(4 years ago)
Commons ChamberI welcome the introduction of the Bill. It is long overdue. Over the past two years, the Government have attributed a range of significant cyber-attacks to Russia, China, North Korea and Iran. Such attacks are unlikely to reduce any time soon, but our legislative and technological resilience can increase in the meantime. The UK needs to be proactive in staying ahead of its adversaries, rather than just reactive. The Bill and the National Security and Investment Bill will help in that regard.
The attacks, often through arm’s length third parties, include dangerous espionage attacks, often on the networks of companies that deliver equipment to telecom providers but whose security is currently inadequate. That can no longer be acceptable, and the Bill will go a long way to making the UK’s networks more secure.
I would like to pay tribute, as has already been done, to my predecessors on the ISC, who, in the Committee’s 2013 report “Foreign involvement in the Critical National Infrastructure”, noted that
“there is no general requirement on companies that own CNI assets to inform or consult Government prior to awarding a contract, whether that be to a UK company or a foreign company. Instead, the Government relies on informal processes or the private company taking the initiative themselves. This is far too haphazard an approach given what is at stake.”
The same Committee also stated:
“Government must have a proper procedure for assessing the risks…and also for developing a strategy for managing those risks. Crucially, this should be an integral part of the process, both before and after contracts are awarded, and not merely an afterthought.”
I hope that the Bill marks a national security turning point, where key infrastructure decisions are based on fact-based risk assessments, not on trust, commercial convenience, political convenience or naivety.
Of course, the Bill is also a recognition—I differ from some colleagues—of market failure. The dominance of major telecoms companies, driving out or buying out the competition, has led to companies such as Huawei positioning themselves as perhaps too big to fail or, in the context of the telecoms market, too big not to buy from, or too big not to supply to. In my view, that is down to political and commercial failure, and I am glad that the Government are putting wrong—putting right that wrong. [Interruption.] I was just making sure that the Minister is on his toes—not literally, but I am glad he is paying attention. I am glad that the Government are putting that right; it is long overdue, as I said.
I hope that the new diversification strategy that has been alluded to today will include enough commercial incentives to attract new vendors and suppliers into the market for the first time, or for existing providers to seek new capital raises in order to maximise new markets, many of them in the public sector—the public sector is a good customer in most cases—and global in nature.
I hope that there might be a new global collaboration in joint development of 6G, 7G and beyond. Five Eyes-based companies might be a good place to start, but trusted EU partners can play a key part too. I think about Airbus and the collaboration on civilian airframes across the world; I think about Typhoon and, prior to that, Tornado—large collaboration, R&D developmental projects that brought together trusted partners around the world to look after our national security, albeit on a different platform and in a different context.
As it stands, as we have already heard, there are only three potential suppliers of mobile access network equipment in the UK: Nokia, Ericsson and Huawei. The lack of diversity across the telecoms supply chain has invariably led—that is why we are here today—to a national dependence on limited suppliers.
The point the hon. Member makes about international co-operation is a very good one. In buying into joint efforts with allies, we have a share of the intellectual knowledge. Does he agree that that is something we would not have had with Huawei?
The hon. Gentleman is absolutely right, and I am delighted that the Secretary of State has set out that there is going to be a new national telecoms lab. I am not sure whether he has decided on the location, but I commend the telecoms expertise of Shropshire and the west midlands to the Minister.
The Government’s own telecoms supply chain review, published by DCMS in July 2019, found that
“the telecoms market is not working in a way that incentivises good cyber security”—
perhaps another example of British understatement. This Bill will end that, and rightly so.
In its October 2020 report, the Defence Committee, ably led by my right hon. and gallant Friend the Member for Bournemouth East (Mr Ellwood), concluded that the current 5G
“regulatory situation for network security is outdated and unsatisfactory.”
I thank all the members of that Committee for the work that they have done in highlighting that.
I welcome the fact that the Bill will strengthen the security framework for technology used in 5G and full-fibre networks, including electronic equipment and the hardware and software at phone mast sites and telephone exchanges, and that it will give the Government new powers to issue directions to public telecoms providers to manage the risk of perceived high-risk vendors. It is right that the Bill will allow the Government to impose controls on telecom providers’ use of any goods, services or facilities supplied by high-risk vendors.
I very much welcome the Government’s new powers to limit and remove high-risk vendors, such as Huawei, about which we have heard so much already, from the UK telecoms network. I also very much welcome the new and revised timetable that the Government have announced today for doing this. In saying that, I hope that the Government are not being overly ambitious, as we heard from other hon. Members, but it is right to establish the principle today and move more swiftly on this key issue of national security and diversity in the marketplace.
I welcome the Bill incentivising better security by financially penalising providers that operate below minimum security standards, but I hope—the Minister is here—that a carrot-and-stick approach will be the default DCMS and Ofcom approach, rather than just a stick, as it is the private sector’s co-operation that will help us to move forward on this. It is very much key to the market diversification that the Government want and, more widely, to the partnership in cyber-security resilience in both the private and public sectors. We do not want to have enmity with the very people that the Government need to work more closely with in dealing with these issues.
The Bill makes Ofcom responsible for monitoring and enforcing telecoms providers’ compliance with their security duties where providers do not meet their obligations. I gently ask the Government whether they feel that Ofcom has the necessary teeth. Will Ofcom outsource or buy in any additional and required expertise?
The Bill, rightly, does not allow vendors to have access to the UK telecoms network denied, removed or limited for any reasons other than the protection of the UK’s national security, again making sure that we are not putting up new barriers to new entrants to the marketplace. It is also welcome that the Bill does not give the Secretary of State the right to limit or remove vendors to protect or improve the commercial interests of other vendors in the marketplace. I hope that the Minister will elucidate this important point so that there can be, from today, investor, shareholder and commercial safeguards that will allow any of those reading Hansard in the private sector to be reassured.
I would like to ask the Minister some questions. How will the Government ensure that Ofcom has sufficient staff with the necessary skills to undertake this work before it assumes its new responsibilities, which are separate from the point of buying in or outsourcing? Even if someone is buying in or outsourcing, they need to have the skills to know what they are outsourcing to and for, and so it is with buying it in, making sure that they are getting the right people in.
How will the Minister’s Department ensure that Ofcom is provided with the necessary information and relevant data on what is a new area of expertise and work for it, particularly in this detail? I welcome the fact that the Bill requires the Secretary of State to lay before Parliament a copy of all designated vendor directions and designation notices, except where doing so would be contrary to the interests of national security. However, when such information cannot be laid before Parliament, as was alluded to by my right hon. Friend the Member for New Forest East (Dr Lewis), the Chair of the Intelligence and Security Committee, will the Minister undertake to provide that information to the Intelligence and Security Committee so that Parliament and the public know that there is sufficient and adequate oversight?
Finally, as the shadow Secretary of State asked, given the recent experience of the Australian Government, what can the Minister say today on the record to deter any temptation by the Chinese Government to take any similar retaliatory measures against the UK? Does he agree that if they were so tempted—I hope they would not be—perhaps the £20 billion trade surplus for China might focus calmer and more reasonable heads in Beijing today?