, they haven't got the money because of all the other pressures at the moment in business.

And maybe I've no idea what it is they're trying to protect themselves against, because the thing

we all know about these cyber criminals is they're incredibly sophisticated. It could be very hard.

What do small businesses do? Do they have someone who's set aside solely to do that? And how does

that person even know what's to come from all of this? And the other sort of complicated area in

all of this is we know a lot of cyber criminals are in Russia. And actually, there have been cyber

attacks by essentially gangs, basically planting ransomware. So for example, there have been NHS

attacks this year. It looks as though these are... Hang on a minute. There have been NHS attacks this

year. What are you on about? For example, there was a reported attack on computers linked to

Manchester University where they were holding a lot of data on patients, right? And this came from

Russia. And the point one is making is that there is a huge amount of technical expertise in Russia.

There are a lot of criminals in Russia. What we don't know is how much of this attempt to extract

ransoms by Russian gangs is sanctioned by Putin, sanctioned by the state. When I talk to the intelligence

services and people in that area, they also are constantly on guard for an attack more explicitly,

not by sort of freelance criminals, in a sense, underwritten by Putin, but more directly by

the cyber arm of the Russian intelligence service. And in fact, truthfully, there is some surprise.

We haven't seen more from Russia in that sense, trying to basically bring down our infrastructure.

But the fact that we haven't seen it yet doesn't mean that we're not at risk. It is something we

have to be wary about. Do you reckon the Russians are using the data they managed to get about us

to from this BBC hacking incident that we've both had letters about? Well, yes. I mean,

so one of the other, you know, attempts to extract money effectively blackmail was this,

again, worldwide attack on a number of big institutions. One of the institutions that

was attacked was the BBC. I haven't worked at the BBC since the end of 2015. So quite a long

time now, they've managed still to extract a card on my personal data. Yeah, you've got the same

email and letters. I was with Angela Rippon when she got her letter too.

Shockingly, there is no mention in that first episode of the birth of modern capitalism and the

Dutch golden age. That is, if you care about the Dutch golden age, which I don't. Once he returns

from his pilgrimage to random British seaside towns, I am sure that Tom Holland will be picketing

at the gates of Pestin Towers. Anyway, if you enjoyed that, and if you want to hear the first

episode in its glorious entirety, then remember, just search for the rest is money wherever you

get your podcasts and click subscribe. That's very important. Click subscribe. Do not fail to

click subscribe. In the meantime, have a lovely weekend and make sure that you tune in to the

rest is history on Monday for our stunning episode about the real Harry Potter, flogging bad behavior

in dormitories, 18th century revolts, militias, mad public school headmasters. We have it all.

It's the rest is history episode to end all rest is history episodes. Subscribe to this money thing

as well if you want to, but definitely listen to us. Goodbye.

Machine-generated transcript that may contain inaccuracies.