Telecommunications (Security) Bill
Debate between Baroness Stroud and Lord StirrupThursday 15th July 2021
(2 years, 10 months ago)
Grand CommitteeRead Full debate Telecommunications (Security) Act 2021 View all Telecommunications (Security) Act 2021 Debates Read Hansard Text Read Debate Ministerial Extracts Amendment Paper: HL Bill 15-III Provisional third marshalled list for Grand Committee - (14 Jul 2021)
Lord Stirrup (CB)
My Lords, in speaking to Amendments 18 and 25, to which I have added my name, I have in mind the very purpose of the Bill itself, which is, I take it, to ensure the security and resilience of our telecommunications capability here in the UK. The Bill as drafted places certain duties on the providers of those capabilities and gives powers to the Secretary of State to make regulations and issue codes of practice. This is all well and good, but these somewhat mechanistic, albeit welcome, measures will not by themselves result in the necessary degree of security and resilience.
As I said at Second Reading, things move quickly in the world of technology, and they will move even faster during a determined attack on our telecommunications infrastructure. If we are to respond successfully, we will need to be both agile and adaptable. The measures in the Bill will, by themselves, not ensure this.
One of the reasons why we are even considering this Bill is concerns over the position of Huawei in our telecommunications architecture, the clear channel that runs through that company to the Chinese Communist Party, and the ensuing vulnerability of our system. None of this comes as a great surprise, but we have allowed ourselves to get into a position where we are now having to play catch-up. This is largely because we spent the first half of the last decade thinking almost exclusively of the economic opportunities offered by China and very little about the associated security risks; in other words, our decision-making process was unbalanced and distorted. Without proper safeguards, we could easily find ourselves in a similar situation with regard to some future threat.
What sorts of safeguards might help prevent such an occurrence? There is no single answer to this question but at the very least we need a process that provides an appropriate degree of horizon scanning and that, importantly, draws in expertise from across technology, business and security organisations and, indeed, from across different government departments, to give us the best chance of coming to a balanced view.
That is what Amendment 18 seeks to do. It will not cure all ills but it will provide us with a mechanism to drive adaptability, not just in our architecture but in our thinking, something that is traditionally hard to achieve. Of course, the Minister may say that the Bill is not the place for setting out this kind of thing. My response to that would be: if not here, then where? The responsibilities outlined in the amendment must be met if we are to achieve the Bill’s laudable purpose.
Amendment 25 is in many ways a follow-on from Amendment 18. It calls for the deliberations of a horizon-scanning body and the ensuing policies and actions to be presented to Parliament in the form of a comprehensive strategy. Most importantly, it seeks to ensure that such a strategy is coherent with other elements of government policy, as set out in various documents, such as the integrated review, and in other legislation, such as the National Security and Investment Act. It also seeks to encourage international co-operation in this regard. I believe this is essential, since we rely so heavily on collective security for our national safety. The noble Lord, Lord Coaker, has already highlighted the importance that NATO now attaches to the whole area of communications and cyberspace.
Taken together, these two amendments put in place measures that would improve our agility and adaptability and thus strengthen the Bill in terms of its ultimate purpose. If the Government are going to set their face against such measures in this legislation, I ask the Minister to explain how the essential functions they prescribe are to be carried out and how Parliament can be confident of their success.
Baroness Stroud (Con)
My Lords, it is a privilege to speak after the noble and gallant Lord, Lord Stirrup. I support Amendment 18, in the names of the noble Lord, Lord Coaker, and the noble and gallant Lord, Lord Stirrup, and Amendment 25, which is also in the name of the noble Lord, Lord Alton.
These amendments propose a pathway forward that would ensure we are well equipped to handle the challenges that will inevitably come our way in the next decade. Amendment 18 places a requirement on the Secretary of State to create a body designed to analyse and consider existing and emergent threats in the telecommunications sector, incorporating representatives from the major bodies of our national security matrix. This body would then be required to lay an annual report before all Members of Parliament, ensuring adequate parliamentary scrutiny and oversight. Indeed, if not for Back-Bench agitation, we might still be aimlessly integrating Huawei into our critical infrastructure, lagging behind our Five Eyes allies in recognising the security threat that such high-risk vendors pose.
Amendment 25, building on the horizon scanning outlined in Amendment 18, requires the Secretary of State to publish a long-term telecommunications strategy in partnership with the aims and outcomes of our closest Five Eyes and NATO allies. In alignment with the integrated review of security, defence, development and foreign policy, this strategy would ensure that long-termism is built into our thinking across both our economic and strategic aims in the coming decade.
We have one of the most sophisticated and advanced intelligence-gathering apparatuses in the world. We are a significant asset to our Five Eyes and NATO allies and a crucial linchpin in ensuring the international order. Yet we have been slow to respond to the rapidly changing digital landscape that we find ourselves in.
An obvious example of this is the much-discussed high-risk vendor, Huawei. It is extraordinary to think that all the way back in 2013 a report from the Intelligence and Security Committee concluded that Huawei posed a risk to national security and that private providers were responsible for ensuring the security of the UK telecoms network. Yet now, according to Ofcom, Huawei accounts for about 44% of the equipment used in providing superfast full-fibre connections directly to homes, offices and other businesses in the UK.
In a Statement to Parliament last year, the Foreign Secretary made the welcome announcement that
“high-risk vendors should be excluded from all safety- related and safety-critical networks in critical national infrastructure”—[Official Report, Commons, 28/1/20; cols. 710-11.]
and yet, due to how embedded this vendor has become in our critical infrastructure and the lack of competition, Huawei, as we have heard, is not set to be removed as a provider until 2027. It should never have reached this point. A horizon-scanning body and deeper parliamentary oversight would ensure that we are not left sleeping at the wheel again. How was it that our Five Eyes allies were significantly more alert to this risk than we were?
Furthermore, without cross-body co-ordination, the rapid advances in technology we are set to witness over the coming years will make it even more difficult to adapt to threats as they manifest themselves. GCHQ Director Jeremy Fleming suggests that the UK needs to prioritise the advances in quantum computing, as well as working with allies to build better cyber defences and shape international standards and laws in cyberspace. With quantum computing becoming more mainstream, there is a risk that a sudden increase in processing power could render existing encryption methods useless.
These are just some of the challenges we face. The future of our security and sovereignty will depend on the steps we take in this Bill. According to MI5, at least 20 foreign intelligence services are actively operating against UK interests. We have a remarkable security and intelligence community but, as we enter this new era, we must accept that our ability to adapt to emerging challenges will be the defining feature that drives us forward and keeps us ahead of other nations that would challenge our national interests.
We have seen how easy it is for a digital attack to break down our critical systems. Just last month, a ransomware attack in the US took down the entire Colonial Pipeline infrastructure, which transmits nearly half the east coast’s fuel supplies. Analysts have suggested that hackers could have been inside Colonial’s IT network for weeks or even months before launching their ransomware attack.
This issue extends into the digital space. A 2018 report commissioned by the US Senate intelligence committee, The Tactics & Tropes of the Internet Research Agency—a Russian propaganda unit—revealed that there was:
“A sweeping and sustained social influence operation consisting of various coordinated disinformation tactics aimed directly at US citizens, designed to exert political influence and exacerbate social divisions in US culture”.
I posit that we may not even be aware of the scope of the disinformation and destabilisation occurring online that is challenging our sovereignty and internal security.
I support these amendments in light of the fact that it has taken considerable Back-Bench activity to alert us to the security issues posed by high-risk vendors; that we are still not thinking clearly on China; and that we need systems and structures to ensure that long-termism is built into our thinking across both our economic and strategic aims in the coming decade.