Telecommunications (Security) Bill Debate
Full Debate: Read Full DebateEarl of Erroll
Main Page: Earl of Erroll (Crossbench - Excepted Hereditary)Department Debates - View all Earl of Erroll's debates with the Department for Digital, Culture, Media & Sport
(3 years, 5 months ago)
Grand CommitteeMy Lords, I do not want to bang on for a long time because, in a way, this falls in with things such as the technical advisory committee. It is all part and parcel of the same thing, and we have to keep our eyes open and start forward scanning and see what else is out there.
Ofcom is not in fact a department; I seem to remember that it was set up by Europe through regulations and that originally, it reported via Parliament to the European regulators. I am not entirely sure what Ofcom’s chain of command is; I must do some research into it. Having this buried inside such a body without proper parliamentary scrutiny is unwise, so it is only sensible to embed the principle of having proper advisory committees. This is an obvious no-brainer: we need people with these abilities and skills to be advising on this stuff, and I cannot understand why there would be any objection to it.
Amendment 25 covers the very good point about long-term strategy. As was pointed out on Tuesday, our relationship with the Five Eyes could easily change. There have been efforts from time to time to drive a wedge between us, and we need to start looking at that. One cannot assume that the status quo regarding who is an ally or friend will continue for ever. The fact that we are in different parts of the globe and therefore perhaps in different trading blocs could cause undue pressure, so we must have this horizon-scanning, long-term attitude.
The speech of the noble Lord, Lord Coaker, reminded me of the Tallinn Manual and the question of when cyberwarfare escalates to actual warfare because your entire infrastructure and systems have been taken down. It is a very interesting document. I skimmed through it a long time ago, but it was very eye-opening and before we just leap in, people should take a look at it.
That is really all I have to say. This is so obvious, and I just hope that the Government are going to do something about it.
My Lords, in speaking to Amendments 18 and 25, to which I have added my name, I have in mind the very purpose of the Bill itself, which is, I take it, to ensure the security and resilience of our telecommunications capability here in the UK. The Bill as drafted places certain duties on the providers of those capabilities and gives powers to the Secretary of State to make regulations and issue codes of practice. This is all well and good, but these somewhat mechanistic, albeit welcome, measures will not by themselves result in the necessary degree of security and resilience.
As I said at Second Reading, things move quickly in the world of technology, and they will move even faster during a determined attack on our telecommunications infrastructure. If we are to respond successfully, we will need to be both agile and adaptable. The measures in the Bill will, by themselves, not ensure this.
One of the reasons why we are even considering this Bill is concerns over the position of Huawei in our telecommunications architecture, the clear channel that runs through that company to the Chinese Communist Party, and the ensuing vulnerability of our system. None of this comes as a great surprise, but we have allowed ourselves to get into a position where we are now having to play catch-up. This is largely because we spent the first half of the last decade thinking almost exclusively of the economic opportunities offered by China and very little about the associated security risks; in other words, our decision-making process was unbalanced and distorted. Without proper safeguards, we could easily find ourselves in a similar situation with regard to some future threat.
What sorts of safeguards might help prevent such an occurrence? There is no single answer to this question but at the very least we need a process that provides an appropriate degree of horizon scanning and that, importantly, draws in expertise from across technology, business and security organisations and, indeed, from across different government departments, to give us the best chance of coming to a balanced view.
That is what Amendment 18 seeks to do. It will not cure all ills but it will provide us with a mechanism to drive adaptability, not just in our architecture but in our thinking, something that is traditionally hard to achieve. Of course, the Minister may say that the Bill is not the place for setting out this kind of thing. My response to that would be: if not here, then where? The responsibilities outlined in the amendment must be met if we are to achieve the Bill’s laudable purpose.
Amendment 25 is in many ways a follow-on from Amendment 18. It calls for the deliberations of a horizon-scanning body and the ensuing policies and actions to be presented to Parliament in the form of a comprehensive strategy. Most importantly, it seeks to ensure that such a strategy is coherent with other elements of government policy, as set out in various documents, such as the integrated review, and in other legislation, such as the National Security and Investment Act. It also seeks to encourage international co-operation in this regard. I believe this is essential, since we rely so heavily on collective security for our national safety. The noble Lord, Lord Coaker, has already highlighted the importance that NATO now attaches to the whole area of communications and cyberspace.
Taken together, these two amendments put in place measures that would improve our agility and adaptability and thus strengthen the Bill in terms of its ultimate purpose. If the Government are going to set their face against such measures in this legislation, I ask the Minister to explain how the essential functions they prescribe are to be carried out and how Parliament can be confident of their success.
I apologise to the Committee for having to hear so much of me in the first 48 minutes. This is a really important amendment and I will make a couple of general remarks before making some more specific comments.
Concern has been expressed throughout consideration of this Bill about the extent to which the Bill provides for parliamentary scrutiny. Parliamentary scrutiny is the important area that Amendment 22 seeks to address, and I am grateful for the support of my noble friend Lady Merron and the noble Baroness, Lady Northover.
Amendment 22 seeks to improve and prioritise national security. We have all said that we support the intention behind this Bill and the need for national security, but the sweeping powers that the Bill gives the Secretary of State must be used in the interests of securing our critical national infrastructure. Removing Huawei does not in itself do that, so there is a question of accountability here. Amendment 22 is designed to ensure greater scrutiny, focus and transparency and address the deepening hole in accountability presented by the Government. At its heart, it would
“ensure that the Intelligence and Security Committee … is provided with any information relating to a designated vendor direction, notification of contravention, urgent enforcement action or modifications to an enforcement direction made on grounds of national security”
by the Secretary of State, as soon as reasonably possible.
The Minister knows that, during the passage of the National Security and Investment Bill, noble Peers from all sides of this House repeatedly tried to ensure that the Intelligence and Security Committee had oversight of national security issues. To be frank with the Minister, it was difficult to understand why the Government were so determined not to give the committee a role. This amendment says to the Government that the ISC is the appropriate place to discuss matters of national security and that it has a unique role in assessing security implications, as even Ministers accept.
The key point is to ask the Minister how this would work. This is the nub of the amendment and goes to the heart of what many noble Lords have said. The DCMS Select Committee and many of the people who will be looking at these documents do not have the required clearance to scrutinise highly classified evidence, so should the ISC, which does have the necessary security clearance, not have a role? It is the only committee of Parliament that has regular access to documents marked “information sensitive for national security reasons”.
I am sure that many of us simply do not understand that when you look at the state security threats to the telecommunications infrastructure that have been identified by the Government, the level of clearance will not be official-sensitive, STRAP 1 or STRAP 2, it will be STRAP 3. No one in this Committee will see that. Some Members of the Committee may have seen it in the past. So how can Parliament be reassured without knowing that the Intelligence and Security Committee has looked at it? Who has oversight of it? Even the Minister will not have the level of clearance to see all of it, yet she will tell the Committee that Parliament has oversight of these matters, when none of us—or very few of us—have the security clearance to actually look at and scrutinise those threats. So how will Parliament scrutinise it if we do not have the security clearance to do that? It is logically inconsistent. Yet time and again, the Government refuse to allow the committee set up with that express purpose—namely, the Intelligence and Security Committee—the function that it was set up to do on behalf of Parliament. With respect, I simply do not understand why the Government are so resistant to that. On many of the other things that we mention, there is a debate and opinions are exchanged. But this is completely and utterly illogical.
I ask the Committee to consider this. Given that the level of security clearance needed to protect our country, its telecommunications structure and that of our allies from the threats posed by other states is above that of the vast majority of Ministers of the Crown, Members of the House of Lords and civil servants, who is to scrutinise these matters if not the Intelligence and Security Committee? I fail to understand what the answer to that is. Parliament deserves to scrutinise these matters and it should be done by the committee set up to do that because it is the only committee of Parliament that has the necessary security clearance. I beg to move.
My Lords, the noble Lord, Lord Coaker, has summed up an important recurring theme that was raised at Second Reading. The Government should take this very seriously indeed.
Oversight by a body with top-level security clearance is essential. I certainly would sleep safer if I knew this was happening. Part of this comes from the Minister’s reply when I started to query the status of Ofcom and its relationship to the Civil Service department. I gather that the relationship of Ofcom is similar to that of an agency—if it is not actually set up as an agency; it is set up as a regulatory body, I think. I remember the huge problem—debacle would be a better word—when Defra failed to bring in the new mapping system back when we were changing the way of paying farmers. Everyone knew that it was about to be disastrous. Everyone could see the train crash coming. The Minister could not do anything about it except stand at the Dispatch Box and say, “I’m not allowed to interfere. It is a separate company. We can only call it to account at the end of the year.” As a result, when it all went pear-shaped and farmers suffered disastrous and severe financial problems, the Minister was retired—and it was not any fault of his. He knew perfectly well what was going on but had no power under the structure.
This is my problem with the agency structure that was set up, I think under Mrs Thatcher, when she was trying to cut back the Civil Service so she took things off the Civil Service books to make the figures look better. We have to be very careful when we are handing huge powers or these momentous decisions to an agency. Therefore, it is important that we get into the Bill mechanisms by which we can know what is going on at the time and make sure that it is not going wrong. This oversight, certainly by the Intelligence and Security Committee, is essential—a no-brainer.
I will just mention that the same principle applies in Amendment 29 in the names of the noble Lords, Lord Clement-Jones and Lord Fox, which I did not put my name to because I thought that was unnecessary. Exactly the same thing applies to the Investigatory Powers Commissioner. Rather than me wasting time speaking again, I will say it now: please will the Government start looking at this more seriously?
My Lords, I move the amendment in my name and thank the noble Lords, Lord Fox and Lord Alton—he could not join us today —for their support.
The amendment is about ensuring that the intent of the Bill can be delivered, and the measures that we are all in favour of will actually happen. There is therefore a link to the earlier debates. Throughout these debates it has become clear that diversity of suppliers is needed at different points of the chain, with sufficient support for the UK’s own start-ups. That will be the only way in which we can secure proper telecoms security.
Even the Government’s 5G diversification strategy demonstrates how diversification and security are inherently linked. It states that if the status quo remains with market consolidation, it will lead to
“an intolerable security and resilience risk”.
However, as was said clearly in earlier debates, the Bill does not even mention supply-chain diversification or the diversification strategy, even though we would all agree that we cannot have a robust and secure network with only two service providers—Ericsson and Nokia—which is the number that will be left once Huawei is removed from our networks. I hope that the noble Baroness the Minister will have the opportunity to address that concern.
It is of course right to remove high-risk vendors from the UK’s networks and enable the Government to designate vendors and require telecoms operators to comply with security requirements. However, as seems obvious, our networks will not be secure if the supply chain is not diversified. All that will happen is that there will be a shift of dependency to another point of failure.
Therefore, the amendment requires that network diversification is reported on annually. That can include an assessment of likely changes of ownership of existing market players, new areas of market consolidation and available public funding. The report could also provide proper accountability for the strategy’s progress, which will lead to real action. That is what we need. We know that that was called for by the Science and Technology Committee, which criticised the current diversification strategy for not having an action plan with clear targets and timeframes for how that funding will be spent.
The Minister will expect a question on how the announced £250 million funding will be spent. We all know that there are small start-up suppliers in this sphere which are desperate for this kind of support. I should also refer to the new advisory council, which, as she knows, I will come to in a later group. There are many unanswered questions about the adequacy and independence of its advice.
We cannot have a secure network with only two service providers, which is what we will effectively be left with after the removal of Huawei. So we need a diversified supply chain, which means diversity of supply at different points in the supply chain and networks not sharing the same vulnerability of a particular supplier. That is incredibly important for network resilience. That is why the amendment has been tabled. We are concerned to ensure that national security is not put at risk due to a lack of diversification. I beg to move.
My Lords, this point is very important and has been put across very well by the noble Baroness, Lady Merron. Network diversification will increase resilience and security for various very obvious reasons. The main thing is not just the supply chain. How the internet works is that messages are split over a whole lot of different routers going all over the place. Two things happen. First, because it is split up, if they are all going across different vendors, it is impossible to intercept the entirety of the messages. If it is all over one vendor and there is a clever way of monitoring that, it might be possible to put it together. Funnily enough, if you have lots of vendors, it does not matter whether Huawei is in there or not, and you will end up with flaws.
Also, the resilience of the internet is such that if you knock out a good chunk of the routers, it will still work and automatically route around the ones that have not been knocked out. If they are all from one vendor and all have the same flaw in them at some point, whether they are friendly vendors or not, you can take the whole lot out at once. The very fact that you have a good mixture gives you greater resilience and security. Everyone seems to think that it still runs over a copper wire from one end to the other, but it does not. The IP world is very different from that. That is the main thing.
Amendment 20 is also about long-term strategy. My noble and gallant friend Lord Stirrup is right about all these things. Although the amendments are not in this group, I might as well say now, rather than waste the Committee’s time later, that this lies with the principle of Amendments 18 and 25, that we need the right advisers, who can then advise on the issues that we are now discussing in Amendment 24. It all hangs together. We should not be chopping this up and structuring the Bill in a way that makes us vulnerable.
We may think that we have got the right people in, but we have clearly failed to do all this so far. This is the place to rectify our blindness. From the Minister’s comment, I think that the major change is the diversification and proliferation of civil service departments that are involved in security. That really does reduce our security. The lack of coherence will cause confusion like nobody’s business and will be very expensive.
My Lords, I support Amendment 24, tabled by the noble Baroness, Lady Merron, which adds a new clause to the Bill that would tackle the pressing issue of network diversification.
As we have heard, the amendment places a duty on the Secretary of State to produce an annual report to Parliament on the progress that has been made in diversifying suppliers for our critical infrastructure in our telecommunications networks and services. The report would then be debated in the other place, ensuring that there is sufficient parliamentary oversight of the successes, challenges and opportunities of our diversification strategy. As I think about it, I am not sure why the Government would not want to commit to such an undertaking. As we have already heard this afternoon, the diversification of our telecoms networks needs to be a priority for this Government and an integral part of Ofcom’s reporting on the progress of these networks.
However, it is important to note that we have a Government who understand the seriousness of this issue. Indeed, the Secretary of State told the other place on 30 November 2020:
“We must never find ourselves in this position again. Over the last few decades, countless countries across the world have become over-reliant on too few vendors”.—[Official Report, Commons, 30/11/20; col. 75.]
This should never have been allowed to happen, and as I have mentioned, I fear that without the adequate parliamentary oversight that this amendment could give us, it is at risk of happening again.
Despite the reassuring statements from the Foreign Secretary, as highlighted in Tuesday’s Committee by the noble Lord, Lord Alton, we have seen new vendors come to market that are also high risk. The noble Lord said:
“Last week, we learned that, in a deal estimated to be worth £63 million … the UK’s largest producer of semiconductors … has been acquired by the Chinese-owned manufacturer Nexperia. Nexperia is a Dutch firm but is owned by China’s Wingtech.”—[Official Report, Lords, 13/7/21; col. GC 461.]
On Wednesday, this led to the Prime Minister expressing concern after the Business Secretary had said that the Government were monitoring the situation closely but did not consider it appropriate to intervene at the current time.
This new challenge is set against the backdrop of the noble Lord, Lord Grimstone, who is at the Department for International Trade, telling the House that he wants to deepen trading relations and trade deals with China, and of China having just overtaken Germany to become the UK’s biggest single import market for the first time since records began. Goods imported from China rose 66% from the start of 2018 to nearly £17 billion in the first quarter of this year.