All 3 Debates between James Sunderland and Chi Onwurah

Tue 19th Jan 2021
Telecommunications (Security) Bill (Fourth sitting)
Public Bill Committees

Committee Debate: 4th sitting: House of Commons
Tue 19th Jan 2021
Telecommunications (Security) Bill (Third sitting)
Public Bill Committees

Committee Debate: 3rd sitting: House of Commons
Thu 14th Jan 2021
Telecommunications (Security) Bill (Second sitting)
Public Bill Committees

Committee stage: 2nd sitting & Committee stage & Committee Debate: 2nd sitting: House of Commons

Telecommunications (Security) Bill (Fourth sitting)

Debate between James Sunderland and Chi Onwurah
James Sunderland Portrait James Sunderland
- Hansard - -

Q Thank you for coming in. A quick question: can you put in layman’s terms what the roll-out of 5G anywhere means in broadband terms? Can you also place that in terms of rural areas?

Doug Brake: I worry that sometimes 5G is conceptualised as a singular technology or a singular thing. It is not a monolith; there are a number of different component technologies and a number of different flavours. Depending on whether you are doing a fully 5G network, a stand-alone network or a non-stand-alone network, it is a very different sort of system. There are also a lot of differences between what spectrum is used to deploy the network—if you are using low-band, mid-band or high-band spectrum or a combination of all three. It is hard to answer that question in generalities.

A number of different component technologies and architectures will be rolled out over time. At a high level, the real advantage of 5G compared with 4G is in its flexibility. It is able to tailor its connectivity to a number of different applications’ needs. It can offer extremely high throughput and much faster speeds. It is very reliable, with very low latency. For example, if you want to stream a football match while travelling on a train, it can do that quite well, or quite a bit better than LTE and 4G today. At the same time, you can also change very obscure technical parameters to make for simple communications that require very little battery on the device side to be able to communicate. If you want to have massive deployments of sensors for smart agriculture, or something like that, that have battery life in the order of decades, it can do that. The hallmark is its flexibility.

Given that flexibility, it is anticipated that 5G is going to be much more deeply integrated within the economy and trade sectors, and will be a key tool to boost productivity. There is an important hope that we see a broad deployment, not just in urban areas but in rural areas. Again, I go back to that note on differences depending on the spectrum that is used to deploy—unless it is of interest, I do not want to get too bogged down in the details, but there are real differences in what we would expect to see deployed in urban versus rural areas. But, again, we would also expect to see very different use cases in those areas. Admittedly, there will likely be a performance difference between urban areas and more rural areas. But at the same time, like I said, the use cases look very different—you are not likely to have massive crowds of people all looking to share video from a stadium or something like that in rural areas. There will be a real difference in the roll-out, but I worry that sometimes the challenges with that have been overstated.

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

Q Thank you very much for joining us, Doug. It is particularly interesting to have your American perspective. As you may have heard, my first job as a hardware engineer was with Nortel, a Canadian-American company that had just bought one of the last UK companies in this area. Nortel ended up seeking chapter 11 and having most of its IP bought by Huawei. What are your views on how we got ourselves into this position of not having a single UK or US supplier that can supply to our UK networks? How do you think we can work together to rebuild our telecoms sectors? You talked about pursuing transformational change and an industrial strategy to do that. What might you say to the Minister about how the UK Government should be working with the US, and about what sorts of vehicles there might be to work together and with other allies to achieve that?

Doug Brake: That is a great question. We talk now about needing diversification and seeking entry of a US-UK equipment supplier, but the question and lessons from history are about why we need this in the first place. In the past, we had quite successful telecommunications supply companies, especially in the US. The president of our organisation, Rob Atkinson, set out to answer that question. You may have seen an article in the American Affairs journal, titled, “Who Lost Lucent?” It is a long and interesting article—I will not go into all the details of history. I would say that it is fair to characterise the failures and decline of Lucent as a complicated story, but it stems from a combination of unique challenges imposed by the Anglo-American economic system, systemic failures of US Government policy—particularly with regards to anti-trust and some of the regulatory policy throughout the 1990s—and very strong and aggressive foreign industrial policies, particularly with regards to China, to acquire market share.

I am happy to go through that in some detail, but feel free to cut me off if I go on too long. You are absolutely right to say that we had Lucent and Nortel. Lucent was absolutely massive—it was three times larger than Nortel—and originally spun off from AT&T’s equipment arm, Western Electric. It had the famous Bell Labs. Throughout the ’90s, it was the largest telecoms equipment company and was still growing dramatically overseas, but due to a number of strategic decisions within the company and decisions within the US Government, it ended up really suffering as a result of the dot.com bubble.

Setting aside all the competitiveness questions, particularly with regards to Chinese companies, a hands-off, free market globalised system reigned in the US and UK throughout the ’90s. It was finance-focused capitalism that saw Lucent and Nortel cut their R&D budgets and staff dramatically, particularly as a result of the 2001 crash—much more so than some of their international competitors. With that financial system, it was harder for those companies, which were designed to be growth companies—much more so than a valued company. They were focused on growing quarter after quarter and meeting their financial targets, which made it very difficult to focus on long-term growth. You can contrast that with Ericsson in Sweden, where the Wallenberg family control a lot of the voting shares. Ericsson was able to focus on much longer-term value creation, and they did not cut staff or R&D by nearly as much as Lucent did.

Before that, I think there are a lot of lessons to be learned from the aggressive anti-trust action that broke up Bell Labs and restructured the entire industry. Up until the restructuring of the US telecom market in 1984, Bell Labs had a fantastic situation in order to generate innovation. It had the commercial drive, focus and flexibility that is often lacking in a Government research lab. It also had a long-term focus and an interest in broad technological change, which many R&D efforts in industry do not see. It had steady revenue from telecom rates. There is a complicated story there. It is hard to tell what concentration is good for innovation and where competition is really the order of the day, but it seems clear that the decline of Bell Labs was a real loss.

Telecommunications (Security) Bill (Third sitting)

Debate between James Sunderland and Chi Onwurah
James Sunderland Portrait James Sunderland
- Hansard - -

Q Dr Drew, as a graduate of King’s College, it is great to have you with us. The Bill as currently written provides the Government with unprecedented new security powers. Might this in some way perhaps disincentivise new entries to the market?

Dr Drew: It potentially could, depending on the type of company that you are attempting to incentivise. It would have a different effect on those potentially two or more categories. If you take one category to be pre-existing companies that previously have not operated within the UK, such as NEC from Japan, they are likely not to be put off to such a great extent—they have already had to deal with some level of security commitment within their normal markets. However, I suggest that it could be more of a barrier to entry for the smaller companies that we are attempting to encourage to get into this market. Emerging companies would find a culture of components and cultural risk to how they view their work, as well as the technical and financial cost of meeting the new standards. Yes, I believe there would be an impact, but it would be different between types of vendors that you are seeking to encourage.

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

Q We have talked a lot about 5G—indeed, we have been accused of fetishising 5G. The Government are currently consulting on security issues and fixed networks. Do you see major architectural differences or market differences in the security threats for fixed networks? Are they similar, and should a similar approach be taken to the removal of high-risk vendors? With regards to Ofcom, its principal duties are set out in the Communications Act 2003—I know this very well, having worked for it. They are

“to further the interests of citizens in relation to communications matters; and to further the interests of consumers in relevant markets, where appropriate by promoting competition.”

Do you think there is an argument to add a further security duty, if that is going to take such a large portion of Ofcom’s capacity?

Dr Drew: As to the second question first, I believe that security should be a component here. In fact, I believe it fits with what Ofcom is likely to be responsible for, and with the Online Harms White Paper as well. Security is fundamentally and inexorably linked with technology, culture and communications in the modern sense, so I believe that it would be important for that to be included as a key provision for DCMS.

With regard to the differences between fixed networks and 5G and the implications of this Bill, in the efficacy of its methodology towards the other, there are technical differences in how 5G operates right now and how we perceive the next generation of telecommunications to operate, but those differences will change over time, I believe. They will become less distinct. It is likely that fixed networks will move towards the concept of computing on the edge, and this is indeed already happening in some senses.

As for the actual efforts to control security risk, I do not see any major differences between telecommunications suppliers and fixed network suppliers. There is the same potential risk. You mentioned the SolarWinds hack earlier. That was a fixed network supplier in a way—it was not telecommunications—but there was the same risk involved and the same means of access, through a diversified chain with limited oversight at Government level, because it is a private sector actor with limited responsibilities. That is as true in that case as it would be for a fixed network with Cisco, and as it would be with a telecoms provider by ZTE, Huawei, Ericsson or any other. I do not think there is a significant technical difference to mean that the goals and direction of this Bill could not, and perhaps should not, be applied to others.

--- Later in debate ---
Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

Q With regard to asset registry and expectations of having that, having spent a significant amount of time looking in the back offices of operators as to what they have, I know that they are certainly not up to date. We have heard from other witnesses that they do not always have up-to-date and comprehensive asset registers. To rely on an expectation seems a low bar.

Can I come on to duties? I have the Communications Act here, which has got a lot thicker since I left Ofcom. The two duties are the “interests of citizens” and the “interests of consumers” with regard to competition, but there is not a duty on security. Does that not suggest that if there is a conflict between competition or communication matters, that will be prioritised over security if there is not an explicit duty to maintain the security of our networks?

Lindsey Fussell: I think this legislation quite clearly does place explicit duties on us to monitor and enforce the compliance of operators on network security requirements. I do not see that there is any risk that we would downplay the importance of that duty in comparison with others. Clearly, it is for the Government to put forward any changes to legislation to change the balance of our duties or to add new ones, but I think the Government—and, indeed, Parliament—are asking us very clearly to take on those responsibilities through this new legislation.

To pick up on a point I made earlier, in terms of the interests of citizens and consumers, it is important to say that of course it is in the interest of citizens and consumers to have excellent networks functioning that provide them with great connectivity. If we have learned anything from this most recent period, it is how important connectivity is to everybody’s daily life. Of course, that comes across in pricing and support for more vulnerable consumers, and all those other things that we have responsibility for in telecoms.

Actually, promoting secure networks is absolutely in the interests of consumers and citizens as well, not just because of the really damaging consequences of cyber-attacks, but because, ultimately, if we are able to have better networks, that should enable greater economic innovation through 5G use cases and things like that, for example. I think in promoting the interests of citizens and consumers, telecoms security is clearly part of that.

James Sunderland Portrait James Sunderland
- Hansard - -

Q The Bill provides powers to fine vendors up to 10% of their annual turnover or up to £100,000 per day for failing to meet standards. Could I ask for your view, please, on how that compares internationally, and whether you feel that that is appropriate?

Lindsey Fussell: It is probably worth saying that, from an international perspective, although there are some other countries—notably Germany and Australia—that have started to explore strengthening their telecoms security framework, I am not aware of another country that is quite as forward leaning in terms of the framework that is being put forward in this legislation.

In terms of the fines, this is an important point—those fines match the level that we are currently able to levy in relation to our other telecoms requirements, such as breaches of our general conditions. Previously, under our past responsibilities, our fines were limited to £2 million, so really quite a small amount compared with the wealth of the largest operators. I think it is appropriate that the telecoms security fines match what we are able to do elsewhere.

The final point I would make is that fining is an incredibly useful power to have because it acts as a significant deterrent and a strong incentive for companies to comply. It is actually not the first lever that we reach for, certainly not maximum fines; it is there and we are ready to use it if we need to, but our starting point would be to work with operators on this journey as they move towards compliance as they respond to new and emerging threats.

Telecommunications (Security) Bill (Second sitting)

Debate between James Sunderland and Chi Onwurah
Committee stage & Committee Debate: 2nd sitting: House of Commons
Thursday 14th January 2021

(3 years, 11 months ago)

Public Bill Committees
Read Full debate Telecommunications (Security) Act 2021 View all Telecommunications (Security) Act 2021 Debates Read Hansard Text Read Debate Ministerial Extracts Amendment Paper: Public Bill Committee Amendments as at 14 January 2021 - (14 Jan 2021)
James Sunderland Portrait James Sunderland
- Hansard - -

No. Thank you for the answers.

Chi Onwurah Portrait Chi Onwurah
- Hansard - - - Excerpts

Q I am the shadow Minister for the Bill. Let me start by welcoming you and thanking you very much for your expert input. I particularly welcome you, Dr Bennett, for your expertise and the fact that you are the only female witness we have today—it is clear to me, as someone who worked in engineering for 20 years, that the sector’s gender balance has not improved. I hope that Parliament can do more to ensure more balance in witnesses in future.

I have questions for both of you, but let me start with Dr Bennett. I was impressed by your structured list of things that are missing from the Bill, because we are here to scrutinise the Bill and see how we can improve it. I think you talked about the breadth of the security challenge and how this Bill, as it stands, might not meet the full breadth of it. You had four areas, and I think you have run through two of them in more detail. Could I ask you to summarise again the areas that you think are missing? In particular, could you talk a little bit more about the need for improved scrutiny? Could you just summarise that and then go into more detail on the ones where you have not yet?

Dr Bennett: I said that the areas that needed to be covered were network architecture, which is the Bill’s focus, the security of the asset databases that make up the network, how to ensure security of the data passing over the network, the maintenance of security over time, and the operational costs and other impacts of compliance. I have touched on all of them, but perhaps not very much on the operational costs and impacts of compliance.

The more diversified your network, and the more small vendors there are, the harder it will be for them to maintain the level of scrutiny, record-keeping and general security that is required as their bits of the network develop and the interfaces they have with other bits of the network change over time. That is an area where the Government should consider giving help to people to cover those costs. I have said that audit is needed of the assets in the network. The costs of being audited and of dealing with audits are very high, and they are costs that small companies may not have the resources to meet.

If the Government suddenly say, “All components from supplier X must now be removed from the network because of x, y and z,” it is incumbent on the Government to have some funding to help people to do that and to ensure that that really does happen, because it could be a step too far if you have a lot of very small suppliers that do not have the resources of skills, time or money to do it. You need to think about that and about how you can ensure that they are not squeezed out of the network—this diverse network that we want—by those costs.