Lord Griffiths of Burry Port (Lab)

- Hansard -

Copy Link

- - Excerpts

My Lords, I am grateful to the Minister for that Statement and for the reassurance given in large measure by what she read to us. Of course, a number of questions are left open and will emerge. Given the time that was available to me to read the various pieces of literature, my questions will be bundled out and no doubt brought into more coherent shape as time passes.

I note that we are promised “world-leading” primary legislation but are not given an exact time. Yesterday, the word was mañana. Today, in answer to the question of when, the reply is, “at the earliest opportunity.” I am becoming accustomed to the various euphemisms for mañana that are put forward in government reports. It will be a new, comprehensive telecoms security regime. I suppose that the various measures that will be necessary to make sure that we oversee activity in this area will be set out in detail. It would be reassuring to have “at the earliest opportunity” unpacked, if that is at all possible, because we are in an area where developments happen so quickly that the more time that lapses, the more behind the action and the curve we become.

I note that, as the UK’s 4G network relies on Huawei, achieving zero presence today would be near impossible, so I suppose that a reduction to 35% is welcome. But will this reduce over time to wean operators off the Chinese provider, or will 35% be an enduring figure?

The NCSC’s security analysis, which again I read very quickly, concludes that

“threat analysis highlights that our telecoms sector is potentially vulnerable to a range of cyber risks. This analysis is backed up by evidence generated from security testing of telecoms networks and by security incidents.”

In other words, the risks are high—an added pressure, perhaps, to ensure that not too much time elapses before measures are brought before us.

There is talk of the diversification of vendors and the categories under which they might be grouped, but there is not much reference to help us to understand how much home-produced material or producers will come forward. There are a number of players on the global scene. Is the activity lively in our economy and will it produce its own home-produced involvements in the provision of these measures?

Under the objective factors that help us to identify high-risk vendors, the claim is that we know more about Huawei and the risks it poses than any other country, so, whatever investigations have taken place, it puts us in prime position—according to the claims made here—to know the mind of Huawei, its activities and all the rest of it. That leads me to ask: if that is the case, how do we measure Huawei’s performance against its domestic security laws? How did Huawei pass, given China’s law on compliance with state intelligence services and co-operation with the police in the mass detention of Uighur Muslims in Xinjiang, for example?

In other words, Huawei gets in at 35%. We welcome that, but suppositions and assumptions are made about Huawei that we still need to have clarified for us. A lot seems to go by on just remarks, assumptions and general statements. Attracting established vendors not present in the UK and new disruptive entrants in promoting open interoperable standards is welcome. But, given the subsidies that Huawei is said to use to get market access, how do we know whether the subsidies exist and how much they amount to, and how will new entrants compete tomorrow when they cannot today? Those are just a few of the questions that occur to me.

I should say that one or two of the quotations I have used in making my remarks are attributable to members of the noble Baroness’s own party—so these concerns are felt by all of us. So we welcome what is happening today because it does set a direction of travel—but we travel with a few questions that are still waiting to be answered.

Baroness Morgan of Cotes

- Hansard -

Copy Link

- - Excerpts

I thank both noble Lords for their comments. Quite a lot of points have been raised and I am conscious that other noble Lords want to speak, so I shall try to deal with them quickly. The noble Lord asked when the legislation would be ready. Of course, it has not been possible to prepare the legislation until the decision made today by the National Security Council, but we are all very conscious of the need to legislate early. What today’s announcement means is that the National Cyber Security Centre is able to issue guidance to providers. Until now we have not had the ability, other than by asking nicely, to say, “Please do not use more than a certain percentage of high-risk vendor equipment in your networks”. The NCSC will be able to issue that guidance and that will by confirmed by legislation, which, as the noble Lord said, will provide for a legal enforcement mechanism by the regulator.

As both noble Lords have hinted, I am absolutely certain that noble Lords and Members of the other place will appreciate that this is a very complex decision, a point I touched on in the Answer to the Urgent Question that I repeated yesterday. There are undoubtedly concerns across the House—from Members of all backgrounds, regardless of which committees they have sat on—about the decision taken. People have different reasons for feeling that way.

The noble Lord mentioned the rollout of 5G and the speed; it is happening quickly and accelerating. Again, that is part of the reason for needing to take this step today: to be able to say to providers that there is a percentage above which they must not go on the edge of that rollout of 5G networks for high-risk vendors. I said in my Statement and reiterate that through market diversification we absolutely want to reduce the reliance on high-risk vendors over time. We want to get to a position in which we do not have to use a high-risk vendor in our telecoms network. That also ties in with the suggestion from the noble Lord, Lord Griffiths, who mentioned home-grown capability. The reality is that this is a market failure that we are dealing with. Although we have many excellent telecoms companies in this country, we do not have those that are making this equipment in such a world-leading way. As part of the diversification strategy, we therefore need to increase dramatically the amount of funding support we give to the research and development of companies in countries that we tend to work with and consider our allies, as well as the UK, to help plug this gap.

We know more about Huawei thanks to the actions taken over the years. Huawei started to be in our networks from 2006. In a way, the high-risk vendor test is perhaps not about meeting the criteria but about not meeting them. If the company does not meet them —in the sense that it operates in a system in which the Government expect companies or individuals to act in accordance with their wishes—that means the high-risk vendor test has not been met, so it is a high-risk vendor. Of course, the work of our services and the advice given to the National Security Council by the services is very much evidence-based.

The noble Lord, Lord Campbell, mentioned the Intelligence and Security Committee. I was struck yesterday when a member of the Intelligence and Security Committee in the previous Parliament said in the other place that he felt the risks with Huawei could be mitigated. Perhaps it depends on the evidence and inquiries that different Members have been involved with.

In relation to the Five Eyes relationship, the Prime Minister has spoken to President Trump. A number of us have been engaged in discussions with US counterparts over the last few months, and of course account has been taken of everything they have raised with us, but—because of our experience with Huawei and where we are on 4G and 5G—the view is taken that we are able to mitigate these risks. That is the advice we have had. I said in my remarks that today’s decision does not affect our ability to share sensitive intelligence data over highly secure networks both within the UK and with our partners, including the Five Eyes.

As I said in my Statement, it is not possible to exclude all risks in relation to telecoms. Cybersecurity and malicious cyberactivity are a 21st-century danger to all countries. That does not mean we should not have sophisticated telecoms networks and 5G networks. It means we have to be realistic about the risks and how we mitigate them. Finally, I absolutely assure the noble Lord, Lord Campbell, that in no way would this Government ever compromise national security, even for the very worthy goal of making sure that people in this country have access to broadband.