(3 years, 6 months ago)
Commons ChamberBefore I call the Minister, may I say that I am anticipating three Divisions, on new clauses 1, 2 and 3? If there is to be an additional vote, I would like to be informed so that I can call it, but I understand that there are going to be only three Divisions.
I thank all those Members who have contributed to the debate today. It is an important debate because digital connectivity is an integral part of all our lives. For countless people across the country, having fast and reliable broadband and a good mobile connection is vital to our way of life, but for us to truly reap the benefits of the gigabit-capable broadband and 5G, we need to have confidence that they are secure and that means securing the networks on which they are built, the supply chains on which they depend, and the equipment and services that support them. The Bill demonstrates clearly the Government’s commitment to ensuring the security and resilience of our telecoms networks.
Let me turn to the new clauses and amendments. I shall start by addressing new clause 1. As the UK’s communications regulator, Ofcom already plays an important role in ensuring the ongoing security and resilience of our networks by enforcing the current security duties under the Communications Act. This Bill will build on that experience, giving Ofcom new responsibilities and a range of new powers. What the new clause would do is require it to publish an additional statement as part of its annual report. Happily, I can reassure hon. Members that the Bill already has various reporting mechanisms included within it. Under the new and snappily named section 105Z, Ofcom will need to regularly report to the Secretary of State. Subsection (4)(a) makes it clear that that report must include information on the providers’ compliance with the duties imposed on them by the Bill.
Ofcom will also need to report on telecoms security in its annual infrastructure report, and clause 11 specifies that this should include information on the extent to which providers are complying with their security duties under new sections 105A to 105D. The Secretary of State will also need to regularly report to Parliament on the effectiveness and impact of the new telecoms security framework.
On the final point in the new clause of the hon. Member for Newcastle upon Tyne Central (Chi Onwurah) about publishing information on emerging and future security risks, that is not of itself necessarily the most productive way of handling security risks, but the principle that she is trying to get to is very much part of what the Government are seeking to do and, of course, it would be part of what we intend to make sure that we talk about as much as we can within the bounds of national security.
I turn specifically to budget and resources. The hon. Member has set out her concerns about Ofcom’s access to resources and capabilities. It is an issue that my right hon. Friend the Member for South Holland and The Deepings (Sir John Hayes) also touched on. I can tell the House today that Ofcom’s security budget for this financial year has been increased by £4.6 million on top of its current security budget. This funding will allow Ofcom to more than double its headcount of people working on telecoms security, ensuring that it has the necessary capability and capacity to deliver its new responsibilities under the Bill. The hon. Member for Newcastle upon Tyne Central is aware that I have written to the Intelligence and Security Committee about that security resourcing. It was at a level that I cannot go into on the Floor of this House, but I hope that provides the kind of reassurance that she seeks.
Specifically on the future risks that I alluded to a moment ago, we have ensured that the Bill is looking to the future. For example, clause 12(3)(b) amends Ofcom’s information-gathering powers under section 135 of the Communications Act to ensure that it can request information from providers concerning future developments in their networks that could have an impact on security and, when reporting on security, Ofcom must include any information that assists the Secretary of State in the formulation of security policy, allowing him or her to make an informed decision about what should be published as well in due course.
New clause 2 has been the subject of the majority of this debate, and rightly so. One of the phrases used about the ISC was that it adds value; this Government do not dispute for a second that it adds huge value, and I welcome the tone with which the Chairman of the ISC, my right hon. Friend the Member for New Forest East (Dr Lewis), has approached this. I appeared before the ISC with some trepidation, as is probably appropriate for all Government Ministers, but it was a hugely productive part of this process and something that I am more than happy to do again. I do not think that my right hon. Friend necessarily thinks that piecemeal changes to the ISC’s role are the way to pursue what he seeks, but the annual report that he has mentioned will certainly be looked at closely by the Government.
I am very happy to agree with what the Minister has just said. It would not be necessary to keep trying to put these provisions on the face of each individual Bill every time a new unit is set up in a different Department, or a new duty laid on a different Department, if it could be agreed with the Government that the memorandum of understanding would be adjusted as it is meant to be adjusted when these changes occur. However, sadly, no Front Bencher has yet been able to give us an assurance that that is going to happen, and I know that the Minister will not be able to do so, either.
As I say, I am sure that my right hon. Friend will make that point in the annual report, and the Government will look closely at it. However, Members can take some comfort from the fact that much of the advice in relation to the more sensitive technical and national security matters within the scope of this Bill will be provided by the National Cyber Security Centre, and its activities already fall within the scope of the ISC, as my right hon. Friend knows. However, I welcome his approach to this, and I hope that his mechanism, rather than that of new clause 2, will be the one he will support today.
I turn to the last of the new clauses tabled by Opposition Members. New clause 3 aims to include the diversification strategy in the scope of the Bill. Diversification is crucial to the future of our UK networks, which is why the Government set out their plans to diversify those networks in the 5G diversification strategy in November 2020. That strategy includes steps to invest in research and development, to remove technical and commercial barriers to entry for new suppliers, and to increase our influence in standard- setting bodies—all issues that my right hon. Friend the Member for South Holland and The Deepings and others on the ISC are keenly aware of the importance of.
We are pursuing a huge range of different mechanisms to enable diversification, because the Government are fully committed to ensuring that their strategy comes to fruition. However, the diversification strategy moves the whole market forward by broadening the supplier base in many ways that are beyond the security measures that are the purview of this Bill, including increased innovation and competition and the overall growth of the telecoms supply mechanisms.
To give the House an idea of some of the non-legislative measures that we are already pursuing, they include the investment in R&D development facilities such as the National Telecoms Lab and the SONIC—SmartRAN Open Network Interoperability Centre—lab that is jointly at work with Ofcom. We are also working to remove barriers to entry for vendors such as by co-ordinating the sunsetting of legacy network technologies, working internationally to co-ordinate diversification objectives, and exploring the use of commercial incentives to address the cost of incorporating new suppliers into a network.
I asked a question to do with the Northern Ireland Assembly and how cyber-security in Northern Ireland will be protected. Can we have an assurance on the Floor of the House today and through Hansard that that will happen?
I will come on to the devolved aspects in amendment 1 in a moment, but it is of course vital that we continue the collaborative relationship with the Northern Ireland Executive and with the Welsh and the Scottish Governments as well.
The Bill places security requirements on individual operators. They are hugely important, but they are not diversification requirements on the Government’s national scale. Defining diversification in legislation would be limiting in a hugely rapidly evolving market. I know that the hon. Member for Newcastle upon Tyne Central understands the need for agility, and putting what she proposes into legislation would run counter to that ambition.
On the devolved Administrations, amendment 1 would require the Secretary of State to consult Ministers from the devolved Governments when reviewing the impact and effectiveness of clauses 1 to 13. As the hon. Member for Aberdeen South (Stephen Flynn) noted, telecoms is a reserved matter under each of the devolution settlements. I say that, however, in the full knowledge that a constructive and close working relationship with each of the devolved Governments is hugely important, be it in Project Gigabit, in the shared rural network, or indeed in matters such as this. I look forward to that collaboration continuing; it will drive forward our connectivity.
I turn briefly to the amendments that were not selected. My right hon. Friend the Member for Chingford and Woodford Green (Sir Iain Duncan Smith) has spoken passionately about these matters, both privately and publicly. I do not want to go into a huge amount of detail on amendments that were not selected, but I simply say that the actions the Government are taking in the Bill speak powerfully for themselves.
On the specific matter of issuing designation notices to vendors headquartered in other countries, it is important to consider not just whether the kinds of laws that my right hon. Friend mentions exist, but how the Government in question intend to use them. A friendly democracy may, as indeed many do, have laws that would enable it to yield information and data from companies headquartered within their territory. The conduct of such a Government, and our relationship with them, may reassure us that they would not use those powers to do harm to the UK, but there are other cases where Governments that have these laws have acted contrary to the national interest of the UK in the past. As we set out in the illustrative notice for Huawei, there is a law in China that enables the Chinese Government to collect information from companies headquartered within its territory. As the Foreign Secretary has stated, we know that the Chinese state has in the past used its power to undertake malicious cyber-activity. The designation notice that I mentioned demonstrates how the Government could take those sorts of laws into account when exercising the powers that are already in the Bill.
I thank my hon. Friend the Member for Wealden (Ms Ghani) for her work on the NATO Science and Technology Organisation. We very much welcome her preliminary draft report. I would like to express the Government’s commitment to deepening our co-operation with partner nations such as Japan and the Republic of Korea.
I thank all hon. Members on the Government Benches, and indeed on the Opposition Benches, for their constructive engagement throughout this debate. This is an important Bill that enjoys strong cross-party support, in the main. The sooner we can pass it, the sooner we can set about the crucial work of ensuring that our public telecoms networks are secure and resilient. I commend the Bill to the House.
I beg to move, That the Bill be now read the Third time.
I thank right hon. and hon. Members for their contributions today, and I also thank the excellent team of Clerks of the House, those at the Department for Digital, Culture, Media and Sport, and all those involved in the preparation of the Bill. In particular, I thank those who work at our agencies to support so much of what goes into our national security: they are the best among us, and all of us in the House are grateful for their service.
The first priority of this Government is to keep people safe and this Bill is just one step in achieving that objective. It is a precise and technical Bill but an important one none the less. While we might have disagreed on some of the details, it is encouraging that there is such broad consensus across this place and I hope that that spirit of co-operation continues when the other place considers the Bill.
The Bill will ensure the security and resilience of the UK’s telecoms networks for years to come. Bringing it into force on Royal Assent cannot come soon enough. It will create one of the toughest regimes for telecoms security in the world. It will protect our networks and shield our critical national infrastructure both now and in the future, as technologies grow and evolve. With this Bill, we are delivering on our commitments in the 2019 telecoms supply chain review, which were informed by the advice from the world-leading NCSC and GCHQ. Today, we have taken an important step towards putting those commitments on a statutory footing and taking action to protect and secure our important networks.
I hope that, in my response to the amendments and new clauses, I provided reassurance on the role of Ofcom, the importance of diversification and the other matters raised. I welcome the constructive challenge of Members on those points, and I hope I have reassured them that we are pushing in the same direction. I thank all Members for their contributions. I commend the Bill to the House and look forward to it passing through the other place.