Telecommunications (Security) Bill (Sixth sitting)
Matt Warman ExcerptsThursday 21st January 2021
(3 years, 3 months ago)
Public Bill CommitteesRead Full debate Telecommunications (Security) Act 2021 View all Telecommunications (Security) Act 2021 Debates Read Hansard Text Read Debate Ministerial Extracts Amendment Paper: Public Bill Committee Amendments as at 21 January 2021 - (21 Jan 2021)
Mr Jones
My hon. Friend makes the point precisely: the way in which telecoms have developed in this country has been piecemeal, only developing now into the four main operators. I hope we will try to get others into the market.
We are to blame for that, as consumers, because we have demanded ever lower prices for our mobile services. Does that suggest that the operators have taken shortcuts? No, I am not suggesting that, but consumer preferences have driven down price, and therefore the costs of what those operators provide in delivering the services that we all take for granted. Let us be honest: the Chinese saw the opening door for Huawei—that is why they bought into and flooded the market, putting Government loans behind it. Can we blame the operators for saying, “Well, actually, this is a good deal—we can get good deals”? But they cannot.
I am interested to know from the Minister how, looking forward, we are going to do that. I accept that something will be done under the regulations that the Government will put out, but how will we look backwards as well? As my hon. Friend the Member for Newcastle upon Tyne Central said, there is a lot of legacy equipment there, and it is important for Ofcom to have a clear understanding of what is in the networks.
The Parliamentary Under-Secretary of State for Digital, Culture, Media and Sport (Matt Warman)
It is a pleasure to serve under your chairmanship, Mr McCabe.
We are redefining UK telecoms security, but I worry that we are also redefining the aspiration of the hon. Member for Newcastle upon Tyne Central to crack on, so I will try to be brief. The good news that I can deliver, briefly, is how the aspirations of both the hon. Lady and the right hon. Member for North Durham are met in the legislation, and how we envisage those aspirations’ being implemented.As the Committee is aware, the Government have published an early draft of the security regulations. Certain draft requirements are relevant to the aims that we have talked about today. If hon. Members look at regulation 3(3)(a), with which they will be familiar if they are insomniacs, they will see a duty for network providers
“to identify, record and reduce the risks of security compromises to which the entire network and each particular function… of the network may be exposed”.
That is already there and key to the issues that hon. Members have been talking about.
Chi Onwurah
I had looked at those requirements. I appreciate that they are drafts, but they talk about identifying issues. They do not say “audit”.
Matt Warman
I think this would be impossible to identify without carrying out some kind of audit. There is a danger of a semantic argument, but I understand the point the hon. Lady is making. We want people to be in the position to make the kind of identifications that we are requiring. I do not see how they could do that without the records to which she refers, in terms of both the existing kit and future kit that they might put into their network.
Christian Matheson (City of Chester) (Lab)
This is an important point. The criticism that I will articulate later is that too much of the Bill is based on an assumption that the players in the sector will automatically do the right thing. For example, there is an assumption of a dialogue between Ofcom and the major players. Will the Minister think about whether he is satisfied that an assumption goes far enough in something as important as this?
Matt Warman
The regulation that I cited is an example of the Government not relying on assumptions. It is an example of us publishing, in advance, exactly the sort of material that demonstrates that this is not assumptions, and that it is there in black and white. That is an important distinction and it demonstrates the cross-party consensus that we have had thus far. We continue to be on the same page in terms of the level of detail required.
The evidence sessions with industry demonstrated that national providers already maintain some asset registers. Witnesses were clear that those registers are maintained and updated as technologies are updated. That is an important part of the existing landscape, but our regulations will ensure this kind of best practice is extended across public telecoms providers.
In addition, the Bill contains measures with regard to the use of particular vendors’ equipment. Inspection notices under clause 19 enable Ofcom to carry out surveys of a specific network or service where Ofcom receives a monitoring direction from the Secretary of State to gather information on a provider’s compliance with a designated vendor direction. Alongside that, clause 23 enables the Secretary of State to require the provision of information about the use of goods, services or facilities supplied, provided or made available by a particular person. That could be used to require information about a provider’s use of a particular vendor’s equipment.
Taken together, the issues that have been raised are not only entirely legitimate, in the view of the Government, but are addressed in black and white already, both in the Bill itself and in the drafts that we have published. We are ensuring that “hardware of interest,” whatever that might be, is subject to proper oversight and monitoring. That objective does not need the approach that might come as a consequence of this amendment, because it is already there. For that reason, I welcome the probing nature of the amendment. I hope that my answer has satisfied some of the concerns, and I look forward to doing so further in future answers.
Chi Onwurah
It is a pleasure to serve under your chairmanship, Mr McCabe, and I thank the Minister for his comments. I also thank my right hon. Friend the Member for North Durham and my hon. Friend the Member for City of Chester for their comments. This amendment is probing, so we will not push it to a Division. I would like to say two things to the Minister. Although it is true that the providers were confident that they had an asset anywhere their equipment was, other experts who gave testimony in the evidence sessions were not. My experience of networks is that there are multiple systems and this information is not easily accessible or searchable.
I am reassured by the Minister saying that his view is that these requirements could not be met without there having been some kind of audit, to have that information ready. I ask him to write to me, if possible, stating which provisions in the requirements set that out. I beg to ask leave to withdraw the amendment.
Amendment, by leave, withdrawn.
Question proposed, That the clause stand part of the Bill.
Matt Warman
It is good to reach this landmark point. I do not propose to go over all the ground we have covered, because we have already covered a large chunk of this in discussing the amendments.
As I mentioned, proposed new section 105A means that telecoms providers will need to take appropriate action to ensure adequate security standards and limit the damage caused by any breaches. To support that duty, the proposed new section will create a new definition of “security compromise”. The definition is purposely broad. It includes anything that compromises the availability, performance or functionality of a network or service, or that compromises the confidentiality of the signals conveyed by it. That addresses some of the points made by the right hon. Member for North Durham a moment ago. This is a comprehensive approach that will help to ensure providers protect their networks and services properly in the future.
Earlier, I mentioned law enforcement and national security. This part of the Bill excludes certain conduct that is required or authorised under national security legislation or for law enforcement from the definition of “security compromise” in subsections (3) and (4). Those subsections also clarify the fact that, for example, disruption of the use of unauthorised mobile phones in prisons would not be a security compromise.
Proposed new section 105B will give powers to the Secretary of State to make regulations imposing duties to take specific security measures. The power will enable more detailed requirements to be imposed on providers, further to the overarching duty set out in proposed new section 105A(1). This will give greater clarity to providers about the measures that they must take. It will also allow the legal framework to be adapted as new threats arise and technology changes.
These security requirements deliver on our commitment in the telecoms supply chain review to place targeted, actionable and proportionate requirements on a statutory footing. Taken together, the new overarching security duty and requirements will, in secondary legislation, make clear what the Government expect of public telecoms providers. The provisions in the clause are crucial for improving the security of our telecoms infrastructure.
Chi Onwurah
As the Minister says, reaching the end of consideration of clause 1 is a landmark. We are cracking on at a slower pace than anticipated, but it is important that we have rehearsed a number of the arguments that you will hear, Mr McCabe, throughout our detailed scrutiny of the Bill.
Those arguments relate to our concerns with regard to national security, which Labour prioritises, yet we do not see that priority recognised consistently in the Bill; the effective plan to diversify supply chains on which it depends, but which it does not mention; and the scrutiny of the sweeping powers that the Bill will give to the Secretary of State and Ofcom. Those issues all arise in the clause, although we welcome the Bill and the increased duties. Will the Minister clarify the relationship between proposed new section 105A and proposed new section 105B? If he cannot do so now, perhaps he will write to me.
Matt Warman
I am happy to write to the hon. Lady on the matter she has discussed. We anticipate draft directions in due course that will be network specific, because each network is different, but the overall tenor will be in the same direction. This is probably a matter that we can talk about outside the Committee in a bit more detail to make sure she gets the answers she wants.
Question put and agreed to.
Clause 1 accordingly ordered to stand part of the Bill.
Clause 2
Duty to take measures in response to security compromises
Question proposed, That the clause stand part of the Bill.
Matt Warman
We are one thirtieth of the way there. The clause will place a duty on providers to take measures in response to security compromises through proposed new section 105C. When managing security, providers should seek to reduce the risk of security compromises occurring under their duty in proposed new section 105A. As security threats and attacks evolve, it will never be possible for providers to reduce that risk to zero. Therefore, should a security compromise occur, it is crucial that providers take swift and effective action to mitigate its effects. Taking action quickly will also help to mitigate the risk of any further incidents.
Mirroring the approach taken in clause 1, the new duty in proposed new section 105C is overarching and sets out a general duty on providers. It is supported by proposed new section 105D, which will provide the Secretary of State with powers to make regulations requiring providers to take specific measures in response to security compromises of a description specified in regulations. Although it will clearly not be possible to anticipate every security compromise that might occur and to set out how providers should respond, this will enable more detailed provision to be made in appropriate cases. Measures can be specified in the regulations only where the Secretary of State considers those measures appropriate and proportionate.
In practice, the first set of requirements will be contained in a single set of regulations made under the powers of proposed new sections 105B and 105D. A draft of the regulations has already been made available to members of the Committee, and published on gov.uk. Regulations made using this power will give providers clarity about the measures that they need to take, and having those measures set out in secondary legislation has the benefit of allowing the regulations to be reviewed as technology and security threats change over time.
In summary, this duty on providers is an integral part of the new framework, which will ensure providers take control of the security of their networks and services at a time when the UK stands on the cusp of a 5G and full fibre revolution. We must keep those technologies secure to enjoy their full benefit, and the clause is essential to doing that.
Chi Onwurah
We are cracking on: clause 2 is taking but a few minutes. The Opposition recognise the critical importance of our network providers taking responsibility for the security of their networks, and that there can never be a zero-risk network. Given that network communications are ever present in almost every aspect of our life and of our nation’s economy and security, it is right and appropriate that the Bill should put requirements in place, both on the operators and in response to specific security compromises.
I should like to have better understood how we would expect network operators to respond to a compromise such as the SolarWinds one, for example, but I expect that the clause will at least place the right duties on network operators, and I am content that it should stand part of the Bill.
Question put and agreed to.
Clause 2 accordingly ordered to stand part of the Bill.
Chi Onwurah
I rise to support my right hon. Friend’s excellent comments and to add a couple of points on amendment 10, which would require the Secretary of State to consult the National Cyber Security Centre before issuing a code of practice about security matters. My right hon. Friend spoke ably about the amendment’s intent to ensure security input on national security measures. That sounds basic, so I hope the Minister will explain why he feels it is unnecessary to make that explicit in the Bill. My right hon. Friend suggested that perhaps it should go without saying, but as we heard in the evidence sessions and have already discussed, the evolving security landscape and the change that the Bill represents, through the new powers for the Secretary of State and Ofcom, make it particularly important to set that out expressly.
The Bill looks at many issues to ensure the security of our networks from supply chains to requirements on network providers as well as raising technical issues, and Ofcom will need to do a lot specifically, so it is important to have a specific reference to the security function of the National Cyber Security Centre.
It came across clearly in the evidence sessions that Ofcom will not be making national security judgments. Lindsey Fussell said:
“It is important to say that, across the scope of the whole Bill, it is not Ofcom’s role to make national security judgments. That is really important. Clearly, that is the Government’s and the Secretary of State’s role, taking advice from the NCSC and the intelligence agencies.”—[Official Report, Telecommunications (Security) Public Bill Committee, 19 January 2021; c. 89, Q113.]
In introducing the code of practice, it is essential to ensure that security input and expertise. I do not see why the Minister would object to including such a requirement in the Bill. Unfortunately, we are not always as joined up as we would like to be. There are numerous examples of issues that could have been prevented, had agencies of Government done what might have been expected of them and talked to teach other. As the Bill involves network operations and deep technical and security issues, a requirement to consult the NCSC is particularly important, and that is what the amendment would achieve.
Matt Warman
I apologise in advance, having said that we should crack on, for detaining the Committee for a few minutes on this group of amendments. They relate to clauses 3 and 4, which deal with the codes of practice for security measures and informing others of security compromises. Ultimately, the new telecoms framework comprises three layers. There are strengthened overarching security duties set out in the Bill, there are specific security requirements in secondary legislation, and there are detailed technical security measures in codes of practice. Clause 3 deals with the final layer of the new security framework. Specifically, it provides the Secretary of State with the power to issue and revise the codes of practice and sets out the legal effects of any published codes of practice.
Clause 4 addresses what would happen should there be a security compromise. It puts in place a process for users to be informed of significant risks of a security compromise. The clause also places a duty on public telecoms providers to inform Ofcom of any security compromises with significant impacts, and it creates the power for Ofcom to inform other persons in turn, including users.
I turn now to amendment 5, which seeks to ensure that the NCSC is also informed of security compromises. From a drafting point of view, the NCSC is part of GCHQ, and I take the amendment to refer to GCHQ in that sense. Within the new telecoms framework, the Department for Digital, Culture, Media, and Sport will set the policy direction, Ofcom will regulate and the NCSC will provide technical and security advice. As the UK is an world-leading national authority on cyber-security, we expect the NSCS to share its expertise with Ofcom in order to support the implementation of a new telecoms security framework.
For that reason, the Government absolutely agree that it is crucial that the NCSC receives information about telecoms providers’ security. That is why such information-sharing provisions already exist. Under section 19 of the Counter-Terrorism Act 2008, Ofcom or the Secretary of State is able to share with the NCSC any information that would support the NCSC in carrying out its functions. That would of course include the passing on of details of security incidents. Under new section 105L of the Communications Act 2003, which this Bill inserts, Ofcom must report all serious security incidents to the Secretary and State and can pass on information about less serious incidents as well. On receiving such information, the Secretary of State can then share the information with the NCSC, as I have set out. Although these probing amendments are well-intentioned, it is obvious that the provisions are already there.
Chi Onwurah
I thank the Minister for his response to the amendments. He is focusing on the fact that it is possible for information to be shared, but it is not required. I understand that the Bill as drafted, and preceding best practice, means that it is possible for information to be shared. My concern is that it is not required.
Matt Warman
I understand the hon. Lady’s point, and I will come to something that I think will address it in a moment. Before I do, I will speak to amendments 6 and 10, as they would be functionally identical amendments to new section 105F in clause 3.
New section 105F sets out the process for issuing a code of practice. It requires a statutory consultation on a draft code of practice with the providers to whom the code would apply, Ofcom and other persons such as the Secretary of State considers appropriate. The amendments would apply an additional requirement to formally consult the NCSC when publishing a draft code of practice. I can reassure the Committee that we will continue to work closely with technical experts at the NCSC, as we have done over a number of years.
The telecoms supply chain review demonstrated the Department’s capability to work with our intelligence and security experts to produce sound recommendations, backed by the extensive and detailed security analysis that I know Members of all parties would like to see. That initiated the next phase of the collaborative work that culminated in the introduction of the Bill, and the codes of practice continue that theme. The purpose of such codes is to provide technical security guidance on the detailed measures that certain public telecoms providers should take to meet their legal obligations.
We have already been clear that NCSC guidance will form the basis of an initial DCMS-issued code of practice. The NCSC has already developed a set of technical measures that is in the process of being tested with the industry, and those technical measures have been refined and improved over the last two years. The NCSC will continue to update the measures to reflect any changes in the landscape of threats, as the right hon. Member for North Durham described, and the relationship between the work of the DCMS and that of the NCSC means that such changes would be reflected in the code of practice. Alongside the DCMS and Ofcom, the NCSC will play a key role in advising public telecoms providers on how to implement detailed codes of practice.
Mr Jones
I agree with the Minister, in the sense that I think he and the Secretary of State at the DCMS are committed to there being very close working, but as I said, he ain’t gonna last forever. An issue will come up —in fact, it came up last night on the National Security and Investment Bill—when operators and others say, “Actually, from a commercial point of view, this is more paramount,” or, “This is what we should be doing.” The Secretary of State will come under a lot of pressure to perhaps look at prosperity issues rather than security issues. I just wonder whether, without the relevant provision in this Bill, a future Secretary of State could say, “Well, I’m going to ignore that issue, because I want to pander to”—well, not pander to—“accept the commercial and prosperity arguments.”
Matt Warman
The right hon. Gentleman keeps going on about ministerial impermanence, but I will not take it personally.
Matt Warman
Too kind! The key part to this is that, obviously, Ofcom remains an independent regulator and will be working closely with others. The right hon. Gentleman makes a fair point about the inevitable balance between national security and a whole host of other issues, but ultimately that independence is absolutely essential. In the light of our long-standing and established working relationships across the DCMS, NCSC and Ofcom, it seems reasonable to say that there is a track record demonstrating what he has asked for. But given the Committee’s interest in the role of the NCSC in this regime, I will just make one last point. Its role is not explicitly described in the Bill, as the NCSC already has a statutory remit, as part of GCHQ, to provide technical security advice and to receive information on telecoms security for the purpose of exercising that function.
The NCSC and Ofcom will very soon publish a statement setting out how they will work together. I think that addresses some of what the hon. Member for Newcastle upon Tyne Central mentioned; I believe she has some familiarity with Ofcom. I think it is right, because they are independent, that that statement comes from them, as well as the Government expressing a view on this. The statement will include information on their respective roles and their approach to sharing information on telecoms security, and it should provide greater clarity, which hon. Members are entirely legitimately asking for, about the NCSC’s role, including how it will support Ofcom’s monitoring, assessment and enforcement of the new security framework.
I hope that the sorts of matters that I have talked about provide the kind of reassurance that Members have asked for.
Mr Jones
A statement is a welcome step forward, but—the Minister can write to me on this; he need not respond to me today—what is its legal weight? Again, I am not wanting to consider the Minister’s demise, but I would like to know that future Secretaries of State and Ministers will use it as the template and will not be able to say, “Well, we are going to ignore that statement.” That would be very welcome, because it would bind the two organisations together, which is important, and ensure that the security aspects were taken into consideration, but will the Minister just write to me, saying what weight the statement would have? I have to say that I sympathise; I do not like Christmas tree Bills that start having things added on. If it could be done in a complete way, I would be quite happy with that. The only thing that I want to know is, basically, what its status will be in future. I beg to ask leave to withdraw the amendment.
Amendment, by leave, withdrawn.
Question proposed, That the clause stand part of the Bill.
Matt Warman
The Committee has already heard me talk about some of this, but I think it important to provide a little more detail. The code of practice, which we have discussed, is a fundamental building block of the regime and will contain more specific information on how telecoms providers can meet their legal duties. It will provide guidance on how, and to what timescale, certain public telecoms providers should comply with their legal obligations, and will be based on technical analysis by the NCSC. Individual measures will therefore reflect the best protections against the most pressing threats to network security. The code will, for example, set out the detailed technical measures that should be taken to segregate and control access to the areas of networks that process and manage customers’ data.
We recognise of course that different companies have different ways of setting up and running their networks, and because our telecoms market is dynamic and competitive, providers range in scale from multinational giants such as Vodafone down to innovative local start-ups. We want therefore to ensure that the code of practice is proportionate, and that public telecoms providers take appropriate security measures.
I will touch as briefly as I can on how we intend to achieve that proportionality through a tiered system. Tier 1 will contain the largest national-scale public telecoms providers. Should any of those providers have a significant security incident, it could bring down services to people and business across the UK. Those operators will have the greatest level of oversight and monitoring from Ofcom. Tier 2 will contain medium-sized public telecoms providers. Those providers may not be as large, but in many cases they are critical to regions and to business connectivity. They are expected to have more time to implement the security measures set out in the code of practice.
Tier 3 will contain the smallest public telecoms providers, including small businesses and micro-enterprises, which, of course, must also comply with the law. They are not anticipated to be subject to the measures in the code of practice, but will need to comply with their legal duties as set out in new sections 105A and 105C, and in any regulations. Our expectation is that Ofcom would regulate those providers more reactively.
New section 105F describes the process for issuing a code of practice. When the Government publish a draft code of practice, we will consult with industry, Ofcom and any other appropriate persons. Specifically, publishing the first code of practice will include consulting on the thresholds of each of the tiers that I have described and on the timings for their implementation. Following the consultation period, and once the code is finalised, it will be published and a copy will be laid before Parliament.
New section 105G gives the Secretary of State the power to withdraw a code of practice. Again, that will follow consultation with industry and Ofcom. A notice of withdrawal will be laid before Parliament. The legal effects of the code of practice are described in new section 105H. To be clear, the code of practice is guidance only; it is an important tool that operators should use to comply with their legal duties.
Matt Warman
The legislation places a duty on providers. Meeting the strictures of the code of practice would be the way of demonstrating that they were meeting that duty as an initial step, but of course, we see individual companies making decisions, for a host of reasons, to exceed codes of practice in every area of regulated life,
and I would expect that to continue in the area in question as well.
Where relevant, provisions in a code could be taken into account in legal proceedings before courts or tribunals, which I think gives some sense of their status. That would include any appeals against Ofcom’s regulatory decisions heard by the Competition Appeal Tribunal. Ofcom will take account of the code of practice when carrying out its functions as required in new section 105H(3) in relation to telecoms security, as I have just described.
Under new section 105I, if Ofcom has reasonable grounds for suspecting that a telecoms provider is failing, or has failed, to act in accordance with a code, it can ask public telecoms providers to explain either how they meet the code of practice or, if they do not meet it, why. For example, if the network set-up of a particular telecoms provider meant that it could achieve a level of security equivalent to that in the code by other means, it could explain that in its statement responding to Ofcom. In such a case Ofcom might be satisfied that the provider was complying with its security details, but hon. Members will see that we are again trying to ensure a proportionate approach to the relevant part of the framework.
We believe that the code of practice will provide an appropriately flexible framework, which will be able to change as new security threats evolve, providing clarity for telecoms operators on what is required of them by this new telecoms security framework.
Chi Onwurah
I will not detain the Committee very long either, as we agree about the importance of codes of practice. I will not say that I am entirely reassured to hear of the statement being issued by Ofcom and the NCSC on how they will work together, but I certainly think that it is a positive development, and I hope we will be able to see it before the Bill progresses to the House.
On the codes of practice, as my right hon. Friend the Member for North Durham set out, it is important that the sector should understand the standard to which it will be held. I have some concerns about the tiering system, because, as was made clear by a number of witnesses during the evidence sittings, all networks are joined up and we are only as secure as the weakest link. At the same time, it is important to have a proportional burden on new entrants as we indeed hope to diversify the supply chain.
I understand, although perhaps the Minister can clarify the point, that the codes of practice will not refer to the diversification of the supply chain, despite the fact that having a secure network—we shall debate this in more detail—is dependent on having a diverse supply chain. I have made the point a number of times, and will make it repeatedly, that the lack of linkage between the diversification strategy, implementation and the security of our networks is an ongoing cause for concern. However, having made those comments, I do not object to the clause.
Question put and agreed to.
Clause 3 accordingly ordered to stand part of the Bill.
Clause 4
Informing others of security compromises
Question proposed, That the clause stand part of the Bill.
Matt Warman
As with clause 3, I have already spoken to clause 4, addressing an amendment on this issue. It will be crucial that we ensure that the Government, Ofcom, public telecoms providers and their customers have the information that they need to understand when security compromises have occurred, and then use the knowledge to prevent compromises in the future. New section 105J requires that providers inform their users of significant risks of security compromises and actions that they can take to avoid or mitigate any adverse consequences.
We want to ensure that this is done in a transparent and open way, so the clause specifies that telecoms users should be notified in clear and plain language, and given a named contact they can get in touch with if they have any further questions. Giving users that information will help to ensure that, where possible, they can take swift action to protect themselves and raise broader awareness.
New section 105K requires security compromises to be reported to Ofcom. That information will provide Ofcom with insight into the security of individual telecoms providers and security risks across the landscape, enabling us to target its regulatory action more effectively. The Bill also requires that providers report pre-positioning attacks on the network. These are attacks that do not affect the network or service at the time but allow access that could result in further security compromises. These attacks pose real risks but too often remain invisible to a regulator.
Finally, under new section 105L, Ofcom is required to share information about serious security compromises with the Government. It may also share information on less serious compromises if, for example, it would help the Government with developing telecoms policy and future regulation.
The clause explains how Ofcom can share information about security compromise with other groups and organisations, and the Bill allows information sharing at Ofcom’s discretion with overseas regulators, other providers, telecoms users and, where appropriate, the wider public. It allows Ofcom to advise network and service users of the measures that they should take to prevent, remedy or mitigate the effects of the security compromises, to direct providers to give such advice themselves.
The clause ensures that the regulator has access to the information that it needs, and will help to ensure that the entire industry is aware of new and evolving risks and can respond accordingly—be that a customer changing their password or an operator tightening its defences against a new attacker.
Chi Onwurah
I thank the Minister, as always, for graciously giving way. I will make this point later, but I want to give the Minister the opportunity to consider how the requirement for Ofcom to notify users might work with the Information Commissioner’s requirement on data controllers to also notify users when there is a data hack.
Matt Warman
Obviously, there could be an overlap in those notification requirements, but our expectation would not be that anyone would receive multiple notifications. That is why there is an emphasis on the nature of communications being clear and obvious to laypeople.
Mr Jones
Speaking gives me an opportunity to take my face mask off. I will make a few points about clause 4, which is broadly welcome because it clarifies for operators what their responsibilities are, not just from a national security point of view but from a consumer point of view. I think there is an issue, though, which my hon. Friend the Member for Newcastle upon Tyne Central raised.
Again, I do not want the Minister to respond now, but I think the crossover with the Information Commissioner might be one area that we need some clarity on. Is there an example of this? Yes—the TalkTalk case. People might look at this Bill and think national security is about the Russians or the Chinese hacking, but that was a criminal act that led to a lot of people’s data being compromised. From a constituency point of view, as any Member of the House at that time will know, trying to get TalkTalk to do anything about that, in terms of the losses that people incurred, was virtually impossible. That is why these clauses are so important.
Chi Onwurah
We are cracking on at such a pace that I lost my place somewhat. I had forgotten that we are now discussing clause 4. My apologies, Mr McCabe.
My right hon. Friend the Member for North Durham has already addressed some of the points that I wanted to make, but let me say that we welcome the duty being placed on providers to report security incidents. I have long campaigned, in relation to cases such as the TalkTalk incident, to make that duty clearer and more comprehensive regarding the information that needs to be shared with users and those who are affected, and for them to have some kind of right of redress, which is effectively part of the Bill.
I welcome the requirement in clause 4 to inform others of security compromises, but will the Minister provide more clarity? There is some indication of the range of actors that the providers and Ofcom must inform, but I do not feel that there is an understanding of the level of information that will be shared with different actors. For example, if the public are to be informed of a security breach, compared with the requirement from the Information Commissioner’s Office, which, as I said, actually goes far enough, what level of information might be shared with other actors, such as other networks? My right hon. Friend talked about who else might be informed. It is also clear that the sharing of information will probably need to evolve over time, as the nature of compromises and their potential reach changes. I wonder how these requirements might be adapted to reflect that.
I will just say a little about the sharing of information with overseas regulators. If that is clearly set out in the Bill, I am unable to find it. Presumably, such data sharing will still have to conform with the requirements of our data protection legislation. Will it also reflect international data-sharing gateways for criminal prosecution purposes?
Those are just some general comments. We welcome the clause.
Matt Warman
I will reply briefly. On the point about compensation, essentially new section 105W of the Communications Act 2003, which is inserted by clause 8, covers the civil liability point, which I think opens the door that the right hon. Member for North Durham seeks to open. Then there are the notifications to industry of what is essentially best practice and recent threats. Of course, as he implied, there is a balance to be struck with the existing work of all those involved, but ultimately it would feed into the codes of practice, so there is both an informal and a formal mechanism, if I can put it like that.
On the hon. Lady’s final point about the international sharing of information, it would depend on the nature of the information, as she implied. Some of it would pertain to national security, and some of it would pertain to the kind of criminality that she has spoken about about, where there are existing provisions as well. In that sense, of course, it is all covered by our own data protection regime, which has the sorts of carve-outs I have just described but operates in that holistic framework.
Mr Jones
I raised the point, as did my hon. Friend the Member for Newcastle upon Tyne Central, that we are asking operators to inform individuals about data compromises. That is welcome, but as my hon. Friend said, there might also be a breach of the Information Commissioner’s regulations, and we just wanted to get some idea of how the two would mesh together. I do not expect the Minister to know now, but could he write to us to say how the two would interact?
Matt Warman
As I said in response to the hon. Lady, there is obviously a potential overlap. The focus of this Bill is on clarity of communication to the consumer, but I am very happy to write to the right hon. Gentleman or the Committee with further details of that potential overlap.
Chi Onwurah
The Minister is being incredibly generous with his time. To clarify what we are hoping to receive, as he has indicated, we would not want the ICO to be sending out notifications to 2 million people who had been affected by a hack, and Ofcom to be doing that as well. We would expect there to be co-ordination in that regard, and we would just like to see that set out.
Matt Warman
I am very happy to do so. I think it is obvious that clarity of communication would be incompatible with duplication.
Question put and agreed to.
Clause 4 accordingly ordered to stand part of the Bill.
Clause 5
General duty of OFCOM to ensure compliance with security duties
Christian Matheson
I beg to move amendment 11, in clause 5, page 9, line 41, at end insert—
“(2) Providers of public electronic communications networks and public electronic communications services must notify Ofcom of any planned or actual changes to their network or service which might compromise their ability to comply with the duties imposed on them by or under sections 105A to 105D, 105J and 105K.”
This amendment would require providers of public electronic communications networks or services to notify Ofcom of any changes to their network or service which might compromise their ability to comply with their security duties.
It is a great pleasure to serve under your chairmanship, Mr McCabe. Since this is my first substantive contribution to the Committee, I pay tribute to the Front Benchers. It is nice to have a Minister who, I believe, was formerly a tech journalist specialising in telecoms, and who knows the subject well. Of course, the shadow Minister, my hon. Friend the Member for Newcastle upon Tyne Central, was a telecoms engineer and an Ofcom regulator for many years, and I pay tribute to her and her staff. The Committee should know that in addition to running this Bill Committee from the Opposition’s side, she has also been working in the main Chamber this week on the National Security and Infrastructure Bill Committee. Juggling two Bills at once is no mean feat.
I have also greatly enjoyed the interplay between my right hon. Friend the Member for North Durham and the hon. and gallant Member for Bracknell, both of whom have considerable national security experience. I was intrigued by my right hon. Friend’s estimation of the hon. and gallant Gentleman’s intervention as Schrodinger’s intervention—one that managed to be simultaneously right and wrong. He has set a new standard there.
From listening to the debates on previous clauses, it is clear that a common thread passes through the Bill, which we in the Opposition have been hoping to link up. Partly, it is to do with the question we raised earlier about the assumption that everybody understands exactly what the intention in the Bill is, and that everything will be all right in the long term. My right hon. Friend the Member for North Durham has talked about the importance of making things as clear as possible when it comes to responsibilities, because a future Minister might not be as adept in this subject as the hon. Member for Boston and Skegness, who currently occupies that position. In a sense, that is the heart of amendment 11.
Chi Onwurah
I rise simply to support the excellent speech made by my hon. Friend the Member for City of Chester. I thank him for his very kind words. In the amendment, he makes an important contribution in ensuring that Ofcom knows what it needs to know and in putting the onus more firmly on the network providers. I simply ask the Minister to respond to the points that my hon. Friend made in his concluding remarks about being forward-looking.
A challenge for us as a nation in securing our networks during such fast-paced technological change is looking backwards to the problems we have had rather than forwards to the evolving and new threats. During the evidence sessions, we were accused of fetishising 5G as if that was the only security challenge, because of the visible problem with Huawei, and that we were not looking more broadly. I admired Ofcom during my time there because it was set up to be a forward-looking regulator. To achieve that aim, when it comes to the sweeping new requirements around security that are placed on it under the Bill, it needs to be able to see what changes are happening and are likely to influence future evolving threats. To do that effectively, amendment 11 requires the network providers to notify Ofcom of planned or actual changes.
It is worth remembering that—I made this point earlier—if BT had been required to notify Ofcom or another body of changes to its network as Huawei moved to a greater and more dominant position in its network, that might have rung alarm bells more generally. We have also already mentioned the shift that we are seeing on the importance of software and software configuration and services in controlling the network. Requiring providers to notify Ofcom of planned or actual changes to the network would make that evolution more easily visible and therefore provide Ofcom with greater visibility of how all our networks are evolving and what new threats may arise as a consequence.
Matt Warman
The amendment would add to the general duty in clause 5 that places on Ofcom the duty to ensure that providers comply with their security duties. The duty as written in the Bill makes clear Ofcom’s increasing role. The duties imposed on public telecoms providers in the Bill are legally binding, so as the Bill is written providers should not be taking decisions that would prevent them from complying with those duties in the future. If they were not to comply, they would be in breach of their legal duties and liable for enforcement action, including the imposition of the significant penalties set out in the Bill.
The underlying purpose of the amendment—that Ofcom should take a proactive role in regulating the regime—is already core to what is in the Bill and the Government absolutely agree with the principle that the hon. Member for City of Chester set out. We need to ensure that Ofcom has the tools to be forward-looking so that, in a world of fast-changing technologies and threats, it can understand where operators are taking their networks and how that will affect their security. That is an absolutely essential part of the Bill.
James Sunderland
Does the Minister agree that the Bill in its current form is prescriptive enough already?
Matt Warman
I think the Bill is perfectly drafted down to every comma and punctuation mark. To be slightly more serious, what we have sought to do in the drafting is to strike the balance between proportionate regulations and the overarching requirements for national security. That is the balance that we have struck and it is exactly for that reason that we already do in the Bill what the hon. Member for City of Chester and the shadow Minister seek with the amendment.
In section 135 of the Communications Act 2003, as amended by clause 12, Ofcom is already allowed to require information from providers about the future development of networks and services that could have an impact on the security of the network or service they are providing. That would enable Ofcom, for instance, to assess the security risks arising from the deployment of a new technology or from the proposed deployment of a new technology. For those reasons, I hope that the hon. Members are reassured not just that the Bill does what they seek, but that previous drafts of the Communications Act already did so.
Chi Onwurah
I thank the Minister for giving way; in doing so, he shortens what I will say later. I think the Minister is saying that Ofcom has the power to require information, which is true, but the amendment is about providers proactively giving that information. Ofcom cannot request information about a change to the networks that it does not know is happening. I am hoping that perhaps what the Minister is implying is that he would expect Ofcom regularly to review what was changing in the networks and therefore make those requests for further information. Could he clarify that point?
Matt Warman
The sort of horizon scanning that the hon. Lady describes is core to all essential regulation, and the relationship that Ofcom has with those whom it regulates promotes the ability to have such conversations. But as I said, the key point is that an operator that proposes knowingly to introduce a risk into its network would clearly not be complying with the statutory provisions of the Bill. That is the essential nub of the issue.
Matt Warman
I enjoyed the semantic gymnastics by the hon. Member for City of Chester as he tried to expand the scope of the Bill, but I shall try to stick to what is in it. There is a lot of consensus across parties, so I shall resist the temptation of saying that £50,000 is a demonstration that Labour is willing to put a price on national security, which this party will never do, but I understand the points that he makes on both fronts.
The clause provides Ofcom with strengthened powers, including powers to give assessment notices to a provider, that are vital to enable it to fulfil its expanded and more active role. Assessment notices are an important new power in the regime that will give Ofcom tools to assess fully a provider’s security and the extent to which it complies with its security duties. It is Ofcom’s intention that when assessing a provider’s compliance, its first port of call would be to use its information-gathering powers under section 135 of the Communications Act 2003. Ofcom would then use its power to give an assessment notice if it wanted to check the veracity of the information or to follow up a security concern. While Ofcom will therefore use its powers in a targeted and proportionate way, it is also the case that a provider with good security practices would expect to be subject to a lighter-touch assessment. Providers’ duty to bear the costs of assessments will therefore have an incentivising effect.
The amendment would insert a new subsection into new section 105N, limiting the costs that Ofcom could incur in carrying out an assessment. Fundamentally, a hard cap of any sort will always be an arbitrary number which will potentially put an additional hurdle in place. It might be necessary for some of those tests to require genuinely extensive assessment—penetration testing, or red teaming, as exercises are sometimes called, where penetration tests mimic the action that an attacker might take to access the network. Those attacking actions may of course be from sophisticated sources, and the costs of mimicking them in an entirely legitimate way could be substantial; but it is right, in the interest of national security, that Ofcom does not reduce the quality of its testing. We would not seek to limit that either, notwithstanding its independence.
I can offer the Committee some reassurance, however, that Ofcom’s assessment costs will not be excessive. It has a general duty to act proportionately and to follow other principles representing regulatory best practice. Finally, a provider’s duty is to pay only such costs as are reasonably incurred by Ofcom in an assessment, so there is a balance there.
As to the proposed new subsection that would limit those able to carry out assessments to Ofcom or a UK Government agency, the assessments, as the hon. Member for City of Chester knows, may be complex and need specialist skills. Methods such as penetration testing might need specific technical skills and we should not limit Ofcom in that way. However, we should also bear in mind, as the hon. Member for Newcastle upon Tyne Central mentioned, that the independence and expertise of Ofcom is the greatest bulwark against such entirely unfounded but legitimate concerns as those raised by the hon. Member for City of Chester, about who might be appointed by this or any Government to carry out a task in the national interest. None of us would want—and I do not suggest that the hon. Gentleman is doing this—to get into the business of questioning Ofcom’s independence in performing the tasks in question.
Chi Onwurah
I am somewhat concerned at the implication of what the Minister says. We cannot put a price on national security, and Ofcom has a role. In an evidence session, Ofcom’s representatives said that although its role excludes any question of its making security decisions, it would ensure compliance, yet now the Minister seems to be saying that Ofcom will not have the skills to ensure compliance. I agree that there are specialised skills. Penetration testing, for example, is a specialised skill, but I would argue that it is a skill that Ofcom should take on as part of this new remit. I say again to the Minister that the skills needed to ensure compliance should be within Ofcom’s remit, or should be better defined.
Matt Warman
Ofcom itself is best placed to exercise discretion as to whether it should carry out those assessments in-house, or whether it should have the flexible capacity to have the capability brought in as necessary. Ultimately, I do not think that anyone would wish to prevent Ofcom from having the ability to do what it thinks necessary by forcing it to use in-house staff only, because we cannot predict the future, as Members on both sides of the Committee have highlighted. Although the cause that the hon. Member for City of Chester is pursuing is a noble one, its unintended consequence would be to constrain Ofcom in both the expertise that it has at its fingertips and the costs that it might incur. We would not want to limit Ofcom’s discretion to make those decisions as an independent organisation.
Chi Onwurah
Actually, the amendment would not limit Ofcom’s discretion to bring in additional resources or skills. It would limit Ofcom’s discretion to Government agencies or organisations within the public sector, which, on matters of national security, we should be able to do.
Matt Warman
If the hon. Lady were right, the only people from whom we would have heard evidence over the last few days would have been public sector employees. She knows just as well as I do that the cyber-security sector is a vast mesh of public and private expertise, which is inevitable given that we have private networks offering communications services. Although I understand her point, and I am all for Ofcom having as much expertise as it needs to do its job properly in-house, I simply do not think that we should constrain what it can access in the way that the amendment would.
On this, I think we probably agree on far more than we would perhaps like to admit, but the reason that this is a probing amendment, as the hon. Member for City of Chester said, is because imposing artificial constraints would not be beneficial to Ofcom’s work. We understand what he said, however, and in broad terms, the Government agree.
Christian Matheson
I am grateful for the debate and for the Minister’s response, but I do not intend to press the amendment any further. I beg to ask leave to withdraw the amendment.
Amendment, by leave, withdrawn.
Matt Warman
I will go very briefly over the diversification strategy, which is essentially a £250-million initial tranche of investment to diversify the UK network, with a focus, to a certain extent, on open RAN, as the hon. Lady said. On the information that she would require, I agree with her so comprehensively that the provision is already in the Bill. Section 135 of the Communications Act 2003, as amended by clause 12—she is right that the provision is not in this clause—provides Ofcom with the power to gather information on diversification where Ofcom considers the information necessary for the purpose of carrying out its functions. Clause 12 specifically provides that such information can include information concerning future developments of a public electronic communications network or public electronic communications service that could impact on security. As I said, I agree with her so comprehensively that we had already foreseen the issue and the provision is already in clause 12. The addition of it to this clause would not change that fact. I hope that that provides—
Chi Onwurah
I thank the Minister for those comments. He says that the provision is already in clause 12. This is obviously down to my lack of studying, and I thought that I had studied every line of the Bill, but where specifically does clause 12 refer to diversification of supply chains?
Matt Warman
The approach that we have adopted across the Bill is that powers such as those in clause 12 are more than wide enough to cover exactly what is needed. What I am essentially saying, I suppose, is that the legal interpretation of clause 12 absolutely does what the hon. Lady seeks, because it is an absolutely essential part of one of the purposes of the Bill. That is why I hope she can take the necessary comfort to withdraw her amendment.
Matt Warman
I am very happy to write to the hon. Lady to clarify why it is our belief that the Bill does that. What I would say is that the kind of specificity that she seeks would have the unintended consequence of narrowing what we do, rather than retaining the broad powers that we have in the Bill. As has been the case so often today, we do not disagree on the intent that she is seeking to obtain, and that is why the Bill is drafted as it is. As I say, I am very happy to write to her to try to clarify some of that.
Chi Onwurah
We all agree that the Minister is someone whom we like and who has the best intentions. On that basis, and on the basis that we can table further amendments at this stage or on Report if his letter of reassurance should not be sufficiently reassuring, I beg to ask leave to withdraw the amendment.
Amendment, by leave, withdrawn.
Ordered, That further consideration be now adjourned. —(Maria Caulfield.)
Telecommunications (Security) Bill (Third sitting)
Matt Warman ExcerptsTuesday 19th January 2021
(3 years, 3 months ago)
Public Bill CommitteesRead Full debate Telecommunications (Security) Act 2021 View all Telecommunications (Security) Act 2021 Debates Read Hansard Text Read Debate Ministerial Extracts Amendment Paper: Public Bill Committee Amendments as at 26 January 2021 - (26 Jan 2021)
Chi Onwurah
Q
Emily Taylor: Generally, our standard of security across the board is not as high as it should be.
Professor Webb: I realise that Chi had also asked me how the UK can strengthen its ability to provide diversified supply chains, and I did not address that.
I want to pick up on something Emily said as well. I think she is absolutely right—the UK has a great number of really excellent engineers, both in universities and in leading consultancy-type organisations. Here in Cambridge there is a plethora of wonderful consultancies and start-up companies. In my experience, the biggest problem is actually finance. To try to raise the finance to get a start-up company off the ground, particularly one that sells to operators who have huge purchasing power and tend to squeeze all their vendors—quite naturally—is very difficult in the UK. It is much easier in the US. Addressing the ability to provide finance for those kinds of entities and, to Emily’s point, allowing them to exist for many years rather than to be bought as part of that financial process would help more than anything else, for the UK to grow its own major players in this space.
The Parliamentary Under-Secretary of State for Digital, Culture, Media and Sport (Matt Warman)
Q
Professor Webb: Yes, I think there is a balance. I do not have strong views on that. The legislation appears to be sufficient and flexible in this space. I think the issue is the way it is implemented, and particularly the downstream actions of the Government and of Ofcom might need a bit more care.
Emily Taylor: The legislation is creating a framework, and a lot of that will be filled out through statutory instrument and the codes of practice that are envisioned. I imagine the codes of practice will reflect the TSRs to a large degree. Thinking particularly about how the legislation might impact on the wish and the essential need to diversify, it imposes very high levels of liability for providers, and almost unlimited duties on everybody for the smallest infractions. That is William Webb’s point about proportionality.
As the measures come to life through secondary legislation, codes of practice and the actions of Ofcom, it is going to be very important that there are checks and balances. I am not sure whether the Committee is hearing from any civil society groups, but I am sure they would be worried about the very wide discretion for the Secretary of State. There is a lot of concentration of power in the Secretary of State and, perhaps, insufficient safeguards, as things are currently drafted.
Also, on the provisions that relate to the identity of the supplier—the nationality—rather than the qualities of security, which I think are the more relevant points, of course identity and nationality can be relevant, but there may need to be more of a look there to ensure that we are on the right side of potential risks of discrimination.
Matt Warman
Q
The Chair
You will both get a chance. We will go to Professor Webb.
Professor Webb: I am certainly all in favour of placing the requirements on those best placed to deliver them. For diversification, that is certainly the operators. I talked a bit about how you could, for example, offer them some financial incentive to have a more diversified supplier base. That would make some kind of sense, given that this would add costs to their management of the network.
In terms of security, I think it is a bit more difficult to see how that one might follow. I can imagine that there might be certain security issues where, for example, the decision might be made that a replacement is needed for a certain component in the network, or that they need to purchase some additional elements, and then you might imagine that it might help to have some sort of financial incentive to do that. But I think that would be on more of a case-by-case basis—I cannot see a clear, catch-all type of approach that would enable that.
Emily Taylor: I very much agree with what Professor Webb has said. Indeed, one of my reflections on the draft Bill is that it is very much at the stick end rather than the carrot end. Maybe we will start to see a bit more of the incentives coming through as the detail is filled out. But I think that thinking about incentives would very much reflect the close working relationship that there has historically been between the industry and Government. That is not the case in every country; it is actually a benefit in this case.
Security is expensive, and it is also long term. The telecoms supply chain review last year put it very accurately: the market does not reward investment in security—quite the opposite—so I would hope that there would be some recognition from Government about what is needed. I do not think that the investment in the diversification strategy is nearly going to match the investment that is required by the mobile providers who—yes, they are very successful large companies—have not had the great decade that, say, the Googles of the world have had in terms of their margins. So you are asking an already squeezed sector to make substantial investments, and I think that is the place where you could be looking at incentives.
Sara Britcliffe
Q
Dr Drew: I believe they were. I have seen a lot of attempts to quantify the damage or impact of limiting our vendor net, as it were. With the removal of Huawei, I have seen multiple attempts to put a value to that—of the slowdown and having to go to different vendors. I am uncertain as to the accuracy of any of those, and I think that it would be very difficult to put a number on that in any useful sense.
My impression is that there is nothing that should stop us from being able to enact the goals of this Bill and the incentives to diversify the market, while also being able to develop and invest in the next stage of 5G use, which is its actual application, and to marry those two up together in a manner that provides us with both security and financial and economic benefit from putting these systems in place.
Matt Warman
Q
Dr Drew: I think what needs to be considered in that question is the type of resources that will be the hardest for Ofcom to acquire. I frankly believe it is not necessarily technology; I believe it is actually personnel. The edge that is given to companies that have already been mentioned in your hearings today—Google, Microsoft, Facebook et al—is not necessarily in the technology, but in those who design the technology. Those people are hard to come by at the level that we require them at. They are also very hard to keep, because once they reach that level of acumen and they have Google, Facebook or Amazon on their CV, they can pretty much choose where they go and, often, how much they ask for in the process.
I think the biggest issue that Government face—not only in Ofcom, but in regards to future technology policy—is attracting and keeping those individuals who can provide the services and understanding, as well as develop the tools, that a future Government will need. If you can demonstrate a way to capture that talent and retain it, I think that would go a long way to soothing any potential questions about whether Ofcom will be capable of meeting the requirements of this and other Bills. This goes across all Departments, I feel.
Matt Warman
Q
Dr Drew: Yes. I believe that this is potentially one thing where, as much as possible, greater co-operation between these Departments should be encouraged, to the extent that it is possible to do, given how the security dynamics of the different Departments work. Quite frankly, Government do not have enough of this kind of personnel and expertise. What you do have, you must ensure is used as effectively as possible. That means that you cannot let them languish in one silo or Department, when their expertise would be highly useful in another where suddenly they find themselves dealing with types of issues that are far beyond their normal remit.
Mr Jones
Q
I think the Minister is relying on good co-operation between the two organisations, but it is clear from the 2013 ISC report on critical national infrastructure and Huawei that civil servants with a bent for looking at economic development did not have their eye on the ball in terms of security, and they did not even tell Ministers about security concerns that were clear then.
Dr Drew: That is a fantastic question. The best way for me to phrase this is that I believe there is an imbalance that is natural to those who have a particular role within Government or the civil service. Those with responsibility for economic advancement will have a different take on the same issue from those of their colleagues with a security bent to their work.
I find this is a complex topic that needs to be balanced across those different interests. That is why I would generally lean towards co-operation between these groups as opposed to others. I also suspect—although, due to the nature of their work, I cannot be certain—that GCHQ and the NCSC have significant work already, which is only likely to increase. Although they might have the technical capability that Ofcom lacks, I am not sure they have the capacity to take on the sheer volume of work that this is likely to create. I would argue that, actually, more resourcing in general is required for whatever co-operative body is created to carry out the actions of this Bill and other Bills attached to it. That is needed.
James Sunderland
Q
Lindsey Fussell: It is probably worth saying that, from an international perspective, although there are some other countries—notably Germany and Australia—that have started to explore strengthening their telecoms security framework, I am not aware of another country that is quite as forward leaning in terms of the framework that is being put forward in this legislation.
In terms of the fines, this is an important point—those fines match the level that we are currently able to levy in relation to our other telecoms requirements, such as breaches of our general conditions. Previously, under our past responsibilities, our fines were limited to £2 million, so really quite a small amount compared with the wealth of the largest operators. I think it is appropriate that the telecoms security fines match what we are able to do elsewhere.
The final point I would make is that fining is an incredibly useful power to have because it acts as a significant deterrent and a strong incentive for companies to comply. It is actually not the first lever that we reach for, certainly not maximum fines; it is there and we are ready to use it if we need to, but our starting point would be to work with operators on this journey as they move towards compliance as they respond to new and emerging threats.
Matt Warman
Q
Lindsey Fussell: Yes, of course, I am very happy to do that. As you say, we have responsibility now to monitor and enforce compliance on security. The difference, which is why I think this legislation is so welcome, is that at present we do not have any obligations set out as to how operators need to meet those security requirements. It has been basically up to them to decide what is necessary. While many companies have invested very heavily in their security—I would not want to suggest otherwise—clearly there is a journey to go on and improvements that need to be made. It is very welcome that we now have this much clearer framework, so that operators know what they need to do and we can enforce against it.
The other point that is worth bringing out is that, at present, operators are under a requirement to report incidents to us, but the nature of that reporting tends to be around incidents that cause outages. We do get a lot of those—caused not just by cyber-security but by wind, weather and other issues. Quite a lot of cyber-security incidents are, frankly, precisely designed not to cause outages, because it is in the interests of the malicious actor to allow the network to keep operating while they do whatever they are up to. The new requirements on operators are to tell us not just if there is an outage but if there is an incident where they believe their system may have been compromised. They are wider ranging and welcome powers.
Matt Warman
Q
Lindsey Fussell: Absolutely.
Matt Warman
Q
Lindsey Fussell: Yes, so the way the legislation works, as you say, is that there is a primary duty on operators to promote security of their networks, and on us to enforce and monitor compliance against that. My understanding is that the secondary legislation will set out around 40 to 50 sub-duties on operators, which they will all need to meet—that is all operators and providers of electronic communications services.
Underpinning that, each of those sub-duties will be reflected in the code of practice, setting out the details of what the operators need to do to meet each of those sub-duties. As I explained earlier in relation to the questions we discussed on national security, we are entitled, as the regulator, to place quite a lot of weight on the national security judgments that the NCSC and the Government have made in drawing up both those sub-duties in the code of practice, in responding to the threats identified.
Telecommunications (Security) Bill (Fourth sitting)
Matt Warman ExcerptsTuesday 19th January 2021
(3 years, 3 months ago)
Public Bill CommitteesRead Full debate Telecommunications (Security) Act 2021 View all Telecommunications (Security) Act 2021 Debates Read Hansard Text Read Debate Ministerial Extracts Amendment Paper: Public Bill Committee Amendments as at 26 January 2021 - (26 Jan 2021)
The Parliamentary Under-Secretary of State for Digital, Culture, Media and Sport (Matt Warman)
Q
Dr Sellars: I would prioritise the funding in terms of where the vulnerabilities are in the network, in terms of the ability of the UK to fulfil those vulnerabilities and in terms of what markets it would open up. There are specific parts in the telecoms stack that are likely to be more vulnerable than others, where the UK has prime capability and where we could then develop an export opportunity. I can provide some more detailed answers in writing if that is helpful.
Dr Johnson: For my 30 seconds I would spend it on basic research, cementing the intellectual property position of the UK.
Heba Bevan: I would agree with Dr Sellars—Andy: we need to increase the amount of spending around vulnerability and strengthening the network. One other point is about spending it on areas outside the UK so it would generate more jobs around the north.
The Chair
Chi, I think you had something outstanding, and you have got just about a minute and a bit to do it.
The Chair
I am sorry we had to hurry you a bit, there, but we are trying to get through quite a lot this afternoon. Can I just thank all our witnesses for your evidence and the extra bits that you said you would possibly forward to us. That would be much appreciated. Thank you, on behalf of the Committee. That brings this session to a close.
Examination of Witnesses
Dr David Cleevely, Helen Duncan and Mike Fake gave evidence.
Matt Warman
Q
Dr Cleevely: Thank you, Minister. On the short-term stuff, I am very reluctant to dash in on some of these things. I have started a few businesses. It is always a mistake to try to spend money too quickly, because you do not quite know how it is working, but if you are asking me where I would specifically spend some money, I would start to spend it on groups of people and existing researchers, connecting them up, having seminars and workshops, starting to fund little bits of research, opening up some competitions, and getting some ideas for where the standards might be—putting oil in a mechanism that has seized up and become somewhat rusty.
With relatively little money—we are talking about nothing like Heba’s amounts that you need to spend on a fab plant—I think you could free up a lot of stuff, but you need to put in, at the same time, quite a lot of investment in monitoring all of that, so that you are learning from the process. There are a lot of brilliant engineers and brilliant people in the United Kingdom. My impression is that we do not do enough to connect them up, so my first action would be to use the catapults, the academies, our brilliant universities and fabulous corporations.
Honestly, as we have already heard, we have some marvellous stuff going on in telecoms manufacture. Start to bring those people together. That costs money to service and to actually make it work. That is where I would start, and I would have a framework for what kind of information we were going to get out of that, so that it was not just a nice party, as good as that is, or a talking shop. A distributed catapult would be one way of thinking about it.
Helen Duncan: I absolutely agree with what David has just said. I would also suggest one specific area where some intervention could be very timely, given that a lot of antenna engineers were made redundant just before Christmas when a company called Axell Wireless went into administration. Antennas have not been mentioned, but Huawei holds an awful lot of intellectual property in antennas. That will be a weakness going forward. In the past, we had some significant antenna capability in this country, most of which was bought up by Cobham, which has now said it has no interest in telecoms at all. It was because they sold Axell Wireless that it has now gone into administration. That is a specific case, but it is just one example of an area where it is not too late to reverse a particular trend.
Mike Fake: I completely support David and Helen’s comments.
The Chair
We have about 11 minutes left. I will go to Kevan Jones, who I think had a question that was prompted by a reply to the Minister. Then I will try to go back to Chi and to the Minister before we finish.
Matt Warman
Q
Dr Cleevely: Well, Minister, my instinct is not for the Government to not take stakes in companies, so I think that that is beginning a distortion of—
Matt Warman
That is perhaps not the phrase, but you get the gist.
Dr Cleevely: The primary way to do it is: first, let’s set the rules and regulations. Secondly, let’s put some pump priming into the networks to allow people to talk. Thirdly, let’s see if we can get the procurement sorted out so that these companies can actually get the lifeblood pumping through them. Fourthly, if you really need to, because of security or other strategic interests, are there things such as the British Business Bank or other mechanisms that can act as intermediaries? You do not want the Government directly intervening in this stuff. That is the hierarchy in which you deal with this. On exactly how that works in a particular case, I have not spent enough time thinking of a detailed response.
The Chair
I am afraid we have run out of time. I know we could have gone on a bit longer, but thanks very much to our witnesses. That concludes this session.
Examination of Witness
Doug Brake gave evidence.
The Chair
I am just going to interrupt you there. I am sorry, but I am conscious of time and I want to give the Minister a fair opportunity.
Matt Warman
Q
Doug Brake: I think there are two different opportunities. First, in the efforts of diversification, this is necessarily a globalised sector. The incumbents are massive companies with huge global economies of scale, so in order to transform the industry structure, it is going to have to be a global effort. We need all the countries aiming in this general strategic direction.
I think the document is sufficiently forward leaning. At a high level, one of the most important first steps is identifying this as a strategic imperative—that this is a goal that is shared by Governments across the world—and taking a genuine interest and focus, especially on the level of venture capital investment. Just the creation of the document is a hugely important first step. As for continued research, the real focus is on research and development and test beds. They are the key tools that we need to test and scale up, to identify real challenges and complexity.
I am not sure if this quite fits the answer, but there is a challenge around systems integration. We need to identify real leaders in systems integration. When you have real risk in pulling together different components from different suppliers, into what is essentially critical infrastructure, the risk of failure—at least, the downsides of failure—is extreme, so operators are often eager to have a single company that they can go to if something goes wrong, which can integrate all the different components. There is an important opportunity, to the extent that policy can help support those efforts.
There is all sorts of opportunity for global collaboration and for rowing towards the direction of this diverse supply chain. I think you have put together a very thoughtful piece in moving that forward. Then again, I go back to saying that this is not a silver bullet in addressing the long-term challenges around innovation mercantilism from China and Chinese companies. I think there should be more co-ordination and collaboration, especially when it comes to trade policy. Again, this is outside my area of expertise—I am 5G, specifically—but the more we can co-ordinate to be honest and up front about the real challenges and work to scale back the problem, the better.
Matt Warman
Q
Doug Brake: I think that this is absolutely the right direction to be moving in. Clearly, you need the tools to be able to analyse the risk, identify high-risk vendors and work away from potential security risks associated with that. So, absolutely, you need the tools, but there is always a broad challenge when it comes to cyber-security of the negative extra challenges, where private-sector providers might not always face all the downside of cyber-security breaches.
You can solve that by increasing the cost and increasing the downside to cyber-security risk. I think it is much wiser to help work with Government to lower the cost of doing cyber-security well. The UK, from what I can tell, is a real leader in this regard, setting up NCSC. To be able to work closely the private sector, to identify those risks and eliminate them, is much better than just turning up the dial on the downside to cyber-security breaches, or things of that nature.
I would tweak the Bill in that direction. I guess much of this can be done through implementing regulations, but, to my mind, focus more on collaboration and co-ordination with the private sector, rather than simply increasing the downside as well as the compliance costs with the legislation.
The Chair
I think that brings us virtually to time. Thank you, Mr Brake, for your evidence. That was the final evidence session for the Bill, so I thank all the witnesses. The Committee meets again on Thursday morning for line-by-line consideration. I believe that will be at 11.30 am in Committee Room 14.
Ordered, That further consideration be now adjourned. —(Maria Caulfield.)
Telecommunications (Security) Bill (Second sitting)
Matt Warman ExcerptsThursday 14th January 2021
(3 years, 3 months ago)
Public Bill CommitteesRead Full debate Telecommunications (Security) Act 2021 View all Telecommunications (Security) Act 2021 Debates Read Hansard Text Read Debate Ministerial Extracts Amendment Paper: Public Bill Committee Amendments as at 14 January 2021 - (14 Jan 2021)
Matt Warman (Boston and Skegness) (Con)
Q
Hamish MacLeod: My meeting following this hearing is with the operators addressing that very point. This is something that we want to work extremely closely with the Government on. We are meeting officials next week to continue the conversation on doing things such as setting out the road map for what needs to be done R&D-wise to develop open RAN, what needs to be done from the point of view of the test programme, and what needs to be done on the standardisation road map. We will be taking a very close interest, both as individual operators and jointly.
Matthew Evans: To add to that, I echo that we have had excellent engagement with the Minister’s officials. It is about keeping the momentum up while working with the grain of industry and making sure that we are getting the incentives on the supply side, in the R&D and in the testing, and also in the demand side. That is all about making sure that we have the right commercial incentives for operators, but also that we have the right skills and, if necessary, reinforcing the operators on some of those points as well.
Chi Onwurah
Q
Chris Jackson: We would not compete with Nokia and Ericsson in terms of standard RAN, but the whole idea is that we would look to bring open RAN technology. That is the direction that NEC is supporting. If you ask me whether we could step in today and provide that capability, we believe yes, we could.
Matt Warman
Q
Chris Jackson: First of all, thank you very much indeed, Minister, for support in that particular trial. We believe that this is very important, because it has given us the opportunity to showcase 4G and 5G open RAN capability with multi vendors, and we are doing it in supporting the share of your network, which we know is an important KPI for the UK Government, in terms of increasing that capability across the UK. They want to ensure that the investment is targeted at areas within the UK—where the UK will receive the most benefit—and, more importantly, or as importantly, an opportunity for a trial that brings multiple companies together. So, although NEC is leading this particular trial, we are working with a number of other companies to bring this overall solution together. That is exactly what open RAN is trying to embrace, and that is the way forward. We would be delighted to work with Mavenir; we are already involved with Mavenir as well. That is not a hurdle or obstacle for us.
Stefano Cantarelli: There are several angles. The first one is the neutral hosting. I would like to draw attention to the fact that we have already done work with British Telecom, two years back, on neutral hosting, so that has now been talked about for a long time. Also, you might have noticed in the market that companies—the one that comes to mind is Vilicom—have been doing this type of thing, where they deploy Mavenir infrastructure to provide neutral hosting capabilities. So, we are fully supportive and believe that this kind of funding is particularly important.
We understand that that there is some interesting funding. We are in discussion with DCMS. We are discussing some projects that we believe will boost a lot of the innovation in this space. For example, we are trying to get funding for our R&D activities for open source software that could boost the availability of radio units. We say that the radio unit is hardware, but in reality there is of course a bit of software on top. This type of software, which is mainly interfaced towards the rest of the software and the control of the operation and maintenance activities, is not differentiated for each radio unit; it is just standard. By having an open source like that, you can fundamentally get the radio vendors to focus on their IPR for analogue development and being able to produce a radio unit with different frequencies, as Pardeep said before, which we believe could boost the market. That type of funding is particularly useful, because it is aimed at boosting the market and giving availability in the open RAN of these radio units.
I would also like to add that most of the frequencies that are used today in the UK are available in our view for open RAN, so I do not see that as a problem. But that type of investment is particularly important—in R&D—so the trial that you have funded in the first round of the 5G Create programmes is particularly useful to get learning and experience. As I said, in the SONIC, we are particularly active, although that is not a 5G Create programme but a different one. We believe that in the second round, you can focus on funding some R&D specifically to boost the ecosystem of the open RAN.
Matt Warman
Q
Stefano Cantarelli: First, remember that, as John mentioned, we acquired ip.access, which is a British company that has been in hardware for some time, so there is still space for hardware as well. Software is definitely where the majority of the innovations are. That is particularly clear—Chris mentioned this—in the IT space, where they moved from generic servers. I want to reinstate that, with servers generically available everywhere. The whole thing has really flipped on to different software. That will definitely boost the ability of a lot of companies to bring innovation.
As we always repeat, competition means innovation, and innovation is the only way. Many years ago, I was part of Vodafone. I built the 3G network for Vodafone in the UK, and at that time I had only one supplier in my network—I will not say who. I introduced another one, and it was only then that the other suppliers started to be active. Some legacy suppliers—I would say most of them—start to sit down and lie back if they are the only one in the network, because there is no motivation. From my experience from all these 30 years, that component is so important.
Chi Onwurah
Q
Stefano Cantarelli: Let me just address that initially before anyone else. We are a supplier in other places in the network, so they consider us a reliable supplier. We supply voice services, messaging services and everything else. You mentioned the initial deployment of open RAN by Vodafone this morning. That relates to us, because we are the supplier that it has deployed and is continuing to deploy. We are actually deploying sites for it.
I think that you have to look at two aspects when you are on an operator’s side. I am speaking from experience. It is not just about the technology; it is also about your processes and how you are able to move forward and change your mindset. I think that operators have a lot of complexity. We sympathise with them, of course—it is not an easy environment—but there are a couple of mindsets that they need to over-pass, if you let me use that word.
First, the world is changing. It is not hardware and software together; it is software and hardware disaggregated, and that of course requires some different capabilities. It is the same as when we passed from circuit voice to packet voice. Some people here may not get the example completely, but it is just a different point of view. That does not mean that it is more complex or whatever; it is just a different point of view, and you need to change. We know that change is not an easy thing. That is the first aspect that we need to take into consideration.
The second aspect is that, despite the technology that is available, you still need to consider the in-life service that you need to swap over. You have to consider that you did some planning or design based on certain principles that were available before, and you need to rethink how you are going to do that. For example, most of the 5G deployed today just uses additional frequencies on the existing sites that they have deployed with 4G, 3G and 2G. This is not what I consider full 5G, with all the characteristics of low latencies and so on. You need to start to think about the densification of sites. The Government can help a lot—with policies, by helping to define new capabilities, and by allowing the operators to change their architecture by enabling them to get more sites, and get permits more easily to build new sites.
These sites will not be like sites today; on these sites, there will be lot of carriers, a lot of technologies, and a lot of frequencies. As Pardeep said, a site today is probably just a radio unit that connects, through an internet connection—not necessarily just fibre—to a software data centre. These things are more important, and they are the reason why, although operators are in the middle of that transformation, it is taking a bit of time.
The Chair
I am just going to go to the Minister; if there is time, I will come back. Minister.
Matt Warman
Q
Julius Robson: I think it is important. What we are looking at in the 5G era is the application of mobile technologies for specialist industries, and it is entirely relevant that those industries have their own requirements for security and other requirements that apply on top of what is necessary in the basic mobile network. I do not think we need to duplicate that effort. Where we are using mobile in certain scenarios, the scenario should define the requirements. The base level of mobile connectivity should be something suitable, and affordable, for the consumers and the masses.
Dr Bennett: I am aware of the work you have been doing on security for the internet of things. I think it is complementary and extremely important. Everything should have security by design in it. It is very important to cover these types of points.
Matt Warman
Q
I would have expected you to say, if I can put words in your mouth, that you would like the agility of the regulator’s ability to update those codes of practice, to be able to say to networks, “This is what secure looks like. If you are complying with these kinds of codes of practice, then we will be able to understand that you are meeting the requirement.” You seem to actually be saying that you want greater rigidity. I am interested to understand whether you would like the codes of practice to have the flexibility offered by the writing from the regulator or whether you would like to see them on the face of the Bill.
Dr Bennett: I think we actually want both. There should be mention in the Bill of some of the ones that I think are key, so that people realise that there is going to be a code of practice on that they should follow. It is very important to be able to be agile and to get early information, from something like a technology reference panel, about things that are coming along, in order that you think about them before they get attached to the network. Trying to do it after you have attached something to the network is frankly a nightmare, so you need to be anticipating. It is not clear that there are mechanisms for that anticipation in the Bill.
Given the SolarWinds Orion hacking, which is a recent example of something that will take a long time to sort out and is precisely what you do not want to happen in the future, it would be sensible to get someone like NCSC to test whether the things in the Bill, and things that should be in the Bill, would have enabled the mitigation of that problem to happen faster than it has. The Bill ought to be doing something like what the Americans are doing in response to that now. The Government should consider a rapid response, co-ordinated unit to deal with similar incidents in the future, because they will happen. That is the kind of thing that ought to be in the Bill to say, “This is how we are going to be able to mitigate these problems when they happen, as quickly and sensibly as possible.”
Matt Warman
Q
Dr Bennett: Yes, and anticipating things as early as possible.
The Chair
Chi, we have time for another quick question. I think you had a point that you wanted to come back to.
The Chair
I am going to interrupt you. I am sorry, but I want to let the Minister get a last question in. My apologies.
Matt Warman
Q
Dr Steedman: Thank you, Minister. I might suggest that this is very much a matter of horses for courses. There is a range of organisations. I mentioned the ORAN-ALLIANCE; that is clearly one. We know, obviously, about 3GPP and the role of ETSI and 3GPP; that is another. And there may be roles for the formal bodies. We need to discuss the ITU-T, the UK participation in ITU-T and how we can strengthen that. With respect, this is an area that we need to work further on; and in the diversification taskforce, we are talking about the detail of that and how we might approach it from a United Kingdom perspective.
I am optimistic that the initiatives that have been taken today with the diversification taskforce, under Lord Livingston’s leadership, are going to produce for you really quite powerful ideas and initiatives to be taken forward in the years ahead. This is possibly the first time that the UK has really co-ordinated its input in this way to try to achieve some industry transformation and behavioural change.
The other areas I have mentioned, Minister, that are really important are in the area of procurement. This is not just about the technical standards; it is also about the way standards are used in the supply chain to stimulate behaviours and to enable SMEs to participate, rather than our just being locked into large-scale providers. I am very keen that we should comment on and discuss that, and those standards are not in the technical environment; they tend to be more in the business environment, where the UK has a very strong position already in global business standards. So there is another tool in our tool shed, to be used when we come to looking at shaping the market. I am looking forward to discussing that further with you in the taskforce.
Matt Warman
Q
Charles Parton: I cannot possibly deal with this in one minute. Obviously, telecoms is a very crucial—an increasingly crucial—part of critical national infrastructure, so they are very closely linked. It goes back to what I was saying earlier. There is this question of where in the science and technology field and our research and development we allow ourselves to co-operate with China, given that its attitude is one, I think, that is really quite risky. So, when the DCMS talks about the extremely fine idea of setting up a national telecoms laboratory, I do hope that, in setting it up—it talks about co-operating widely internationally—it takes that sort of thing into account, too. I think that there will have to be great restrictions there.
This might be another example. I am well out of my field here, but we have designated high-risk and non-high-risk vendors, but what happens if some of the Chinese—they do not have to be Chinese—higher-risk vendors try to sneak under the wire by purchasing or using proxies? Again, I think that needs to be considered.
The Chair
I am afraid that brings the time for this witness session to a close. I think that we could all have done with a bit longer with both of you gentlemen, but thank you very much for your evidence. We are extremely grateful to you. That brings the formal part of the proceedings to a close.
Ordered, That further consideration be now adjourned. —(Maria Caulfield.)
Telecommunications (Security) Bill (First sitting)
Matt Warman ExcerptsThursday 14th January 2021
(3 years, 3 months ago)
Public Bill CommitteesRead Full debate Telecommunications (Security) Act 2021 View all Telecommunications (Security) Act 2021 Debates Read Hansard Text Read Debate Ministerial Extracts Amendment Paper: Public Bill Committee Amendments as at 14 January 2021 - (14 Jan 2021)
Chi Onwurah
Q
Derek McManus: Basically, we have not seen anything directly like the UK legislation, although various forms of it can be seen internationally. The second question was on standards. We operate in 23 countries, and as you can imagine, their standards are key to us. We hold a lot of expertise, from a Telefónica group point of view, that the UK team is able to rely on and work with to ensure that we are at the very edge of developing the right standard.
Andrea Donà: As the Government plan to take a lead in enhancing the minimum security requirements, and in diversifying their telecoms strategy, we as a global company are happy to support the standard setting, and to advise on the practical implementation of the additional security requirements.
Patrick Binchy: I refer to Derek’s answer. We have a very similar position with regard to the UK legislation: we have not seen quite the same in the other countries. On standards, we play an active role, and we have a number of UK staff who act actively in standards setting.
The Parliamentary Under-Secretary of State for Digital, Culture, Media and Sport (Matt Warman)
Q
Andrea Donà: We need the clarification that I mentioned of what is, and what is not, in scope, so that we have absolute clarity from the word go. We all work together to understand the profile of that implementation. It cannot be a big bang—everything complying from day one. We obviously need to do a detailed risk assessment of the areas that we need to work on immediately on the Bill’s coming into force, and of what can afford to be done at a secondary stage, based on the risk assessment and the risk management analysis of the various assets in our network.
Derek McManus: As I said in my opening remarks, collaboration to date on getting the Bill to this stage has been positive. We should continue that. My request is for flexibility to help us execute effectively, while balancing the other demands on the industry.
The Chair
You have 30 seconds, I am afraid, Patrick Binchy.
Patrick Binchy: Again, very similarly, we have to balance good connectivity with security. We are confident that our plans will meet the needs, but we will continue to work with Government and security on how we achieve and deliver that. It will be challenging, but we are confident that we can do it.
Chi Onwurah
Q
Alex Towers: I think they overlap and that is one of our questions about the drafting of the Bill. There is clearly a relationship between those two things, and the concern about the timeframes for the removal of Huawei, for example, has been partly about ensuring that we have operational resilience during what is going to be a very complicated engineering programme to take out all its kit without losing resilience, in the sense of outages and blackouts for customers. Some of the Bill’s provisions talk about outages, but there is a difference between outages for operational maintenance and updating of kit and outages because of a security issue or attack. It is going to be quite important to pull those threads apart a little bit.
Howard Watson: On the vendor point, to summarise the approach that we are taking, we stopped purchase at the end of December, we will stop deployment in September of this year, we get down to 35% by two years hence from the end of next week, and then we have it removed from the mobile network by December 2027. I think that timeframe works well for us with introducing effectively a third supplier into our mobile network in terms of that 2027 point. It certainly helps mitigate any future steps in terms of a two-to-one.
I would not bank on it taking a full eight years to have an open RAN opportunity. As we heard from Andrea, colleagues at Vodafone have already started deployment . The real challenge there is about being able to use open RAN in dense urban areas where the technology works at its hardest, shall we say.
On your final question about research, we are in the top five investors in R&D in the UK—we invest in excess of £500 million a year across both research and development. In fact, the only companies that research more than us in the UK are the pharmaceuticals. I have 280 researchers based in the BT labs at Adastral Park near Ipswich and they, plus a standards organisation —we also draw in from engineers across my organisation—remain really actively involved in the standards bodies. I welcome what colleagues from the other operators say and think it is really important that we maintain that as a UK presence and as a European presence to ensure that we are not lost in the middle of any risk of divergence between the US and eastern and Asian countries and China. I would implore us all to work hard to ensure that that does not happen.
Matt Warman
Q
Howard Watson: Let me take the final part of that question first, Minister. We are very much aware that that is a deadline, not a target, but we welcome the fact that the deadline is 2027. I have given evidence previously and have talked with Government significantly about the real risks to the availability of service if we pull that date forward.
We have a lot of infrastructure. That deadline allows us to plan carefully how we can switch off a site, if we have to, to replace it and swap it out, so that the spike has overlapping coverage from adjacent sites. Were we to be required to bring those timescales forward, we would be talking about mobile blackouts in the UK, which clearly we all want to avoid, given the increasing dependence of UK citizens on networks. We have a plan that gets us to that. The 35% by 28 January 2023, just two years away, is a little bit more challenging, but we have a plan to get us there. The pandemic is making that challenging, but right now we are on track for that too. I think that answers the second question.
In answer to your first question, the ambition that we have, and what will become requirements across the TSRs, will put the UK ahead of the pack, in being a safe place for people to work and run businesses, secure in the knowledge that we have a high level of protection against cyber-threats. We welcome that, particularly in the environment in which we are now operating.
We have remaining questions—we raised some of those in our written evidence—about the sequence by which the requirements will be applied. We think it is critically important that there is a strong baseline level of compliance that applies to everybody who operates a network in the UK. We do not want to have entry points through weak links across our environment.
Alex Towers: A large majority of what is in the TSRs reflects current best practice and we are already complying with it. There are some places where there is a stretch for us to do more, which is good. The key point, I suppose, concerns Howard’s point about making sure that the baseline for all operators is higher and strong enough, given that these are inter-connected network, as you have already heard this morning. The whole edifice is only as strong as its weakest point. We are concerned about the idea that the code of practice might not apply to some operators, for example. That is the sort of detail that we will begin to see debated further as the Bill goes through.
Supporting the UK’s Social Fabric
Matt Warman Excerpts(3 years, 3 months ago)
Commons ChamberRead Full debate Read Hansard Text Read Debate Ministerial Extracts
The Parliamentary Under-Secretary of State for Digital, Culture, Media and Sport (Matt Warman)
May I start by thanking the hon. Member for Dagenham and Rainham (Jon Cruddas) for securing this important debate and for getting such great cross-party consensus on the importance of this topic? It might not be of any help to his election leaflets if I say that he is a great champion of the centre right, as is Onward, but I think that we can all agree that, whether it is centre right or centre left, this is a vital topic for us all to be discussing.
The hon. Gentleman also talked about a participatory rather than a paternalistic way of having this conversation. That is an absolutely key focus for this Government, and I know that it is an absolutely key focus for my noble Friend, Baroness Barran, whose ministerial brief this is; it is an honour to speak on it in the Commons. That strong social fabric is absolutely vital to the health and well-being of our society and of our economy. That is why it is not only this cross-party commitment that is important; it has also been an extraordinary spectacle over the past year to see the importance of that fabric as communities have come together as they have been tested like never before. It is more important than ever that we pay close attention to those ties that bind us, that we pay close attention to the way that they have been, as the hon. Gentleman described, stretched, and that we pay close attention to the fundamental infrastructure that makes those links possible. Whether it is little platoons or whether it is the big society—whatever we want to call it—they are essential to our response both to the pandemic and to our future.
We know that many people across the whole country are concerned about a growing lack of belonging, about that sense that things ain’t what they used to be—whatever that might be. This report from Onward on the state of our social fabric does make for stark reading, as the hon. Gentleman said. It provides evidence of a long-term decline in the social fabric and it adds to a growing base of evidence for a link between weak social fabric and higher levels of deprivation.
I see in my own constituency—in Boston, in particular—levels of deprivation but intense levels of social pride. That sense is something that we can all build on. It has been highlighted by the Onward report and by the one nation report on “Connecting Communities” from my hon. Friend the Member for Watford (Dean Russell), and we need to do more on that. Deprived areas are not lacking in pride or community spirit; they are often the places with the most community spirit. We need greater investment in the community infrastructure and the institutions that may help those places to address the economic challenges they face, because the two go together.
As my hon. Friend the Member for Devizes (Danny Kruger) said, the Government have committed to levelling up all regions of the United Kingdom. A major part of that commitment must be creating jobs and investment in infrastructure as it is commonly understood, but we must also invest in the kind of social infrastructure that sits beneath it. Social fabric is about more than levelling up, and we will not level up if we simply address the economic challenges the hon. Member for Dagenham and Rainham mentioned. We must also recognise—and the Government do recognise—that exploring and recognising the role that building strong communities plays is an essential part of that agenda.
The £4 billion levelling-up fund will help. It will invest in
“the infrastructure of everyday life”,
as my right hon. Friend the Chancellor has put it. It is not just transport and jobs, but community infrastructure, local arts, culture and libraries that make a real difference to people and that Members across the House are passionate about. That is why the Government are seeking, through this course of action, to use all the levers available, rather than simply building infrastructure, be it broadband, roads or rail. That will ensure that people can access the network and institutions that let them connect in every possible sense, rather than simply improving infrastructure connectivity. Those two things together will address the economic inequalities we all want to see tackled.
Supporting change within those communities has not traditionally been seen as the space for Government to act, nor has it traditionally been seen as the space for a Conservative Government to act, but my Department has long focused on enriching lives, whether through sport, the arts or participation in the community at local and national level. We all want to create the conditions for civil society to thrive in order to support volunteering and local giving.
My hon. Friend the Member for Devizes mentioned the role of tech firms in that. As we move to an increasingly digital world, the role of technology is hugely important. I have worked to encourage the Googles and Facebooks of this world to work more with charities and local businesses. Just as they have done some successful work with schools, there is more that they could do in this area, as the hon. Member for Strangford (Jim Shannon) said.
It is important to say that the Government’s response to the pandemic provides an example of how we have worked to enable civil society and communities to take a lead. The Government have worked hard to enable civil society to identify those challenges, to use its experience and, crucially, to fill the gaps. For instance, the £750 million support package that focused on enabling smaller and local charities and social enterprises to maintain and enhance services for those affected by the crisis saw large numbers of people working within their communities. It facilitated that sort of work to achieve more than would otherwise have been possible. It is important to recognise where the Government have done the right things. I hope that that is easier to do in the environment of cross-party consensus that we have seen this evening.
It is essential that we work to ensure that this potential is realised for the long term in every part of the country. Last summer, when my hon. Friend the Member for Devizes developed the proposals to sustain the community response to covid-19, one area he looked at was volunteering. We hear that many people want to volunteer but they face challenges in getting involved, and Government can help to address those barriers. They can enable us to sustain the community spirit. His recommendation of a volunteer passport, for instance, is one of the things that we are looking at closely. It represents one of a range of possible measures that will contribute to the strengthening of social fabric.
The hon. Member for Dagenham and Rainham also mentioned place-based charities. It is important to pay tribute to the role of community foundations up and down the country—my own in Lincolnshire does remarkable work—and to note the recent announcements that we have made about the future use of dormant assets, which can make a real difference, building on what is already there.
As I said, we have seen huge progress in the use of digital technology to enable volunteering as a result of the pandemic. The NHS volunteer responders is just one example; they have supported 130,000 vulnerable people since they were mobilised last April, so we know that it can be done. We have heard great examples in Devizes, and up and down the country, of people seeing in the vaccination drive yet another way in which volunteers can be harnessed, in the various “cabs for jabs” schemes that have already been established. My Department will continue to aid this effort and others, updating the public guidance to make sure that people can volunteer safely, because, of course, that is now more important than ever. Sustaining that strong, resilient volunteering system must be a legacy of this challenging period. I am grateful to my hon. Friend the Member for Devizes for his report to the Prime Minister, and we will carefully consider the recommendations as we respond in due course.
This is a subject that, as the hon. Member for Dagenham and Rainham knows, we could talk about at great length, but the reason why we should have cause to be optimistic in these extraordinary times is that we have seen the possibilities that can be achieved, and we have seen, not just through those NHS responders, what more can be done. It has been a pleasure to have the opportunity to respond to this debate. Strengthening the social fabric will continue to be a vital task for the Government. Responding to the Onward report will be an interesting and long-term project as well.
It is slightly too early to say happy birthday to Dagenham as we approach the centenary in November, but I will do so none the less. I do not know whether we can say happy sixth millennium to Devizes, but we should throw that in. Either way, whether a place is 100 years old or 6,000 years old, it is vital now that as a community we use the opportunities, be they technology or community, to level up and work from the bottom up, as I think the hon. Gentleman said. As we recover from the present crisis, it is vital that we build the stronger, fairer country that, across the House, we have seen a clear consensus for this evening.
Question put and agreed to.
Oral Answers to Questions
Matt Warman Excerpts(3 years, 5 months ago)
Commons ChamberRead Full debate Read Hansard Text Read Debate Ministerial Extracts
Rob Roberts (Delyn) (Con)
The Parliamentary Under-Secretary of State for Digital, Culture, Media and Sport (Matt Warman)
The Government are absolutely committed to delivering nationwide gigabit broadband as soon as possible. That is why we are investing £5 billion to support roll-out in the hardest-to-reach areas of the country. We will go as fast as we can and the only thing that will hold us up is how fast we can get the fibre into the ground. We are engaging closely with industry to support its efforts by incentivising investment and removing barriers to roll-out.
Jonathan Gullis
I thank my hon. Friend for his positive answer. Now that Stoke-on-Trent has a complete city-wide full-fibre network offering gigabit speeds and capability, does he agree that Stoke-on-Trent would be the perfect test bed to show how, post Brexit, smaller UK cities can more than match up to similar-sized centres of digital innovation such as Eindhoven, Karlsruhe and Aalborg? Will he commit the Government to help make my Silicon Stoke vision a reality, as part of the levelling up commitments?
Matt Warman
My hon. Friend misses no opportunity to promote Silicon Stoke. The Government are absolutely committed to using trials and test beds to support the kind of innovation he talks about. We are interested in new ideas as part of that levelling up commitment. I look forward to continuing our conversations with Stoke and maybe even visiting one day.
Rob Roberts
Mrs Sharp, who lives in Delyn in my constituency, has just had a quote for £131,638 to install full-fibre broadband for her and her 18 neighbours. That works out at about £7,000 per property. When I queried this with Openreach, it said, “Well, she lives in a rural community. Perhaps she could dig her own trenches to reduce the cost of the groundwork.” Given that levelling up should not only be for people in towns and cities and those who happen to own heavy machinery, can my hon. Friend look into this case and others like it to come up with a better answer for Mrs Sharp than “dig your own holes”?
Matt Warman
There are communities that have successfully dug their own trenches, but it is obviously not right to suggest that that would be right for everybody. Ofcom is looking at the universal service obligation, one of the routes to getting broadband into rural areas, but there are other methods. I encourage my hon. Friend to ask his constituents to look at the voucher schemes, particularly those supported by the Welsh Government, and other technologies. But I am happy to look into this specific case, because obviously it is not likely that everyone owns enough heavy machinery to dig every trench.
Robert Largan (High Peak) (Con)
Simon Baynes (Clwyd South) (Con)
The Parliamentary Under-Secretary of State for Digital, Culture, Media and Sport (Matt Warman)
The Government have agreed a £1 billion deal with mobile network operators to deliver the shared rural network. This landmark deal will deliver 95% coverage by the end of 2025. The exact deployment plans will be managed by operators and we look forward to seeing more details of those.
Robert Largan
The unique geography of the Peak District means that we have some of the worst mobile phone coverage blackspots anywhere in the country. I welcome the introduction of the shared rural network, but can the Minister provide further information to the House on when my constituents might see some of the benefit of this? Would he agree to meet me, so we can discuss how we can roll out better phone coverage to the whole High Peak?
Matt Warman
The shared rural network is already benefiting some parts of the country, but my hon. Friend is right that in areas such as High Peak it cannot come soon enough. I am very happy to meet him to discuss that, and I am very happy for him to join me in continuing to encourage operators to make their plans public as quickly as possible.
Simon Baynes
Will the Minister join me in praising the often unsung work of local councils in improving rural mobile connectivity, such as the digital officers of Wrexham and Denbighshire councils in Clwyd South, who bring together local solutions to complex mobile coverage problems?
Matt Warman
My hon. Friend is absolutely right that, whether it is in Wrexham and Denbighshire or up and down the country, the work of local authorities has been absolutely essential in delivering the kind of bespoke solutions that work best for local communities. I am grateful to those in Wrexham and Denbighshire who have engaged closely with my Department’s barrier-busting taskforce to make sure that his constituents get the connectivity that they deserve.
Karl MᶜCartney (Lincoln) (Con)
Digital Infrastructure, Connectivity and Accessibility
Matt Warman Excerpts(3 years, 5 months ago)
Commons ChamberRead Full debate Read Hansard Text Read Debate Ministerial Extracts
The Parliamentary Under-Secretary of State for Digital, Culture, Media and Sport (Matt Warman)
I congratulate my right hon. Friend the Member for Tatton (Esther McVey) and the hon. Member for Sunderland Central (Julie Elliott) on securing the debate.
When I first came into this place, I set up the all-party group on broadband and digital communication. On 12 October 2015, I secured a debate on broadband. Today, I stand here as the Minister with responsibility for broadband. Mr Deputy Speaker, be careful what you wish for. I say that, because I honestly believe there is no more important infrastructure job that this Government are tackling. Connectivity is about so much more than cables: whether it is the fact that people who are online are more than £200 a year better off, can educate their children better, can see their doctors more effectively, can have the hospital appointments they need, can watch “The Crown”, fictional or otherwise, or can see their relatives at a time when, now more than ever, we all want to see our relatives. When I set up the all-party group, it was because I am passionate about this subject. I have spent the best part of two decades writing and talking about it. Connectivity is an engine of social justice. It is critical to the levelling-up agenda. It will make this country greener, more inclusive and more diverse.
I want to turn immediately to the first question that my right hon. Friend raised. We are committed to delivering nationwide gigabit connectivity as soon as possible. The 85% minimum coverage by 2025 is just that. If we can go faster by 2025, it will be with the help of the industry and we will do just that. The constraint is simply how fast we can dig up the roads and bust every barrier. Since this Government took office in 2019, gigabit-capable connectivity has risen from 9% to one third today. We will keep up that pace and, by the end of next year, I expect gigabit-capable connectivities to be half of all connections.
I would invite the hon. Lady to turn to the “National Infrastructure Strategy”—it may be on her bedside table: it is certainly on mine. Page 11 of the “National Infrastructure Strategy” has 15 bullet points. She asked how important this target is to the Government. Well, of those 15 bullet points, the ninth is HS2. The third bullet point is levelling up. to answer her question about how important broadband is, it is the very first bullet point. It is absolutely essential. I look forward to meeting her blue collar group—I pay tribute to its work—to discuss that in more detail. We will spend every bit of the money as fast as we possibly can to deliver that target as fast as we possibly can.
Several hon. Members raised the issue of education and devices. In the extraordinary circumstances of this pandemic, the Government delivered 340,000 laptops and tablets and 51,000 4G wireless routers, and spent £195 million trying to make sure that the children and families who needed it most had the connectivity that they needed when so many of the schools were closed. It is a testament to a programme in which we showed all the commitment we possibly could and got both the data and the devices to people who needed them most.
Matt Warman
The hon. Lady shakes her head. As one of the members of the ministerial group, I know that we strained every sinew to get all of that connectivity there and we will continue to do that to make sure that children are educated as best they can be. I pay tribute to the teachers who have converted their lessons to online, because it is a huge change in working patterns.
Siobhain McDonagh
The Minister will know that the Government introduced a requirement on schools to provide online learning on a Thursday at 6pm. On the Friday, the Government halved the number of laptops and computers available for children who had no such access at home. How does the Minister believe that that action helped schools to provide education to those children?
Matt Warman
The DFE is absolutely committed to targeting the laptops and the connectivity to where they are needed most. She is right to say that the allocation changed: it was because of that targeting, to get the devices to where they were most needed. She presents it as a cut, but it is inaccurate to do so.
The Chair of the Select Committee, my hon. Friend the Member for Solihull (Julian Knight), talked powerfully about the importance of making sure that we encourage people to take up broadband where it is offered. That is why the Government have set up the Gigabit Take-up Advisory Group—GigaTAG—with the FSB, Which? and the CBI, to make sure that where broadband is there it is taken up by businesses and consumers. We want to try to create that virtuous circle that demonstrates that there is demand and, therefore, greater reason for the private sector to invest. It is the private sector that will deliver 80%, if not more, of the market as a whole. Where the industry has the capacity and the capability to deliver more gigabit-capable coverage, we will do everything we can to drive that forward.
I turn to what we have already done and what we will continue to do when it comes to busting the barriers that various hon. Members have mentioned. We have taken legislative action to make it easier to install broadband in blocks of flats. We have committed to legislate to mandate gigabit connectivity in new builds. I pay tribute to the work of my hon. Friend the Member for Loughborough (Jane Hunt), who has already delivered for one estate and I know will deliver for many more. We expect gigabit-capable coverage in her constituency to reach 50% by the end of next year, which I know she will welcome. We are also preparing to consult on changes to the electronic communications code so that greater access is given to land in a way that works for landowners and the networks to roll out wireless networks, focusing in particular on 5G.
My hon. Friend the Member for Beaconsfield (Joy Morrissey) mentioned the importance of competition. I will use that as an opportunity to talk a little about the future of the gigabit programme. Before Christmas, we will be talking about the pipeline and the beginnings of the roll-out for the gigabit programme, which I hope will provide hon. Members with a greater sense of where we will focus our resources in the first instance. I say to those such as my hon. Friend the Member for North Norfolk (Duncan Baker), who pointed out areas with the worst connectivity, that they should not fear that they will be at the back of the queue. We are keen to focus our resources on areas that will see the greatest benefit from improvements. That is something good to hear from Norfolk to Dorset and Scotland as well.
The hon. Member for Mitcham and Morden (Siobhain McDonagh) asked about the smaller networks that are often those used by people on lower incomes. The Government’s package announced for vulnerable consumers included commitments not to disconnect people in financial distress not only from the larger networks but from those such as giffgaff, which she mentioned. We focused not just on large providers but on ensuring that there were protections for vulnerable consumers as well. In the same way, I point out to my right hon. Friend the Member for Tatton how, in the course of the pandemic, half a million NHS workers benefited from enhanced provision from the main telecoms providers, because we understand exactly how important it is to get the best connectivity to NHS workers who, in cases such as that of her constituent, came out of retirement—it sounded like she did—to help out with the pandemic. That is just a small number of examples of what the Government have done in the course of the pandemic, but it testifies to our commitment to a crucial agenda. Another example will be working with the Good Things Foundation, which my hon. Friend the Minister for Digital and Culture met recently. We are committed to working with the Good Things Foundation and we will continue to do that. The skills toolkit in April was very important.
I close by paying tribute to my right hon. Friend the Member for Tatton. In the Backbench Business debate I held in October 2015, there were some 54 contributors; today there were 20-odd. We are making progress on this agenda, but I am as impatient as she is to ensure that we get the job done. The Government’s commitment should not be doubted for a second.
Broadband Rollout: Devon and Somerset
Matt Warman Excerpts(3 years, 5 months ago)
Westminster HallRead Full debate Read Hansard Text Read Debate Ministerial Extracts
Westminster Hall is an alternative Chamber for MPs to hold debates, named after the adjoining Westminster Hall.
Each debate is chaired by an MP from the Panel of Chairs, rather than the Speaker or Deputy Speaker. A Government Minister will give the final speech, and no votes may be called on the debate topic.
This information is provided by Parallel Parliament and does not comprise part of the offical record
The Parliamentary Under-Secretary of State for Digital, Culture, Media and Sport (Matt Warman)
I thank my hon. Friend the Member for Tiverton and Honiton (Neil Parish) for securing this debate; I do not think that anyone has ever tried to duff up the Government in such a good-natured way. That spirit was shared by all hon. Members, for better or worse.
I have had these conversations with all hon. Members present and other MPs across Devon and Somerset, because broadband now matters more than any other utility. Over the last year or so, we have learned how important digital connectivity is. It is not that useful for me to talk about how extensive the superfast programme has been or how 96% of the country is covered, because if people do not have it, they do not have it. I understand why hon. Members want to go back with good answers to parents trying to educate their children and to farmers trying to deal with the Department for Environment, Food and Rural Affairs—a whole host of people from every aspect of society. Digital is what we now rely on, and what we will continue to rely on for economic growth and for essential parts of everyday life.
I completely understand why the debacle of the 13% of houses that Connecting Devon and Somerset has not managed to get connected is important to all hon. Members present. As my hon. Friend the Member for Somerton and Frome (David Warburton) generously pointed out, 87% of the programme has been delivered, but the fact remains that not far off 50,000 premises will be, at worst, nearly five years late. For what it is worth, I am sorry. It is important that, whether we blame Carillion for letting down Gigaclear, or Gigaclear for overpromising, the Government are sorry that we are in this position. That is an important starting point.
Neil Parish
I thank the Minister for taking my comments in such good part. The Government have put people in from the Department to look at Connecting Devon and Somerset and to sit on its board, but that needs to be strengthened. These mistakes cannot go on being made time and time again. My plea to him is to pick it up. I understand that the Government may not want to run the scheme themselves, but, for goodness’ sake, they cannot let Connecting Devon and Somerset behave in that way any longer.
Matt Warman
I thank my hon. Friend for that. I want to try to look to the future. There are some bits of good news. I cannot remember his precise phrase—I am not sure if he literally asked me to grab Connecting Devon and Somerset by the throat—but we have certainly worked closely with it. He mentioned that we have made an appointment to the board. That is a signal of how closely and intensively we have worked with CDS to get these forthcoming procurements to a much better place.
I will talk about Devon and Somerset specifically, but it is also important to bear in mind that nationally, we are doing things to ensure that every barrier to a nationwide roll-out is removed; we are legislating for improved connectivity in blocks of flats and new builds; we are making it easier to dig up the roads and easier to repair the roads in a way that makes all of the nationwide roll-out go that bit faster. In Devon and Somerset, CDS is now in the final phase of that £38 million procurement that will deliver those final connections. Working with us in DCMS, what it has done—as is already public knowledge—is divide the remaining 50,000 premises into six lots to cover all parts of the region not currently addressed by the live Airband contract. The reason for taking that approach is to maximise competition, speed, and speed of roll-out wherever we possibly can.
We have teams in Building Digital UK that have covered commercial interest, state aid, value for money and delivery, all working intensively with CDS throughout the procurement process and supporting it at every stage. We could not have worked more closely, and that is in part because of the commitments that I made to Members when I came to the area to talk about CDS and we first made the decision that Gigaclear was not going to be in a position to revise its contract. We worked very closely with Gigaclear to try and get it to a point where we did not have to restart the process but, ultimately, I believe that restarting the process was the best way to secure the speed of connections that we need.
It is this close management that has ensured that the procurement is on the very shortest path to delivery that we could possibly have envisaged. To give my hon. Friend the Member for Tiverton and Honiton an idea, one procurement might routinely take nine months. Those six lots—those six procurements—will have been completed in around 10 months. He rightly highlighted the fact that we had aimed to get them done by the end of November. I think he would accept that quite a lot has happened this year that we were not expecting, but it is my expectation that they will be done by Christmas.
Matt Warman
If my hon. Friend will let me continue. I know everyone says it will be done by Christmas, but I mean this Christmas. That procurement process, as he can imagine, is very much ongoing now. I ask him gently not to tempt me to say anything that might derail that procurement process in the last three weeks, but that is where we are at.
Neil Parish
I understand the point that the Minister is making about the six contracts, but he should not forget it was Connecting Devon and Somerset that decided to split it up into six contracts. I am not necessarily against that, but I do not think it can be broadly said it has managed to deliver six contracts in 10 months. Previously, it was one contract; CDS decided to split it up, so it is taking more time. Yes, it will be at Christmas, all being well, but the contracts are going out to 2025. In this great new spirit of transparency, how much is going to be announced so that people can actually get connected well before 2025? We have had no transparency.
Matt Warman
My hon. Friend is absolutely right. A crucial part of the future programme will be much greater communication with Members of Parliament, which is important up to a point, but also with the public. One of the most important things we can do is say to people, as he said, yes, the whole procurement will take several years, but there will be many shovels in the ground and many connections made well before the end of that period. We need to give people as much transparency as we possibly can, so that the entirely legitimate criticism that my hon. Friend made of the previous contract is not the case for the future contract.
It was right that CDS gave Gigaclear the opportunity to make things work, because it could speed things up, but we are where we are. It also important from a national perspective to say that Gigaclear has delivered in large swathes of the country: in Oxfordshire, Berkshire, Essex, Herefordshire and Gloucestershire. There are many problems, given the situation we are in today, but part of this is that we cannot lay them all at the door of any one entity.
On the new procurement, while some may think it easier to award the contracts to a larger supplier, the fair and open process across six lots was intended to promote speed and competition. When my hon. Friend gets his Christmas present, I hope he will be able to greet that, and we will give him some of the transparency that we have talked about.
I thank CDS for working with DCMS as closely as it has. That is why we have got to the position of doing six procurements in ten months or thereabouts, taking the people of Devon and Somerset to a significantly better place. The overall delivery, in stages between 2021 and 2024, and 2024 and 2025, is the right approach but it needs to be as transparent as possible, and should go as fast as possible. It should be communicated as quickly as possible. I have made that point to DCMS and CDS because, once awarded, these new contracts will deliver the balance of the connectivity that should have been delivered by Gigaclear. It is worth remembering the UK Government target of 95% for superfast coverage. The latest figures in my hon. Friend’s constituency show that 84.35% of his constituents have superfast connectivity —slightly up from the figures that he has given. The bad news is that the other two constituencies that he mentioned have gone up slightly faster. Tiverton and Homerton now has the lowest connectivity in Devon and Somerset, and I know that he is not going to let up until that is at a significantly higher level. We will pick up the superfast connections with these remaining procurements, we will be more transparent and we will go as fast as we possibly can.
It is also important to talk about the forthcoming UK gigabit programme that my hon. Friend mentioned and be absolutely clear that this remains a £5 billion programme with a 100% target. The judgment of industry and the Government is that the initial phasing of the spending reflects the maximum that can be delivered in the period up to 2025, but we will continue to work with industry so that if we can go any faster at all, then we will. If we can exceed that 85%, then we will. It is not an 85% maximum—it is a 100% ambition and we will go as far and as fast as we can.
My hon. Friend the Member for North Devon (Selaine Saxby) mentioned vouchers. They will be a key part, but not the only part by any means, of that future procurement, because it is horses for courses, as we know. Some communities are able to work together, but in some areas that is simply not the right approach. A host of different approaches will inform how we spend that £5 billion because that is how we will make it go as fast as possible and how, with an eye on value for money, we will manage to make sure that we spend it as quickly as possible. I know what matters to hon. Members in the Chamber is getting those connections done as quickly as possible. In the period to 2025, we will focus that funding, wherever possible, on premises that do not have access to superfast broadband. That means that the focus will be disproportionally on constituencies such as Somerton and Frome, and Tiverton and Homerton, where an 80-something per cent. of people have it. I obviously cannot make promises about any individual connection, although I am glad that my hon. Friend the Member for Totnes (Anthony Mangnall) has recently been upgraded and I have hopes for my hon. Friend the Member for Somerton and Frome, but it is important that the Government are clear that we will focus the £5 billion gigabit programme on getting as many people connected as possible. We will focus on those who need it most, and we will continue to work with the industry to refine the programme and maximise coverage.
Chi Onwurah
I thank the Minister for the good-natured way in which he is addressing our concerns, but I want to ask him about the commitment to universal gigabit broadband. Does it remain, and if so when will it be achieved?
Matt Warman
As I said, we think we will get to 85% or thereabouts by 2025. We will go as fast as we possibly can and we will get to 100% as quickly as we possibly can. I know the hon. Lady wants me to put a date on that, but the point is that we will go as fast as we possibly can. We will talk more about what the phasing looks like as we talk more about the gigabit programme. We will release some details this side of Christmas and some more in the new year. If the hon. Lady will be slightly patient, we will be able to release some more details. One of the key factors for the gigabit programme has to be providing people with transparency about what happens when.
I thank my hon. Friend the Member for Tiverton and Honiton for securing this debate. It is a hugely important issue for everyone across Devon and Somerset. I understand and share the frustration. I would be very happy to have another one of these debates, but I really hope we will not need one.
Telecommunications (Security) Bill
Matt Warman ExcerptsMonday 30th November 2020
(3 years, 5 months ago)
Commons ChamberRead Full debate Telecommunications (Security) Act 2021 View all Telecommunications (Security) Act 2021 Debates Read Hansard Text Read Debate Ministerial Extracts
The Parliamentary Under-Secretary of State for Digital, Culture, Media and Sport (Matt Warman)
I thank all Members for a well-informed and important debate. We have heard across the House that all Members believe that this Government should be putting national security at the very top of our agenda. That is what we are doing tonight. We are also putting forward a strategy that will allow the UK to derive all the benefits that we possibly can from all the enhanced digital reliance that we have seen across the country over the course of this pandemic and, of course, before it.
We have all heard this evening just how much connectivity matters and just how much our national security matters. We heard upwards of 20 speeches, which clearly demonstrated the critical importance of the security of our telecoms networks, especially as we move into the next phase of digital connectivity. As the Secretary of State has said, this Bill will raise the security bar across the board. It will provide us with the capabilities that we need to protect ourselves from a range of threats, both now and in the future. I am pleased that the Bill has support across the House. It is clear that we are all keen to put the UK’s national security interests first.
I hope that Members are reassured that the Government are taking these issues seriously. A number of Members referred to the Huawei interest group. Much as I have enjoyed being the subject of the Huawei interest group’s interest, I am glad that we have come to a position that has been welcomed across the House. The Government have taken steps today both to lay out our diversification strategy—an important £250 million commitment that is detailed and has real potential to see British companies grow in the way that my right hon. Friend the Member for Vale of Glamorgan (Alun Cairns) identified—and to publish illustrative designations and directions demonstrating the transparency that many Members across the House have asked for. Through that, I think we have demonstrated our commitment to dealing with the risks to our networks and the national security threats that come from high-risk vendors.
I turn to some of the points that have been raised in the course of the debate. The first, which was raised across the House, is the important matter of human rights. We want respect for human rights to be at the centre of all business that takes place in this country. These are vital issues that go much wider than telecoms. A number of Members rightly pointed out that the Telecommunications (Security) Bill will be focused on matters related to telecommunications and security, but of course we have serious concerns about the human rights situation in Xinjiang, including the extrajudicial detention of over 1 million Uyghur Muslims and other minorities in political re-education camps, systematic restrictions on Uyghur culture and the practice of Islam, and extensive invasive surveillance targeting minorities.
Where China is not meeting its obligations under international law, the UK Government will continue to speak out publicly. Indeed, the 30 June formal statement that the UK read out on behalf of 28 countries at the UN Human Rights Council highlighted arbitrary detention, widespread surveillance and restrictions targeting ethnic minorities. The Government published their response to the consultation on transparency in supply chains in September, and we are committed to taking forward an ambitious package of changes to strengthen and future-proof the transparency provisions in the Modern Slavery Act 2015. While, as many have said, issues of human rights are not matters directly for this Bill, they are acutely important, and Britain will continue to take that leading role.
Sir Iain Duncan Smith
I hear what my hon. Friend says, but surely he would concede that, as this Bill deals specifically with vendors and the vendors are themselves located, originally, in countries that may have been guilty of these abuses of whatever nature, should those companies be found to be using slave labour—such as some that are already referenced in this Bill—that would be a reason not to have them. Would he not think that they were high-risk vendors for the very simple reason that they abused those human rights?
Matt Warman
As I said earlier, we would want to apply those standards not just to telecoms companies but to the garment industry and in a host of other areas where we know that there is the potential for similar abuses. I absolutely hear what my right hon. Friend says, but Britain can do better than focus simply on the relatively narrow aspect of telecoms.
Bob Seely
I hear what the Minister is saying, but I wish to follow up the point made by my right hon. Friend the Member for Chingford and Woodford Green (Sir Iain Duncan Smith). If the debate on this Bill is not the place to discuss human rights, I get that, but we are also told that the debates on the National Security and Investment Bill are not the place to discuss human rights. I may get that as well, but the Government need to say where significant national interest concerns that are outside national security can be addressed. We talk the talk on human rights an awful lot in this country and this Parliament, but we have to put some trousers on that, I think.
Matt Warman
I am not going to engage too heavily with my hon. Friend’s trousers, but I will say to him that, as I said a minute ago, we are committed to taking forward an ambitious package of changes to strengthen and future-proof the Modern Slavery Act 2015, and that is one of several significant avenues that are open to him.
On the important matter of diversification, the telecoms supply chain review asked how we can create sustainable diversity in our telecoms supply chain. That question is addressed by the new diversification strategy that we published today, which is crucial to ensuring that we are never again in a situation in which we are dependent on just a handful of vendors who supply the networks on which so many of us have come to depend. I wish to spend a little time on this issue. The Government have been working at pace to develop the 5G supply chain diversification strategy, which sets out a clear vision for a healthy, competitive and diverse supply market for telecoms and the set of principles that we want operators and suppliers to follow.
The strategy is built around three key strands: first, securing incumbents; secondly, attracting new suppliers; and thirdly, accelerating the development and adoption of open and interoperable technologies across the market. That is why, in the diversification strategy that we published today, we commit to exploring commercial incentives for new market entrants as we level the playing field; to setting out a road map to end the provision of older legacy technologies that create obstacles for new suppliers; and to investing in R&D to grow a vibrant and thriving telecoms ecosystem here in the UK.
I say gently to the hon. Member for Newcastle upon Tyne Central (Chi Onwurah) that we have directly addressed a number of the issues that she raised in Westminster Hall last week. I look forward to engaging with her more on the strategy because it is important that we should work together to try to make sure that we all derive the benefits of a serious £250 million Government commitment that will drive early progress and ensure that our 5G diversification strategy not only bolsters the resilience and security of our digital infrastructure but creates opportunities for competition, innovation and prosperity.
Sir John Hayes
It is wonderful that the strategy has emerged, but will my hon. Friend be just as clear about legislative change associated with that strategy? I understand that a further Bill may come forward; given the urgency of this issue and the concentration that his Department is applying to the strategy, when can we expect that legislation?
Matt Warman
We do not anticipate legislation as a direct result of the diversification strategy, but of course there are other important avenues to explore as part of the broader industrial strategy. A lot of what is in the diversification strategy does not need to be delayed by the legislative programme, and I think my right hon. Friend would welcome that.
A number of Members raised the role of Ofcom. Ofcom will monitor, assess and enforce compliance with the new telecoms security framework that will be established by the Bill. It will report on compliance to the Secretary of State alongside publishing the annual reports that he mentioned on the state of the telecoms security sector. I want to be absolutely clear: we have had productive conversations with Ofcom already. Ofcom will continue to have the resources it needs. We appreciate that those needs will be affected by the changes that we are bringing in today, and we will agree their precise nature with Ofcom. We will make sure that Ofcom has all the security clearance that it needs to do the job, and all the resources, external or otherwise, to do the job, because this is an important new power.
Ofcom may also play a role in gathering and providing information relevant to the Secretary of State’s assessment of a provider’s compliance with a designated vendor direction, and it may also be directed to gather further information to comply with the requirements specified in a direction. The Bill already enables Ofcom to require information from providers and, in some circumstances, to carry out inspection of the provider’s premises or to view relevant documents. Ofcom’s annual budget, as I say, will be adjusted to take account of the increased costs it will incur due to its enhanced security role.
Let me turn to a couple of issues raised by the hon. Member for Newcastle upon Tyne Central. We will of course be working with local authorities and with networks to minimise any disruption, but we do not anticipate that the decisions that we have made over the past few months will have a direct impact on existing commercial decisions. As the Secretary of State said, we do not expect the two to three-year delay to be extended by what we have said today, but we will keep in close contact with the networks and continue to make sure that we do everything we can to remove the barriers to the roll-out of the networks as far as we possibly can. I do, however, expect companies to do as much as they can to minimise the effects. These are commercial decisions that have been made by companies over a number of years. We have already seen, as a result of the Government’s approach over the past few months, significant changes to decisions. I welcome the neutrORAN project that my right hon. Friend the Member for Vale of Glamorgan mentioned, as well as a number of others that have been taken by networks that already see important changes to how they procure their networks.
Mr Kevan Jones
The Minister has introduced the September 2021 date after which no new Huawei or high- risk vendor equipment can go into the networks. What will happen to those companies that perhaps have stock of Huawei equipment or entered into contracts thinking that they could implement them before September 2021 and will now have to be told that they cannot? Would they actually lose a lot of money?
Matt Warman
Those decisions, as I said, were taken in the context of the environment that people were already well aware of, and they are taken at a degree of commercial risk. However, we have worked closely with the networks to ensure that there will be no additional delays as a result of this decision. I think it is the right thing that puts national security at the absolute heart of our programme, but it also does that in the context of not jeopardising the clear economic benefits and the clear practical benefits of improving connectivity across the country that we would all like to see.
On the emergency services network, we anticipate that these announcements concerning Huawei will have a very low impact on the emergency services network. We do not anticipate any impact on the programme schedules. There is some Huawei equipment in the EE part of the emergency services dedicated core network that EE is already working towards removing.
Let me cover one other aspect raised by the Chair of the Intelligence and Security Committee, my right hon. Friend the Member for New Forest East (Dr Lewis). I look forward—maybe that is not quite the right phrase—to appearing before the ISC in the next few days. We will always co-operate with it, and I am very happy to work with it on the best way to balance the obvious requirement between transparency and national security, although we would always seek to be as transparent as we possibly can be within those important bounds.
Dr Julian Lewis
I did ask a few questions. If the Minister cannot answer them now, by all means he should write to me. However, I am concerned about a situation where, for example, a former leader of the Conservative party and former Prime Minister has a major role in the China belt and road funding operation. How secure will Government be against lobbying of people with that sort of connection and prominence?
Matt Warman
I will simply say that the Government will always put our national security interests first, and of course we are always alive to the commercial interests of the companies that seek to engage with us in this matter or any other. I look forward to further engaging with my right hon. Friend and his Committee.
To conclude, this Bill does not simply produce a framework that will address one particular company or even one particular country. It sets up the futureproof regime that will allow us to deal with the company that we have spoken about so much this evening and also its successors in successor networks. The intention of this legislation is to persist well beyond the current challenges that we face. I am glad that it commands the support we have seen across the House. I am immensely grateful for what has been a genuinely well-informed debate and one that I look forward to carrying on in Committee. The Telecommunications (Security) Bill will create one of the toughest telecoms security regimes in the world. It will enable us to protect our national telecoms infrastructure, and it is also a chance for the UK to become the world leader in the development of new 5G technology that we all know we can be.
Question put and agreed to.
Bill accordingly read a Second time.
Telecommunications (Security) Bill (Programme)
Motion made, and Question put forthwith (Standing Order No. 83A(7)),
That the following provisions shall apply to the Telecommunications (Security) Bill:
Committal
(1) The Bill shall be committed to a Public Bill Committee.
Proceedings in Public Bill Committee
(2) Proceedings in the Public Bill Committee shall (so far as not previously concluded) be brought to a conclusion on Tuesday 19 January 2021.
(3) The Public Bill Committee shall have leave to sit twice on the first day on which it meets.
Proceedings on Consideration and up to and including Third Reading
(4) Proceedings on Consideration and any proceedings in legislative grand committee shall (so far as not previously concluded) be brought to a conclusion one hour before the moment of interruption on the day on which proceedings on Consideration are commenced.
(5) Proceedings on Third Reading shall (so far as not previously concluded) be brought to a conclusion at the moment of interruption on that day.
(6) Standing Order No. 83B (Programming committees) shall not apply to proceedings on Consideration and up to and including Third Reading.
Other proceedings
(7) Any other proceedings on the Bill may be programmed.—(David T. C. Davies.)
Question agreed to.
Telecommunications (Security) Bill (Money)
Queen’s recommendation signified.
Motion made, and Question put forthwith (Standing Order No. 52(1)(a)),
That, for the purposes of any Act resulting from the Telecommunications (Security) Bill, it is expedient to authorise any increase attributable to the Act in the sums payable under any other Act out of money so provided.—(David T. C. Davies.)
Question agreed to.
Telecommunications (Security) Bill (Ways and Means)
Motion made, and Question put forthwith (Standing Order No. 52(1)(a)),
That, for the purposes of any Act resulting from the Telecommunications (Security) Bill, it is expedient to authorise provision requiring public communications providers to pay certain costs incurred by the Office of Communications.—(David T. C. Davies.)
Question agreed to.
Telecommunications (Security) Bill (Carry-over)
Motion made, and Question put forthwith (Standing Order No. 80A(1)(a)),
That if, at the conclusion of this Session of Parliament, proceedings on the Telecommunications (Security) Bill have not been completed, they shall be resumed in the next Session.—(David T. C. Davies.)
Question agreed to.