Telecommunications (Security) Bill Debate
Full Debate: Read Full DebateMark Pritchard
Main Page: Mark Pritchard (Conservative - The Wrekin)Department Debates - View all Mark Pritchard's debates with the Department for Digital, Culture, Media & Sport
(3 years, 12 months ago)
Commons ChamberI accept that it is not just an American issue, but it was the right thing for the wrong reasons, essentially. As I say, this political soap opera has been an unnecessary distraction when it comes to the serious matter of extracting high-risk vendors from the network, which has been slow and fragmented.
On a point of fact and detail, I recall in 2009 the Chinese Premier being with the then Prime Minister Gordon Brown in Downing Street, welcoming the strategic partnership—with an all-singing, all-dancing party in Downing Street—between Vodafone and Huawei. It is therefore a little party political to suggest that it is only the Conservatives who have perhaps taken their eyes off the ball, something which we are correcting today.
The hon. Gentleman seems to have forgotten about the former Prime Minister David Cameron and the former Chancellor of the Exchequer George Osborne, who also gave such a welcome.
It is worth outlining for the record the meandering journey that we have been on towards the publication of the Bill. The House will recall that in May 2019 the current Secretary of State for Education, the right hon. Member for South Staffordshire (Gavin Williamson) was sacked as Secretary of State for Defence following an inquiry into a leak from a National Security Council meeting at which it was reported that the Government had been advised in May 2019 to remove Huawei from the network. It was not until January this year—eight months later—that the Government decided that Huawei equipment should be excluded from the sensitive core parts of the 5G and gigabit-capable networks and from sensitive and safety-critical locations such as critical national infrastructure, and that its access to the non-sensitive parts of the network described as the “edge” would be capped at 35%.
In May, the United States imposed sanctions on Huawei through changes to their foreign direct product rules that restricted Huawei’s ability to produce important products using US technology or software. The NCSC advised that the UK could no longer be confident that it would be able to guarantee the security of future Huawei 5G equipment affected by the change in those US rules so, as the Secretary of State outlined, the Government changed their position again in July, announcing a ban on the buying of new 5G Huawei equipment after December this year and the removal of all equipment from our 5G networks by the end of 2027.
The UK has been slower to take action than our Five Eyes allies. In August 2018, the Australian Government blacklisted Huawei from the country’s 5G network in response to security advice, and New Zealand took the same decision in that same year. Our Intelligence and Security Committee made it clear 18 months ago that the debate on high-risk vendors had been “unnecessarily protracted” and damaging.
I welcome the introduction of the Bill. It is long overdue. Over the past two years, the Government have attributed a range of significant cyber-attacks to Russia, China, North Korea and Iran. Such attacks are unlikely to reduce any time soon, but our legislative and technological resilience can increase in the meantime. The UK needs to be proactive in staying ahead of its adversaries, rather than just reactive. The Bill and the National Security and Investment Bill will help in that regard.
The attacks, often through arm’s length third parties, include dangerous espionage attacks, often on the networks of companies that deliver equipment to telecom providers but whose security is currently inadequate. That can no longer be acceptable, and the Bill will go a long way to making the UK’s networks more secure.
I would like to pay tribute, as has already been done, to my predecessors on the ISC, who, in the Committee’s 2013 report “Foreign involvement in the Critical National Infrastructure”, noted that
“there is no general requirement on companies that own CNI assets to inform or consult Government prior to awarding a contract, whether that be to a UK company or a foreign company. Instead, the Government relies on informal processes or the private company taking the initiative themselves. This is far too haphazard an approach given what is at stake.”
The same Committee also stated:
“Government must have a proper procedure for assessing the risks…and also for developing a strategy for managing those risks. Crucially, this should be an integral part of the process, both before and after contracts are awarded, and not merely an afterthought.”
I hope that the Bill marks a national security turning point, where key infrastructure decisions are based on fact-based risk assessments, not on trust, commercial convenience, political convenience or naivety.
Of course, the Bill is also a recognition—I differ from some colleagues—of market failure. The dominance of major telecoms companies, driving out or buying out the competition, has led to companies such as Huawei positioning themselves as perhaps too big to fail or, in the context of the telecoms market, too big not to buy from, or too big not to supply to. In my view, that is down to political and commercial failure, and I am glad that the Government are putting wrong—putting right that wrong. [Interruption.] I was just making sure that the Minister is on his toes—not literally, but I am glad he is paying attention. I am glad that the Government are putting that right; it is long overdue, as I said.
I hope that the new diversification strategy that has been alluded to today will include enough commercial incentives to attract new vendors and suppliers into the market for the first time, or for existing providers to seek new capital raises in order to maximise new markets, many of them in the public sector—the public sector is a good customer in most cases—and global in nature.
I hope that there might be a new global collaboration in joint development of 6G, 7G and beyond. Five Eyes-based companies might be a good place to start, but trusted EU partners can play a key part too. I think about Airbus and the collaboration on civilian airframes across the world; I think about Typhoon and, prior to that, Tornado—large collaboration, R&D developmental projects that brought together trusted partners around the world to look after our national security, albeit on a different platform and in a different context.
As it stands, as we have already heard, there are only three potential suppliers of mobile access network equipment in the UK: Nokia, Ericsson and Huawei. The lack of diversity across the telecoms supply chain has invariably led—that is why we are here today—to a national dependence on limited suppliers.
The point the hon. Member makes about international co-operation is a very good one. In buying into joint efforts with allies, we have a share of the intellectual knowledge. Does he agree that that is something we would not have had with Huawei?
The hon. Gentleman is absolutely right, and I am delighted that the Secretary of State has set out that there is going to be a new national telecoms lab. I am not sure whether he has decided on the location, but I commend the telecoms expertise of Shropshire and the west midlands to the Minister.
The Government’s own telecoms supply chain review, published by DCMS in July 2019, found that
“the telecoms market is not working in a way that incentivises good cyber security”—
perhaps another example of British understatement. This Bill will end that, and rightly so.
In its October 2020 report, the Defence Committee, ably led by my right hon. and gallant Friend the Member for Bournemouth East (Mr Ellwood), concluded that the current 5G
“regulatory situation for network security is outdated and unsatisfactory.”
I thank all the members of that Committee for the work that they have done in highlighting that.
I welcome the fact that the Bill will strengthen the security framework for technology used in 5G and full-fibre networks, including electronic equipment and the hardware and software at phone mast sites and telephone exchanges, and that it will give the Government new powers to issue directions to public telecoms providers to manage the risk of perceived high-risk vendors. It is right that the Bill will allow the Government to impose controls on telecom providers’ use of any goods, services or facilities supplied by high-risk vendors.
I very much welcome the Government’s new powers to limit and remove high-risk vendors, such as Huawei, about which we have heard so much already, from the UK telecoms network. I also very much welcome the new and revised timetable that the Government have announced today for doing this. In saying that, I hope that the Government are not being overly ambitious, as we heard from other hon. Members, but it is right to establish the principle today and move more swiftly on this key issue of national security and diversity in the marketplace.
I welcome the Bill incentivising better security by financially penalising providers that operate below minimum security standards, but I hope—the Minister is here—that a carrot-and-stick approach will be the default DCMS and Ofcom approach, rather than just a stick, as it is the private sector’s co-operation that will help us to move forward on this. It is very much key to the market diversification that the Government want and, more widely, to the partnership in cyber-security resilience in both the private and public sectors. We do not want to have enmity with the very people that the Government need to work more closely with in dealing with these issues.
The Bill makes Ofcom responsible for monitoring and enforcing telecoms providers’ compliance with their security duties where providers do not meet their obligations. I gently ask the Government whether they feel that Ofcom has the necessary teeth. Will Ofcom outsource or buy in any additional and required expertise?
The Bill, rightly, does not allow vendors to have access to the UK telecoms network denied, removed or limited for any reasons other than the protection of the UK’s national security, again making sure that we are not putting up new barriers to new entrants to the marketplace. It is also welcome that the Bill does not give the Secretary of State the right to limit or remove vendors to protect or improve the commercial interests of other vendors in the marketplace. I hope that the Minister will elucidate this important point so that there can be, from today, investor, shareholder and commercial safeguards that will allow any of those reading Hansard in the private sector to be reassured.
I would like to ask the Minister some questions. How will the Government ensure that Ofcom has sufficient staff with the necessary skills to undertake this work before it assumes its new responsibilities, which are separate from the point of buying in or outsourcing? Even if someone is buying in or outsourcing, they need to have the skills to know what they are outsourcing to and for, and so it is with buying it in, making sure that they are getting the right people in.
How will the Minister’s Department ensure that Ofcom is provided with the necessary information and relevant data on what is a new area of expertise and work for it, particularly in this detail? I welcome the fact that the Bill requires the Secretary of State to lay before Parliament a copy of all designated vendor directions and designation notices, except where doing so would be contrary to the interests of national security. However, when such information cannot be laid before Parliament, as was alluded to by my right hon. Friend the Member for New Forest East (Dr Lewis), the Chair of the Intelligence and Security Committee, will the Minister undertake to provide that information to the Intelligence and Security Committee so that Parliament and the public know that there is sufficient and adequate oversight?
Finally, as the shadow Secretary of State asked, given the recent experience of the Australian Government, what can the Minister say today on the record to deter any temptation by the Chinese Government to take any similar retaliatory measures against the UK? Does he agree that if they were so tempted—I hope they would not be—perhaps the £20 billion trade surplus for China might focus calmer and more reasonable heads in Beijing today?
I hear my hon. Friend’s point, but does he not agree that one of the greatest bastions against this behaviour by the Chinese Government would be for all members of the free world, particularly the Five Eyes, to come together both to condemn their behaviour and to themselves talk about introducing sanctions against China if it carries on behaving like this?
Colleagues will be pleased to hear that I am reaching my concluding comments and I will address that question then. While I have huge respect for my right hon. Friend—he is absolutely right and has been leading the way on this and I pay tribute to him on that—there is a lot we can do with China. In fact, I will put my notes down and jump to my conclusion now.
This is not an anti-China Bill; this is not an anti-Huawei Bill. This is about ensuring the greater resilience of our national security through our telecoms infrastructure. It is not about putting up barriers to entry for existing or new companies coming into the marketplace. I agree that we have to be robust against China when that is right, but we also need to recognise that there is a lot of co-operation and collaboration with China on trade and on climate change, so we agree on many things and we disagree on many things, but I do not think talk of sanctions is necessarily right at this stage.
I support this Bill. It is long overdue; I commend the Government for bringing it forward.