Westminster Hall is an alternative Chamber for MPs to hold debates, named after the adjoining Westminster Hall.
Each debate is chaired by an MP from the Panel of Chairs, rather than the Speaker or Deputy Speaker. A Government Minister will give the final speech, and no votes may be called on the debate topic.
This information is provided by Parallel Parliament and does not comprise part of the offical record
This has been an important and timely debate. I am glad that my right hon. Friend the Member for Chingford and Woodford Green (Sir Iain Duncan Smith) has provided the Government with an opportunity to clarify some of their position.
As he knows, the Government’s first priority is to protect our citizens and their interests. That means that the security of our telecoms and critical national infrastructure is of paramount importance. That is why we undertook the telecoms supply chain review—to allow us to make hard-headed, evidence-based decisions.
The UK is a global leader in cyber-security. Our world-class security agencies have set out their security analysis of the telecoms sector in a level of public detail unmatched anywhere in the world.
It is because of the need to manage the risks to national security that we have made the decisions that we have on high-risk vendors, concluding that there needs to be strong restrictions on their presence in the network. It is because we need to improve the security of the network overall that we need a new security framework for telecoms.
Over time, our intention is to reduce our reliance on high-risk vendors, as market diversification takes place. We want to get to a position where we do not have to use a high-risk vendor in our telecoms network at all.
In a moment. Although it is driven by security, our decision making reflects the reality of the UK network and the global supply chain marketplace, and that is why diversification is key. I give way to the Chair of the Foreign Affairs Committee.
Can I be very clear on what the Minister said? He is saying that the Government’s aim is to reduce to zero high-risk vendors, of which Huawei is one.
As I say, we want to get to a position where we do not have to use a high-risk vendor in our telecoms network.
This is a very important point. I want to know, and I think the rest of the House would like to know, whether it is now Government policy to drive to 0% involvement by Huawei and other non-secure vendors. Is that now the policy—not just to 35%?
Our aim is not to be reliant on high-risk vendors at all. I appreciate that my right hon. Friend would like me to set out a timetable for that, but I cannot do that today.
There are major market problems we need to address and they are common to all western nations. We have to remain hard-headed and evidence-based. We want to ensure that, as new technologies develop, we have a vibrant and diverse ecosystem of suppliers that we can rely on. The decisions we have made in this area are the right ones because they are based on hard evidence.
We are not getting at the Minister, who we hold in high regard, but at the decision that he is, unfortunately, having to defend. He is now talking about the economics. The problem is that because Huawei is so bankrolled by the Chinese state, it can simply undercut other providers. Even if Fujitsu and Samsung—not to mention UK companies—want to come into the market, so that there is a diverse, multiplayer, western market in 5G, it is very difficult to get to that because Huawei will always undercut, and telcos are heavily indebted and therefore will do Huawei’s bidding. That is a structural problem.
I will come on to what we will do to try to promote market diversification in a moment. Suffice it to say, we do not and will never put anything other than national security at the very top of our agenda on this issue.
I want to clarify a very simple point. The moving to 0% of high-risk vendors seems good common sense to me. Is the Minister telling the Chamber that Huawei is classified by this Government as a high-risk vendor?
Yes. Huawei and ZTE are both high-risk vendors, as we have said previously.
I fear making no progress at all if I keep giving way.
Put simply, in the view of the most expert telecommunications specialists in the world, as others have said in the debate, a limited amount of carefully controlled hardware from China does not compromise our national security. This Government will continue to do all it can to put the experts who hold that view, both private and public sector, at the disposal of this House. I am grateful to all those hon. Members who have taken up the opportunities for such briefings and I wish they were greater in number. The Government are confident that we are putting the nation’s interests first.
I say to the Minister that a mixture of good and bad is not diversity. That is the first thing. He says that he puts the security of the nation first. In pursuit of that, the Government have claimed that there is no back door to Huawei hardware. The Americans assert differently. The Germans agree with them. Other countries agree with them. He served on the Bill Committee for the Investigatory Powers Act 2016. I remind him of sections 252 and 253, which give us the right to have a back door. How can we have a back door, when the hardware installer, the hardware supplier and the hardware administrator does not?
My right hon. Friend highlights the need for oversight, which I will come on to talk about in a minute.
Telecoms networks are complex. They rely on global supply chains, where some limited measure of vulnerability is inevitable. The critical security question that we have to ask ourselves is how we mitigate such vulnerabilities and stop them damaging the British people and our economy.
The Minister has repeatedly said that the security of our country is paramount. Surely if we queer our pitch with Australia and New Zealand, that militates against looking after the security of this country.
I will come to the international picture later, if I get the chance.
The Minister keeps talking about the security of the nation, but we know that many UK companies working in the areas of photonics and quantum are concerned about national security. They want to scale up but cannot get funding from his Government, and they therefore look to countries such as China in order to expand—another area where this Government are failing.
The hon. Member raises a point that I would be happy to cover in another debate, but the Government and I share some of her concerns.
It is because of our security and intelligence agencies that we have a comprehensive understanding of the threats and risks of 5G, and I would like to remind right hon. and hon. Members—not that I need to—that our agencies are the envy of the world. They work every day to safeguard our national security and put the UK’s interests at the heart of everything we do. The National Cyber Security Centre has provided expert technical and security advice on 5G. They are experts in the technical changes that will take place in the network and in the risks we currently face from the presence of high-risk vendors’ equipment in our networks and those of many of our allies. They are experts in security, including the national security threats that we face today. Our unique shared understanding of security threats and risks, together with that of the technical characteristics of the network, means that the NCSC is in the best possible position to advise on the cyber-security of the UK’s telecoms national infrastructure.
The Minister has so nearly got the Government to the right position. He has admitted that Huawei is a high risk and that it is the Government’s intention to get to no high-risk vendors. He has admitted that he listens to our allies, who are overwhelmingly against Huawei’s involvement in the 5G network. Australia, France and the United States have all said that they have taken advice. We know that Korea has gone for an alternative supplier. Why can the Minister not follow the logic of what he is saying and tell us, “Yes, we are going to get out of Huawei over a fixed period of time and work closely with our Five Eyes allies.”? He is so nearly saying the right thing, but he has a ghastly brief because the Government have got themselves into a mess. They have inherited a mess from their predecessors. Why can he not be honest and say, “We want to get to zero, and that is the safe place to go to.”?
I hope my right hon. Friend takes significant comfort from what I have said: we want to get to a position where we are not reliant at all on high-risk vendors.
We have confidence in the independent technical assessment from our security experts and, importantly, the telecommunications industry has confidence in those assessments, too. That is why we have been in a position to publish as much of our security assessment as we have done. As a result, we have the most detailed study of what is needed to protect 5G networks anywhere in the world. We are not naive about Huawei or its relationship with the Chinese state. Since Huawei has entered the UK network, it has been carefully managed. Through the cyber-security evaluation centre and the oversight board, we have the greatest access to, and insight on, Huawei equipment anywhere in the world.
I am grateful to the Minister for giving way yet again.
Does he understand that many of us take issue with what he has just said? First, figures from the security world who have publicly spoken up, such as Richard Dearlove, are hostile to what the Minister says. There is a sense that the Government have given our security agencies a fait accompli, because almost all our allies’ cyber-security agencies take a diametrically opposed view to the one that he presents. Secondly, will he acknowledge that the Banbury Cell now has very serious concerns about Huawei?
As I said, we are introducing the new regime because of some of the concerns that my hon. Friend addresses. I reiterate the Government’s offer to put at the disposal of any Member of the House as many experts from the public and private sectors that we can, so that colleagues can be in touch with the latest thinking on this issue.
We understand the threat from China and are robust with it when our interests are challenged. We will continue to publicly call out malicious cyber-activity, and the decision to categorise Huawei as a high-risk vendor took into consideration the potential links between Chinese companies and the Chinese state, including the fact that Chinese companies are subject to China’s national intelligence law. The UK has also been vocal in drawing attention to the systematic human rights violations against Uyghur Muslims and other ethnic minorities in China. The Government have set out our expectations of businesses in the UK national action plan on business and human rights.
The telecoms supply chain review, which was laid before the House in July 2019, underlined the range and nature of the risks, highlighting the risks of dependence on one vendor, faults or vulnerabilities in network equivalence equipment, the back-door threat, and vendors’ administrative access. We need to be alive to the totality of the risks that the telecoms network faces today and will face in the future. High-risk vendors are part of that security risk assessment, but they are not the sole factor.
I want to address some of the myths about how the network will develop. It is true that technical characteristics of 5G create a greater surface area for potential attacks, but it will still be possible to distinguish different parts of the network. As my hon. Friend the Member for Rushcliffe (Ruth Edwards) said, what matters are the critical functions within the network. We need to ensure that critical functions, wherever they are, have appropriate security.
I will come to the issue of the network’s core and edge, which will answer some of the questions that Members want to ask.
Ian Levy, the technical director of the National Cyber Security Centre, set out in a recent blog post that the notion that there is no distinction between the core and the edge cannot be true. He says that, with 5G networks,
“you need lots of smaller basestations as well as big ones, and the small ones will be on lampposts, bus shelters and other places that aren’t secure from physical interference by bad guys. So, if your network design means that you need to run really sensitive functions processing really sensitive data (i.e. core functions) on an edge access device on top of a bus stop, your choice of vendor is the least of your worries and you probably shouldn’t be designing critical national infrastructure. The international standards that define what a 5G network actually is allow you to do all sorts of things, and some of those things could lead to security or operational risks that can’t be mitigated. That doesn’t mean you have to do them.”
We in this country will not do such things.
I will give way briefly to the Chair of the Foreign Affairs Committee.
Does the Minister recognise that it was not Tim Berners-Lee, but Rod Stewart, who foresaw the amazing power of the internet? It is not just the technical experts, but the imagination of people who will build on their technical skills, that will determine where the risks really lie.
My hon. Friend knows that we have some of the most imaginative experts working for us in our agencies, which is why we are establishing one of the strongest regimes for telecoms security in the world—a regime that will raise standards across the UK’s telecoms operators and the vendors that supply them. At the heart of the new regime, the NCSC’s new telecoms security requirements guidance will provide clarity to industry on what is expected of network security, and it will raise the height of the security by including the supply chain management. The Government will legislate at the earliest opportunity to introduce the new comprehensive telecoms security regime and new statutory telecoms security requirements, which are to be overseen by both Ofcom and the Government.
I will not take any more interventions.
We expect that the new regime will include new obligations on telecoms operators to comply with telecoms security requirements, and we are considering whether Ofcom requires further power to ensure that, as we have said before, high-risk vendors will be excluded from security-critical network functions, limited to a minority presence of up to 35% in other network functions, and be subjected to tight restrictions.
Those controls are not without cost. BT has already identified a £500 million cost to it alone, and we did not take these decisions lightly. We will legislate at the earliest opportunity, and that legislation will be important in enabling the Government to manage the risks to the network and enforce conclusions on high-risk vendors. However, it also needs to be flexible enough to allow us to continue to manage the risks as they evolve; as I have described, we will manage them over time. I want to reassure Members that the Government share the ambition that our long-term goal is to reduce our reliance on high-risk vendors, and a timetable must be contingent on diversification in the market.
Successive western Governments have failed to ensure that there is effective competition in the market, and we are faced with a very narrow choice of suppliers for these technologies. Through a strategy of market diversification, we will seek to attract global vendors and to ensure there are new entrants into the supply chain, and we will promote the adoption of open, interoperable standards. We are already in talks with Samsung, and our 5G test beds and trials programmes do not use high-risk vendors. We need to work quickly with like-minded countries to develop a diversification strategy.
The debate on 5G security is global, and our Five Eyes network and other partner relationships are incredibly important. We will continue to work closely with them, and we know they understand the decision that we have taken. I conclude by saying simply that national security will always be at the top of our priorities and we will work to move towards no involvement of high-risk vendors.
Motion lapsed (Standing Order No. 10(6)).