(3 years, 5 months ago)
Grand CommitteeMy Lords, in speaking to Amendments 18 and 25, to which I have added my name, I have in mind the very purpose of the Bill itself, which is, I take it, to ensure the security and resilience of our telecommunications capability here in the UK. The Bill as drafted places certain duties on the providers of those capabilities and gives powers to the Secretary of State to make regulations and issue codes of practice. This is all well and good, but these somewhat mechanistic, albeit welcome, measures will not by themselves result in the necessary degree of security and resilience.
As I said at Second Reading, things move quickly in the world of technology, and they will move even faster during a determined attack on our telecommunications infrastructure. If we are to respond successfully, we will need to be both agile and adaptable. The measures in the Bill will, by themselves, not ensure this.
One of the reasons why we are even considering this Bill is concerns over the position of Huawei in our telecommunications architecture, the clear channel that runs through that company to the Chinese Communist Party, and the ensuing vulnerability of our system. None of this comes as a great surprise, but we have allowed ourselves to get into a position where we are now having to play catch-up. This is largely because we spent the first half of the last decade thinking almost exclusively of the economic opportunities offered by China and very little about the associated security risks; in other words, our decision-making process was unbalanced and distorted. Without proper safeguards, we could easily find ourselves in a similar situation with regard to some future threat.
What sorts of safeguards might help prevent such an occurrence? There is no single answer to this question but at the very least we need a process that provides an appropriate degree of horizon scanning and that, importantly, draws in expertise from across technology, business and security organisations and, indeed, from across different government departments, to give us the best chance of coming to a balanced view.
That is what Amendment 18 seeks to do. It will not cure all ills but it will provide us with a mechanism to drive adaptability, not just in our architecture but in our thinking, something that is traditionally hard to achieve. Of course, the Minister may say that the Bill is not the place for setting out this kind of thing. My response to that would be: if not here, then where? The responsibilities outlined in the amendment must be met if we are to achieve the Bill’s laudable purpose.
Amendment 25 is in many ways a follow-on from Amendment 18. It calls for the deliberations of a horizon-scanning body and the ensuing policies and actions to be presented to Parliament in the form of a comprehensive strategy. Most importantly, it seeks to ensure that such a strategy is coherent with other elements of government policy, as set out in various documents, such as the integrated review, and in other legislation, such as the National Security and Investment Act. It also seeks to encourage international co-operation in this regard. I believe this is essential, since we rely so heavily on collective security for our national safety. The noble Lord, Lord Coaker, has already highlighted the importance that NATO now attaches to the whole area of communications and cyberspace.
Taken together, these two amendments put in place measures that would improve our agility and adaptability and thus strengthen the Bill in terms of its ultimate purpose. If the Government are going to set their face against such measures in this legislation, I ask the Minister to explain how the essential functions they prescribe are to be carried out and how Parliament can be confident of their success.
My Lords, it is a privilege to speak after the noble and gallant Lord, Lord Stirrup. I support Amendment 18, in the names of the noble Lord, Lord Coaker, and the noble and gallant Lord, Lord Stirrup, and Amendment 25, which is also in the name of the noble Lord, Lord Alton.
These amendments propose a pathway forward that would ensure we are well equipped to handle the challenges that will inevitably come our way in the next decade. Amendment 18 places a requirement on the Secretary of State to create a body designed to analyse and consider existing and emergent threats in the telecommunications sector, incorporating representatives from the major bodies of our national security matrix. This body would then be required to lay an annual report before all Members of Parliament, ensuring adequate parliamentary scrutiny and oversight. Indeed, if not for Back-Bench agitation, we might still be aimlessly integrating Huawei into our critical infrastructure, lagging behind our Five Eyes allies in recognising the security threat that such high-risk vendors pose.
Amendment 25, building on the horizon scanning outlined in Amendment 18, requires the Secretary of State to publish a long-term telecommunications strategy in partnership with the aims and outcomes of our closest Five Eyes and NATO allies. In alignment with the integrated review of security, defence, development and foreign policy, this strategy would ensure that long-termism is built into our thinking across both our economic and strategic aims in the coming decade.
We have one of the most sophisticated and advanced intelligence-gathering apparatuses in the world. We are a significant asset to our Five Eyes and NATO allies and a crucial linchpin in ensuring the international order. Yet we have been slow to respond to the rapidly changing digital landscape that we find ourselves in.
An obvious example of this is the much-discussed high-risk vendor, Huawei. It is extraordinary to think that all the way back in 2013 a report from the Intelligence and Security Committee concluded that Huawei posed a risk to national security and that private providers were responsible for ensuring the security of the UK telecoms network. Yet now, according to Ofcom, Huawei accounts for about 44% of the equipment used in providing superfast full-fibre connections directly to homes, offices and other businesses in the UK.
In a Statement to Parliament last year, the Foreign Secretary made the welcome announcement that
“high-risk vendors should be excluded from all safety- related and safety-critical networks in critical national infrastructure”—[Official Report, Commons, 28/1/20; cols. 710-11.]
and yet, due to how embedded this vendor has become in our critical infrastructure and the lack of competition, Huawei, as we have heard, is not set to be removed as a provider until 2027. It should never have reached this point. A horizon-scanning body and deeper parliamentary oversight would ensure that we are not left sleeping at the wheel again. How was it that our Five Eyes allies were significantly more alert to this risk than we were?
Furthermore, without cross-body co-ordination, the rapid advances in technology we are set to witness over the coming years will make it even more difficult to adapt to threats as they manifest themselves. GCHQ Director Jeremy Fleming suggests that the UK needs to prioritise the advances in quantum computing, as well as working with allies to build better cyber defences and shape international standards and laws in cyberspace. With quantum computing becoming more mainstream, there is a risk that a sudden increase in processing power could render existing encryption methods useless.
These are just some of the challenges we face. The future of our security and sovereignty will depend on the steps we take in this Bill. According to MI5, at least 20 foreign intelligence services are actively operating against UK interests. We have a remarkable security and intelligence community but, as we enter this new era, we must accept that our ability to adapt to emerging challenges will be the defining feature that drives us forward and keeps us ahead of other nations that would challenge our national interests.
We have seen how easy it is for a digital attack to break down our critical systems. Just last month, a ransomware attack in the US took down the entire Colonial Pipeline infrastructure, which transmits nearly half the east coast’s fuel supplies. Analysts have suggested that hackers could have been inside Colonial’s IT network for weeks or even months before launching their ransomware attack.
This issue extends into the digital space. A 2018 report commissioned by the US Senate intelligence committee, The Tactics & Tropes of the Internet Research Agency—a Russian propaganda unit—revealed that there was:
“A sweeping and sustained social influence operation consisting of various coordinated disinformation tactics aimed directly at US citizens, designed to exert political influence and exacerbate social divisions in US culture”.
I posit that we may not even be aware of the scope of the disinformation and destabilisation occurring online that is challenging our sovereignty and internal security.
I support these amendments in light of the fact that it has taken considerable Back-Bench activity to alert us to the security issues posed by high-risk vendors; that we are still not thinking clearly on China; and that we need systems and structures to ensure that long-termism is built into our thinking across both our economic and strategic aims in the coming decade.
My Lords, Amendment 18 would require the Secretary of State to
“establish a body … to consider emerging and future developments for the telecommunications sector for the purposes of identifying current and emerging security threats.”
Amendment 25 would require the Secretary of State to
“publish a long-term strategy on telecommunications security and resilience.”
These are very sensible proposals, and the speakers have made a cogent case. I thank the noble Lord, Lord Coaker, for his wide-ranging and positive introduction to these amendments.
This is an extremely complex area, as we have heard, not only within our discussions of the Bill but beyond. We know from bitter experience that something can be flagged as a risk and then, without proper focus on it—given all that Governments have to focus on —follow-through is less than systematic. Think of pandemics, flagged, not least in the 2015 strategic review, yet followed through with little or no preparation. This picks up a theme that the noble Baroness, Lady Stroud, emphasised in relation to Huawei: awareness but lack of action. Therefore, the case for a body that looks at this area in the widest sense is compelling.
My Lords, this point is very important and has been put across very well by the noble Baroness, Lady Merron. Network diversification will increase resilience and security for various very obvious reasons. The main thing is not just the supply chain. How the internet works is that messages are split over a whole lot of different routers going all over the place. Two things happen. First, because it is split up, if they are all going across different vendors, it is impossible to intercept the entirety of the messages. If it is all over one vendor and there is a clever way of monitoring that, it might be possible to put it together. Funnily enough, if you have lots of vendors, it does not matter whether Huawei is in there or not, and you will end up with flaws.
Also, the resilience of the internet is such that if you knock out a good chunk of the routers, it will still work and automatically route around the ones that have not been knocked out. If they are all from one vendor and all have the same flaw in them at some point, whether they are friendly vendors or not, you can take the whole lot out at once. The very fact that you have a good mixture gives you greater resilience and security. Everyone seems to think that it still runs over a copper wire from one end to the other, but it does not. The IP world is very different from that. That is the main thing.
Amendment 20 is also about long-term strategy. My noble and gallant friend Lord Stirrup is right about all these things. Although the amendments are not in this group, I might as well say now, rather than waste the Committee’s time later, that this lies with the principle of Amendments 18 and 25, that we need the right advisers, who can then advise on the issues that we are now discussing in Amendment 24. It all hangs together. We should not be chopping this up and structuring the Bill in a way that makes us vulnerable.
We may think that we have got the right people in, but we have clearly failed to do all this so far. This is the place to rectify our blindness. From the Minister’s comment, I think that the major change is the diversification and proliferation of civil service departments that are involved in security. That really does reduce our security. The lack of coherence will cause confusion like nobody’s business and will be very expensive.
My Lords, I support Amendment 24, tabled by the noble Baroness, Lady Merron, which adds a new clause to the Bill that would tackle the pressing issue of network diversification.
As we have heard, the amendment places a duty on the Secretary of State to produce an annual report to Parliament on the progress that has been made in diversifying suppliers for our critical infrastructure in our telecommunications networks and services. The report would then be debated in the other place, ensuring that there is sufficient parliamentary oversight of the successes, challenges and opportunities of our diversification strategy. As I think about it, I am not sure why the Government would not want to commit to such an undertaking. As we have already heard this afternoon, the diversification of our telecoms networks needs to be a priority for this Government and an integral part of Ofcom’s reporting on the progress of these networks.
However, it is important to note that we have a Government who understand the seriousness of this issue. Indeed, the Secretary of State told the other place on 30 November 2020:
“We must never find ourselves in this position again. Over the last few decades, countless countries across the world have become over-reliant on too few vendors”.—[Official Report, Commons, 30/11/20; col. 75.]
This should never have been allowed to happen, and as I have mentioned, I fear that without the adequate parliamentary oversight that this amendment could give us, it is at risk of happening again.
Despite the reassuring statements from the Foreign Secretary, as highlighted in Tuesday’s Committee by the noble Lord, Lord Alton, we have seen new vendors come to market that are also high risk. The noble Lord said:
“Last week, we learned that, in a deal estimated to be worth £63 million … the UK’s largest producer of semiconductors … has been acquired by the Chinese-owned manufacturer Nexperia. Nexperia is a Dutch firm but is owned by China’s Wingtech.”—[Official Report, Lords, 13/7/21; col. GC 461.]
On Wednesday, this led to the Prime Minister expressing concern after the Business Secretary had said that the Government were monitoring the situation closely but did not consider it appropriate to intervene at the current time.
This new challenge is set against the backdrop of the noble Lord, Lord Grimstone, who is at the Department for International Trade, telling the House that he wants to deepen trading relations and trade deals with China, and of China having just overtaken Germany to become the UK’s biggest single import market for the first time since records began. Goods imported from China rose 66% from the start of 2018 to nearly £17 billion in the first quarter of this year.
(3 years, 5 months ago)
Lords ChamberMy Lords, it is a privilege to speak after my noble friend Lord Alton, following his extraordinary commitment to the Uighur community and to issues of human rights. I too will speak in support of this hugely important and timely Bill.
The UK stands at a reset moment in an increasingly changing world. We have delivered on Brexit, confronted a global pandemic and have an ambitious levelling-up agenda. It is in this context that we are looking now to empower those who have been left behind, revolutionise our critical information infrastructure with the rollout of 5G and see us become a more prosperous and innovative nation. Yet, as we get ready to build back better, it is also time for a rethink of our geopolitical, strategic and technological approaches to make a more honest assessment of the world we find ourselves in, ensuring that we harness the opportunity to become stronger, safer and more prosperous than before.
I support this Bill, as it is the first of many steps that will be needed in adapting to our changing geopolitical landscape. The provisions in the Bill are necessary, as we need to act quickly to ensure our security apparatus is configured for today’s challenges. According to MI5, the UK has at least 20 foreign intelligence services actively operating against the UK’s interests. The Government’s own telecoms supply chain review, published by DCMS in 2019, found that the telecoms market was not working in a way that incentivised good cybersecurity. In its October 2020 report, the Defence Committee concluded that the current 5G regulatory situation for network security was “outdated and unsatisfactory”.
We have a world-class security and intelligence community but, as we enter this new era, we must accept that enabling it to adapt to emerging threats will be the defining feature of its success. This Bill needs to mark a national security turning point, where key infrastructure decisions are based on fact-based risk assessments, and not on commercial or political convenience.
This Bill also recognises the threat posed by high-risk vendors such as Huawei. We have known that Huawei is a security risk since 2013. A report from the Intelligence and Security Committee concluded back then that Huawei posed a risk to national security and that private providers were responsible for ensuring the security of the UK telecoms network.
According to Ofcom, Huawei accounted for about 44% of the equipment to provide superfast full-fibre connections directly to homes, offices and other buildings in the UK. Although it is not in the text of the Bill, the Government have now accepted, as we have already heard, that 2027 needs to be the end point for Huawei as a provider. This is an important moment in taking back our information technology sovereignty.
The reason behind this is clear. We have entered into a new era of geopolitics, with the battle for control of information technology at the forefront. The recent integrated review acknowledged that China’s growing international stature was by far the most significant geopolitical factor in the world today, with major implications for British values and interests and for the structure and shape of the international order. It recognised China as the biggest state-based threat to the UK’s economic security. Yet that same review remains ambivalent as to the action we should take. We need to rethink our relationship with China into a more robust foreign policy strategy that prioritises both our security and our sovereignty.
While I support this Bill, there is more that needs to be done. There needs to be a more formal structure embedded in the Bill with regard to the powers given to Ofcom and the Secretary of State, as other noble Lords have said. Could the Minister outline what powers the Government intend that Ofcom and the Secretary of State should have, and how they will work with the ISC and the security sector to ensure accountability and to ensure national security is not compromised through lobbying?
Even beyond the Bill, we also need to invest in diversifying competition. As part of this Government’s ambitious levelling-up agenda, they have promised the nationwide rollout of 5G across Britain. But we have become hamstrung by our dependence on Huawei for this critical infrastructure. It did not need to be this way. This situation has been constantly described as a “market failure”, but it was not really a market failure. The failure was in the reality of one country breaking WTO rules on subsidies. The key problem has been that China has subsidised its providers dramatically, destroying the market over the past 10 years.
The diversification of our telecoms network, working in close partnership with our Five Eyes allies, needs to be a priority for this Government and an integral part of Ofcom’s reporting. When we genuinely open up the market to competitors, we create the environment for the innovation and dynamism that will be required as we move into the next quarter of the 21st century.
Huawei, however, needs to be stripped out quicker. While it is encouraging to see that the Government have set the 2027 target as the date by which Huawei should no longer be a provider, we cannot afford to wait until 2027 to remove Huawei from our existing networks. The process of removing Huawei’s influence from the UK is an extensive task, but an absolutely necessary one.
The Government should take the opportunity to consider other high-risk vendors such as TikTok and other companies operating here. This problem goes beyond Huawei. We face the existential question of how we coexist in a world with a technological superpower that does not share the same values of privacy of personal information, freedom of speech and democracy.
Chinese national intelligence laws dictate that private companies must share their data, when asked, with the CCP. The White House has sanctioned 11 Chinese companies, including suppliers to Apple, Google, HP and Microsoft. The list features companies that work with major fashion brands, along with technology giants such as Amazon, according to a report by the Australian Strategic Policy Institute. I would like to ask the Minister what assessment the Government have made of other high-risk vendors that could compromise UK citizens’ safety and security due to reporting requirements that exist in China.
Although this Bill encompasses all security threats and high-risk vendors, it is impossible not to address the need for a reshaping of our relationship with China. That country has overtaken Germany to become the UK’s biggest single import market for the first time since records began. The worth of goods imported from China rose 66% from the start of 2018 to £16.9 billion in the first quarter of this year. As we witness events in Hong Kong, which absolutely break my heart, because I used to live there, and we learn more about the ongoing genocide against the Uighur people, observe the breaking of WTO protocols in ongoing trade wars with our closest allies and uncover espionage across our universities, tech and innovation sectors, it is perplexing to me that we continue to sit on the fence.
The much-vaunted belt and road initiative has united authoritarian leaders across Eurasia in providing a forum to plan strategically, without being held back by discussions of human rights, freedom of speech or rule of law. It is in that policy programme that China’s tech giants, such as Huawei, export their communications infrastructure. I would encourage us to take the lead in the build back better world initiative, as discussed in the G7, to create stronger diplomatic alliances across Africa and the developing world but also to facilitate a viable alternative to the belt and road initiative, which threatens our geopolitical and economic security. The UK also needs to strengthen its ties with its Five Eyes allies and south Asian neighbours in the region such as Japan, India and South Korea, as well as approaching this issue with our European friends.
Safety and security is the first building block for the prosperity of a nation. Without secure defence measures at the heart of our critical infrastructure and online, our country runs the risk of opening itself up to foreign intelligence working against our nation’s interests. This Bill is an important step to creating that foundation, and I encourage the Government to use its passage to ensure that the foundation is as strong as possible.