Telecommunications (Security) Bill (Third sitting) Debate
Full Debate: Read Full DebateDepartment: Department for Digital, Culture, Media & Sport
James Wild
Main Page: James Wild (Conservative - North West Norfolk)Department Debates - View all James Wild's debates with the Department for Digital, Culture, Media & Sport
Telecommunications (Security) Bill (Third sitting)
James Wild ExcerptsTuesday 19th January 2021
(3 years, 10 months ago)
Public Bill CommitteesRead Full debate Telecommunications (Security) Act 2021 View all Telecommunications (Security) Act 2021 Debates Read Hansard Text Read Debate Ministerial Extracts Amendment Paper: Public Bill Committee Amendments as at 26 January 2021 - (26 Jan 2021)
The Chair
Thank you both very much. James Wild will start the questions, followed by Sara Britcliffe.
James Wild (North West Norfolk) (Con)
Q
The Chair
Simon Saunders?
Lindsey Fussell: I think I will lead on that one, if that is all right. Thank you for the question. I will start by clarifying Ofcom’s role in the two parts of the Bill—I am sure we will talk about both. We have a significant role in relation to the telecoms security requirements, where we will have the obligation of monitoring and enforcing operators’ compliance against them. In relation to high-risk vendors, our involvement is rather more limited. The Secretary of State will have the power to direct us to collect factual information from the operators, but the question of monitoring, compliance and enforcement then rests with the Secretary of State. I thought it might be helpful to clarify the two different roles before we got going.
In relation to telecoms security, as you say, these are important new responsibilities. We have existing responsibilities for network security—and have had since 2011, albeit in a more limited way—so we have a network security team in place. We are also very familiar with monitoring clients and enforcement, and with working with precisely the same set of operators that we will hear about on the remit of other responsibilities, so we have a base to start from. That absolutely does not underplay the difficulty, importance and challenge of building up our resources to deal with this. We anticipate that the cost will be around £6 million to £7 million in steady state, and we will build up a team of probably 40 to 50 new people and new resources to cope with those responsibilities.
The Chair
Simon, do you have anything to add?
Simon Saunders: On our capabilities relevant to the expectations end of things, we are building on our existing capability, working with mobile operators and network providers on the equipment and the software. That is spread across Ofcom, in the leading networks group that Lindsey leads, the spectrum group, and indeed in our technology group, which I look after. In the relevant teams, we have been adding capabilities in with recent experience, with the mobile operators and mobile networks applying the formal diversification.
James Wild
Q
Lindsey Fussell: We have indeed already started to build up our team, and have had some success in recruiting people with experience of network security—from the operators, for example. We do not underplay the difficulty of doing that; I completely agree that those are sought-after resources. Frankly, it is unlikely that we will be able to compete on salary. The type of people we attract are those who are interested in looking at these questions from that broader perspective—looking across the industry—rather than in their previous roles in companies.
We have found that we can have some success in that, but we will also have to be creative in the way that we approach this. We are thinking about how we can build up a pipeline, for example. The NCSC has accredited a number of university courses, and we are looking at how we, alongside the NCSC, can pick graduates up from those courses, for example, to build up a future pipeline of staff, as well as bringing in people with more direct experience.
The Chair
Simon, do you have anything to add?
Simon Saunders: No, not in that area. It might be relevant to mention, just to make the point that it can be done, that I actually joined Ofcom from a role at Google.