(3 years, 4 months ago)
Grand CommitteeMy Lords, I do not want to bang on for a long time because, in a way, this falls in with things such as the technical advisory committee. It is all part and parcel of the same thing, and we have to keep our eyes open and start forward scanning and see what else is out there.
Ofcom is not in fact a department; I seem to remember that it was set up by Europe through regulations and that originally, it reported via Parliament to the European regulators. I am not entirely sure what Ofcom’s chain of command is; I must do some research into it. Having this buried inside such a body without proper parliamentary scrutiny is unwise, so it is only sensible to embed the principle of having proper advisory committees. This is an obvious no-brainer: we need people with these abilities and skills to be advising on this stuff, and I cannot understand why there would be any objection to it.
Amendment 25 covers the very good point about long-term strategy. As was pointed out on Tuesday, our relationship with the Five Eyes could easily change. There have been efforts from time to time to drive a wedge between us, and we need to start looking at that. One cannot assume that the status quo regarding who is an ally or friend will continue for ever. The fact that we are in different parts of the globe and therefore perhaps in different trading blocs could cause undue pressure, so we must have this horizon-scanning, long-term attitude.
The speech of the noble Lord, Lord Coaker, reminded me of the Tallinn Manual and the question of when cyberwarfare escalates to actual warfare because your entire infrastructure and systems have been taken down. It is a very interesting document. I skimmed through it a long time ago, but it was very eye-opening and before we just leap in, people should take a look at it.
That is really all I have to say. This is so obvious, and I just hope that the Government are going to do something about it.
My Lords, in speaking to Amendments 18 and 25, to which I have added my name, I have in mind the very purpose of the Bill itself, which is, I take it, to ensure the security and resilience of our telecommunications capability here in the UK. The Bill as drafted places certain duties on the providers of those capabilities and gives powers to the Secretary of State to make regulations and issue codes of practice. This is all well and good, but these somewhat mechanistic, albeit welcome, measures will not by themselves result in the necessary degree of security and resilience.
As I said at Second Reading, things move quickly in the world of technology, and they will move even faster during a determined attack on our telecommunications infrastructure. If we are to respond successfully, we will need to be both agile and adaptable. The measures in the Bill will, by themselves, not ensure this.
One of the reasons why we are even considering this Bill is concerns over the position of Huawei in our telecommunications architecture, the clear channel that runs through that company to the Chinese Communist Party, and the ensuing vulnerability of our system. None of this comes as a great surprise, but we have allowed ourselves to get into a position where we are now having to play catch-up. This is largely because we spent the first half of the last decade thinking almost exclusively of the economic opportunities offered by China and very little about the associated security risks; in other words, our decision-making process was unbalanced and distorted. Without proper safeguards, we could easily find ourselves in a similar situation with regard to some future threat.
What sorts of safeguards might help prevent such an occurrence? There is no single answer to this question but at the very least we need a process that provides an appropriate degree of horizon scanning and that, importantly, draws in expertise from across technology, business and security organisations and, indeed, from across different government departments, to give us the best chance of coming to a balanced view.
That is what Amendment 18 seeks to do. It will not cure all ills but it will provide us with a mechanism to drive adaptability, not just in our architecture but in our thinking, something that is traditionally hard to achieve. Of course, the Minister may say that the Bill is not the place for setting out this kind of thing. My response to that would be: if not here, then where? The responsibilities outlined in the amendment must be met if we are to achieve the Bill’s laudable purpose.
Amendment 25 is in many ways a follow-on from Amendment 18. It calls for the deliberations of a horizon-scanning body and the ensuing policies and actions to be presented to Parliament in the form of a comprehensive strategy. Most importantly, it seeks to ensure that such a strategy is coherent with other elements of government policy, as set out in various documents, such as the integrated review, and in other legislation, such as the National Security and Investment Act. It also seeks to encourage international co-operation in this regard. I believe this is essential, since we rely so heavily on collective security for our national safety. The noble Lord, Lord Coaker, has already highlighted the importance that NATO now attaches to the whole area of communications and cyberspace.
Taken together, these two amendments put in place measures that would improve our agility and adaptability and thus strengthen the Bill in terms of its ultimate purpose. If the Government are going to set their face against such measures in this legislation, I ask the Minister to explain how the essential functions they prescribe are to be carried out and how Parliament can be confident of their success.