Telecommunications (Security) Bill Debate
Full Debate: Read Full DebateJamie Stone
Main Page: Jamie Stone (Liberal Democrat - Caithness, Sutherland and Easter Ross)Department Debates - View all Jamie Stone's debates with the Department for Digital, Culture, Media & Sport
(3 years, 11 months ago)
Commons ChamberI welcome the introduction of the Bill. It is long overdue. Over the past two years, the Government have attributed a range of significant cyber-attacks to Russia, China, North Korea and Iran. Such attacks are unlikely to reduce any time soon, but our legislative and technological resilience can increase in the meantime. The UK needs to be proactive in staying ahead of its adversaries, rather than just reactive. The Bill and the National Security and Investment Bill will help in that regard.
The attacks, often through arm’s length third parties, include dangerous espionage attacks, often on the networks of companies that deliver equipment to telecom providers but whose security is currently inadequate. That can no longer be acceptable, and the Bill will go a long way to making the UK’s networks more secure.
I would like to pay tribute, as has already been done, to my predecessors on the ISC, who, in the Committee’s 2013 report “Foreign involvement in the Critical National Infrastructure”, noted that
“there is no general requirement on companies that own CNI assets to inform or consult Government prior to awarding a contract, whether that be to a UK company or a foreign company. Instead, the Government relies on informal processes or the private company taking the initiative themselves. This is far too haphazard an approach given what is at stake.”
The same Committee also stated:
“Government must have a proper procedure for assessing the risks…and also for developing a strategy for managing those risks. Crucially, this should be an integral part of the process, both before and after contracts are awarded, and not merely an afterthought.”
I hope that the Bill marks a national security turning point, where key infrastructure decisions are based on fact-based risk assessments, not on trust, commercial convenience, political convenience or naivety.
Of course, the Bill is also a recognition—I differ from some colleagues—of market failure. The dominance of major telecoms companies, driving out or buying out the competition, has led to companies such as Huawei positioning themselves as perhaps too big to fail or, in the context of the telecoms market, too big not to buy from, or too big not to supply to. In my view, that is down to political and commercial failure, and I am glad that the Government are putting wrong—putting right that wrong. [Interruption.] I was just making sure that the Minister is on his toes—not literally, but I am glad he is paying attention. I am glad that the Government are putting that right; it is long overdue, as I said.
I hope that the new diversification strategy that has been alluded to today will include enough commercial incentives to attract new vendors and suppliers into the market for the first time, or for existing providers to seek new capital raises in order to maximise new markets, many of them in the public sector—the public sector is a good customer in most cases—and global in nature.
I hope that there might be a new global collaboration in joint development of 6G, 7G and beyond. Five Eyes-based companies might be a good place to start, but trusted EU partners can play a key part too. I think about Airbus and the collaboration on civilian airframes across the world; I think about Typhoon and, prior to that, Tornado—large collaboration, R&D developmental projects that brought together trusted partners around the world to look after our national security, albeit on a different platform and in a different context.
As it stands, as we have already heard, there are only three potential suppliers of mobile access network equipment in the UK: Nokia, Ericsson and Huawei. The lack of diversity across the telecoms supply chain has invariably led—that is why we are here today—to a national dependence on limited suppliers.
The point the hon. Member makes about international co-operation is a very good one. In buying into joint efforts with allies, we have a share of the intellectual knowledge. Does he agree that that is something we would not have had with Huawei?
The hon. Gentleman is absolutely right, and I am delighted that the Secretary of State has set out that there is going to be a new national telecoms lab. I am not sure whether he has decided on the location, but I commend the telecoms expertise of Shropshire and the west midlands to the Minister.
The Government’s own telecoms supply chain review, published by DCMS in July 2019, found that
“the telecoms market is not working in a way that incentivises good cyber security”—
perhaps another example of British understatement. This Bill will end that, and rightly so.
In its October 2020 report, the Defence Committee, ably led by my right hon. and gallant Friend the Member for Bournemouth East (Mr Ellwood), concluded that the current 5G
“regulatory situation for network security is outdated and unsatisfactory.”
I thank all the members of that Committee for the work that they have done in highlighting that.
I welcome the fact that the Bill will strengthen the security framework for technology used in 5G and full-fibre networks, including electronic equipment and the hardware and software at phone mast sites and telephone exchanges, and that it will give the Government new powers to issue directions to public telecoms providers to manage the risk of perceived high-risk vendors. It is right that the Bill will allow the Government to impose controls on telecom providers’ use of any goods, services or facilities supplied by high-risk vendors.
I very much welcome the Government’s new powers to limit and remove high-risk vendors, such as Huawei, about which we have heard so much already, from the UK telecoms network. I also very much welcome the new and revised timetable that the Government have announced today for doing this. In saying that, I hope that the Government are not being overly ambitious, as we heard from other hon. Members, but it is right to establish the principle today and move more swiftly on this key issue of national security and diversity in the marketplace.
I welcome the Bill incentivising better security by financially penalising providers that operate below minimum security standards, but I hope—the Minister is here—that a carrot-and-stick approach will be the default DCMS and Ofcom approach, rather than just a stick, as it is the private sector’s co-operation that will help us to move forward on this. It is very much key to the market diversification that the Government want and, more widely, to the partnership in cyber-security resilience in both the private and public sectors. We do not want to have enmity with the very people that the Government need to work more closely with in dealing with these issues.
The Bill makes Ofcom responsible for monitoring and enforcing telecoms providers’ compliance with their security duties where providers do not meet their obligations. I gently ask the Government whether they feel that Ofcom has the necessary teeth. Will Ofcom outsource or buy in any additional and required expertise?
The Bill, rightly, does not allow vendors to have access to the UK telecoms network denied, removed or limited for any reasons other than the protection of the UK’s national security, again making sure that we are not putting up new barriers to new entrants to the marketplace. It is also welcome that the Bill does not give the Secretary of State the right to limit or remove vendors to protect or improve the commercial interests of other vendors in the marketplace. I hope that the Minister will elucidate this important point so that there can be, from today, investor, shareholder and commercial safeguards that will allow any of those reading Hansard in the private sector to be reassured.
I would like to ask the Minister some questions. How will the Government ensure that Ofcom has sufficient staff with the necessary skills to undertake this work before it assumes its new responsibilities, which are separate from the point of buying in or outsourcing? Even if someone is buying in or outsourcing, they need to have the skills to know what they are outsourcing to and for, and so it is with buying it in, making sure that they are getting the right people in.
How will the Minister’s Department ensure that Ofcom is provided with the necessary information and relevant data on what is a new area of expertise and work for it, particularly in this detail? I welcome the fact that the Bill requires the Secretary of State to lay before Parliament a copy of all designated vendor directions and designation notices, except where doing so would be contrary to the interests of national security. However, when such information cannot be laid before Parliament, as was alluded to by my right hon. Friend the Member for New Forest East (Dr Lewis), the Chair of the Intelligence and Security Committee, will the Minister undertake to provide that information to the Intelligence and Security Committee so that Parliament and the public know that there is sufficient and adequate oversight?
Finally, as the shadow Secretary of State asked, given the recent experience of the Australian Government, what can the Minister say today on the record to deter any temptation by the Chinese Government to take any similar retaliatory measures against the UK? Does he agree that if they were so tempted—I hope they would not be—perhaps the £20 billion trade surplus for China might focus calmer and more reasonable heads in Beijing today?
Follow that if you can.
The hon. Member for Beckenham (Bob Stewart) and the right hon. Member for North Durham (Mr Jones) make the point: it is about security, absolutely. Anyone who thinks that there are not states out there, which have been named here today, that are not about the UK’s good health, is kidding themselves; it is as simple as that. We have come a long way since the Westminster Hall debate earlier this year, if my memory serves me rightly, but I always think that a late convert is the best convert of all, and we are where we are today. My party and I support the Bill at this stage.
It is an incredibly complex situation, which gets more complex almost by the month and the year. Frankly, the whole subject of cyber-security terrifies me. When I first came down here three years ago, a humble—no, I will not say a humble crofter, because that nomenclature belongs to another Member on this side of the House. When I came down here from the highlands, the situation was forcibly brought home to me when I went to Estonia with the Armed Forces Parliamentary Scheme. I was firmly instructed by a Sergeant Major from the 3rd Battalion the Yorkshire Regiment on no account whatever to turn on my mobile, otherwise a state not terribly keen on our good health would simply triangulate in on me, and would probably try to hack in; that brought it home to me in no uncertain terms.
In the short time available—I will try to be as good as the hon. Member for Beckenham—I want to make two points. The first was touched on, correctly, by the shadow Secretary of State: there is, alas, an unsavoury side to the way in which China does some things. We are all aware of the reports coming out of that country of the horrendous abuse of the Uyghur people in Xinjiang province; it is an ugly scene. A recent report suggests that some 82 foreign and Chinese companies benefit from the forced labour programme by the Chinese Government. Of course, the Chinese Government would say, “No, no, no. That’s not right at all. It’s not forced labour; it’s not like that.” They have described it as “detention centres”, “re-education” facilities and—this is quite sinister—“de-extremification” camps. They have contorted their language quite deliberately to cover this stuff up. I make no apologies for saying these things. I had hoped that a state being able to behave in that way had been left behind in 1945 or the end of Stalin’s Russia, but, alas, all is not as it should be.
I welcome this Bill as being a bit like the Government discovering their moral compass. Coming away from Huawei has the benefit that we are helping, in our small way, to bring an end to this sort of behaviour by China. It is only a first step. We are going to have to co-operate with other nations. There is a great benefit to what the right hon. Member for New Forest East (Dr Lewis) said, about an alliance with Five Eyes, but that is for another day. The road ahead is beyond our borders. As a good Liberal Democrat, I would make this point: not only should we co-operate as much as we can with Five Eyes, who are crucial to our security and defence, but we should also try to maintain the best possible relationship with our friends in the European Community.
Let me turn to my second point. The hon. Member for Gordon (Richard Thomson) made an excellent speech, and said that 4G and 3G are, at best, patchy. I am afraid that my constituents might be afforded a hollow laugh if I talk about the roll-out of 5G, because in so many parts of Caithness, Sutherland and Easter Ross, there are not a lot of Gs at all—it is not particularly good.
My appeal to Her Majesty’s Government is that they try to address the inequality of provision as they roll out 5G. It is wrong that people should be disadvantaged simply because of where they live. All United Kingdom citizens have a right to these services, and it is fundamental to the way we think of ourselves as a nation—we believe in fairness and fairness of provision. As we come out of this dreadful pandemic, we will have to punch above our weight economically, and access to 5G means that we can mobilise our bright innovators and entrepreneurs all over the United Kingdom, whether they live in the glens and straths of Sutherland, the central belt of Scotland or down here in England.
I will conclude with two points. First, I agree that the 5G diversification strategy brings great opportunities. There will be a financial injection into the UK economy, which will be incredibly useful. Secondly, the right hon. Member for North Durham (Mr Jones) was spot on: it is not just about the hardware. It is about the software and the clever things we do to safeguard ourselves from cyber-attacks, because as I described with the example of the iPhone in Estonia, there are people and states out there who are not for the good of our health.