Read Bill Ministerial Extracts
Telecommunications (Security) Bill Debate
Full Debate: Read Full DebateOliver Dowden
Main Page: Oliver Dowden (Conservative - Hertsmere)Department Debates - View all Oliver Dowden's debates with the Department for Digital, Culture, Media & Sport
(3 years, 12 months ago)
Commons ChamberI beg to move, That the Bill be now read a Second time.
Cutting-edge technology such as 5G and gigabit broadband have the potential to transform our lives and this Government are investing billions of pounds in their roll-out nationwide, but we can only have confidence in that technology if we know it is secure, and this Bill will create one of the toughest telecoms security regimes in the world, one that will protect our networks even as technologies grow and evolve, shielding our critical national infrastructure both now and for the future.
This Bill acts on the recommendations of the United Kingdom telecoms supply chain review, which in turn was informed by the expert technical advice at the National Cyber Security Centre in GCHQ. First, it establishes a tough new security framework for all the UK’s public telecoms providers. This will be overseen by Ofcom and the Government, and they will have a legal duty to design and manage their networks securely. Rigorous new security requirements will be set out in secondary legislation, and codes of practice will set technical guidance on how providers should meet the law, and where providers are found wanting, Ofcom will have the power to impose steep fines. For example, under the current regime fines for failing to protect security are limited to just £2 million or £20,000 per day, while under the new regime they will rise significantly, to up to 10% of turnover or £100,000 per day. Under the current regime Ofcom has limited monitoring and enforcement powers. Under the new regime it will have the power to enter premises of telecoms providers, to interview staff and to require technical systems tests.
If we pass this Bill, few other countries in the world will have a tougher enforcement regime, and the point of this Bill is not just to tackle one high-risk vendor; it raises the security bar across the board and protects us against a whole range of threats. According to the NCSC, the past two years have seen malicious cyber-activity from Russia and China as well as North Korea and Iranian actors. While I know that telecoms providers are working hard to protect our networks against this hostile activity, the Government have lacked the power to ensure they do so. This Bill puts a robust security framework in place, guaranteeing the protection of our networks.
It feels like a long time since we had debates about Huawei at, I think, the beginning of the year, which perhaps started this national conversation about our critical national infrastructure. My right hon. Friend speaks about threats: what is the biggest long-term geostrategic threat facing the UK now?
The purpose of this Bill is to give us flexibility so that we do not get bound by the particular circumstances of today, and we have designed it to give us that. The four big threats we consistently face in cyber in this country are, as my right hon. Friend knows, in relation to Russia, China, North Korea and Iran, and we are seeing an evolution in some of those threats, particularly in relation to China.
This new security framework is just one half of the Bill; the second half gives the Government unprecedented new national security powers to identify and tackle high-risk vendors. Under the Bill the Government will be able to designate specific vendors that pose risks to our national security and issue directions to telecoms providers to control their use of goods, services or facilities provided by those vendors.
In principle, I welcome the Bill. Its focus, however, is on kit, hardware and vendors, and that will go some way towards protecting our telecoms systems, but we are also still facing threats from hacking, so making sure we have basic good cyber-hygiene will be just as important as some of these measures we are discussing today.
In short, yes, the right hon. Gentleman is absolutely correct. What this Bill does is bite in three respects. First, it sets out the overarching duties on mobile network operators and other telecoms providers in statute. It then empowers the Government through secondary legislation to provide further requirements on them. On top of that, for the tier 1 providers, which will basically be all the big telecoms providers, it also introduces a code of practice whereby they have to comply with that to ensure that they are secure. Across the board, the Bill tightens the requirements on them.
To follow up on the comments of my good friend the right hon. Member for North Durham (Mr Jones), does the Bill also give added protection to private individuals using their mobile phone, to stop them having it tapped by, say, a newspaper reporter?
I cannot imagine what my hon. Friend is alluding to. This is aimed at the telecoms providers, but in tightening the security requirements on them, it in turn, of course, tightens the security for individual telecoms users. The Bill makes it a duty for telecoms providers to comply with those directions and introduces robust penalties for those that fail to do so.
The point is that these powers will protect us against both the high-risk vendors of today and the threats of tomorrow. I know that for right hon. and hon. Members there are significant concerns about one high-risk vendor, Huawei. This has rightly attracted the attention and concern of many hon. Members and I want, first, to reassure them that I have heard them, that I am acting and that I am taking a clear-eyed approach to protecting our national security.
In July, I announced that UK telecoms providers should cease to procure any new 5G equipment from Huawei after 31 December 2020 and remove all Huawei equipment from our 5G networks by the end of 2027. This Bill enables us to implement those decisions in law.
I welcome both the Secretary of State’s direction and his much earlier than expected announcement of no new installations. Does he agree that this fundamentally changes the incentives on any boardroom for using any kit—in this case, Huawei—that is a risk? The cost is going to be laid with the company—that they will have to remove it anyway—which changes the pricing structure that any other company would have to bid for.
My hon. Friend makes a very important point, and I will be coming on to that in a minute. It is actually happening now because telecoms providers and mobile network operators know three things. They have to remove Huawei equipment in respect of 5G by 2027 entirely. They cannot purchase any equipment from the end of this year, and—I will come on to this shortly—we have double locked that, as it were, by having the installation requirement. Mobile network operators are already working on that assumption.
I find that very strange because the Bill is about security. The Secretary of State is now saying that he is introducing proposals which mean that if, for example, Vodafone or any other operator has got some stock in, it cannot put it in from the end of this year. What is the security risk there? The only reason we changed the projections earlier last year—which I supported—was the US sanctions on future kit. There is not a security risk to the kit that is going in now so how can he use this Bill, on security, for doing that? Is this not just a political decision that he is making?
To clarify the position for the right hon. Gentleman, mobile network operators cannot purchase from December this year—so they can purchase it now— and the installation limit will then apply from September 2021. The point of these measures is to address the concerns that Members rightly raised that companies could be incentivised to purchase large amounts of stock, stockpile it and then roll it out right the way through to 2027. I told the House in July that I would set us on a clear and unambiguous path to 2027, and these measures do exactly that.
Does the Secretary of State agree that, associated with the Bill, there needs to be a plan for the greatest diversity in the supply chains? That is the long-term solution, because part of the challenge is that we have ended up focusing on one supplier, Huawei, which has been dominant in this field. What action is he taking in that area?
I thank my right hon. Friend for his intervention. The interventions are tempting me to jump around points that I intend to make, but he is right about the importance of diversification. We have published the diversification strategy, which is available for Members to examine, and I will come on to it in a moment.
It is this Bill and this Bill alone that gives Members the assurances they seek for the security of our networks both now and in the future. Further to the point made by my hon. Friend the Member for Tonbridge and Malling (Tom Tugendhat), operators are already taking our approach seriously—they are working now to meet the Government’s requirements. For example, BT has signed a deal with Ericsson for 5G equipment to enable it to phase out Huawei and is already in the process of using Ericsson products to replace Huawei in its core. Where operators can go further and faster without jeopardising the stability of our network, we will of course encourage them to do so, but it would be a big risk to force them to go even further. BT and others have warned that moving faster could put our networks under considerable strain, creating significant risk of blackouts, and it would take longer for 5G to reach the parts of the country where it would make the most difference.
O2, Three and BT had concerns that they would have to cancel their contracts with Huawei but still pay for them, because the equipment was on its way. Could my right hon. Friend clarify what happens to contracts that are in the pipeline, which could see these companies go bust if they have to pay for them?
My Department is in close contact with mobile network operators. I do not think that the sort of risk my right hon. Friend describes of companies going bust is remotely the case. Furthermore, we have given clear advance notice of this. For example, we made the first statements in January this year. We updated the guidance in July, and we also consulted extensively with the mobile network operators on the requirements in relation to installation that I am announcing today.
I will make some progress. I may come back to the right hon. Gentleman later, but I have already given way to him twice.
I know that some Members are concerned that we have not named Huawei on the face of the Bill and that our approach could be reversed in years to come. I want to reassure those Members on a number of fronts. We have not chosen to name Huawei for two compelling practical reasons. First, as we discussed, this Bill is designed to tackle not only the Huaweis of today but the Huaweis of tomorrow, wherever they come from. It needs to be flexible enough to cover future threats and not tie our hands by limiting our response to one company and one company alone. Secondly—this is the most crucial point—making reference to any one company would create a hybrid Bill, dramatically slowing the passage of the Bill and therefore our ability to combat all high-risk vendors, including Huawei.
However, as a concrete sign of our commitment to tackling the national security risks posed by Huawei, I can confirm today that we are going further in two significant ways. First—I hope Members will have had a chance to see this—we have published an illustrative designation notice and an illustrative designated vendor direction to demonstrate how the Bill’s powers in relation to a high-risk vendor could be exercised. Given the level of concern in this House and in the other place about Huawei’s role in 5G infrastructure, these illustrative drafts name Huawei explicitly, clarifying our position beyond doubt, and set out a clear pathway to the reduction and removal of its equipment.
Does the Secretary of State believe that taking out companies such as Huawei may damage the economic impact, and what assessment has he made about making sure that we are at the forefront of growing 5G network in the UK?
My hon. Friend raises an important point. We are clear-eyed about putting national security first. If national security and economic interests are in conflict with each other, national security comes first. But within the context of that, we have properly weighed up the risks as between different dates. I believe that 2027 strikes the appropriate balance in that it can be delivered with impact, in the way that I described in my statement to the House in July—it will have an impact in terms of cost and roll-out for mobile network operators—but it does not run the risk that we go too far and too fast, whereby we risk some sort of blackout and loss of provision.
In addition to the draft directions, we are going a step further by using the illustrative directions to set out a new hard deadline for the installation of Huawei equipment. That direction makes it clear that all operators must not install Huawei equipment in their networks from the end of September 2021.
That clarification has clear practical implications. It will prevent any operator from stockpiling Huawei kit in the hope that the ban might be reversed. The new installation deadline will create cold hard facts on the ground, effectively turning the plan for Huawei’s removal into an irreversible reality.
The powers in the Bill also allow us to keep an eagle eye on the progress of Huawei’s removal. They enable us to require Ofcom to obtain information from companies to see whether a provider has complied, or is complying, and they allow us to require providers to prepare a plan setting out exactly how they intend to get to zero Huawei by 2027.
Using those powers, we will not just publish an annual report of compliance on the removal of Huawei equipment, but keep a close watch on the future progress of all telecoms companies where Huawei is concerned. Under this rigorous monitoring and reporting system, no provider will be able to drag their feet. They will need to provide proof that they are working to meet the 2027 deadline. But, critically, we can do this only if we secure these important powers—the powers that will enable us to take action in relation to Huawei to protect our networks, but also to take action against any other potential high-risk vendors now and in the future.
The right hon. Gentleman is wrong. This Bill is actually about security. The reason he is going to get the powers is to take out vendors who are a clear high risk. Huawei has been there for a while. The kit that he is talking about banning after 2021—even if it is stockpiled or part of a contract—has not got a security implication at all because it has already gone through our Huawei centre. So I am not sure that he has the powers in the Bill to do that. I am sorry, but if I were a telecoms provider and I had a contract or a stockpile of kit that I could not use, I would be looking at taking legal action against the Government, because he cannot use the Bill if that equipment is not a threat to national security, which it is not.
I say to the hon. Gentleman—[Interruption.] I beg his pardon. It is the right hon. Gentleman. I stand corrected. I say to the right hon. Gentleman that, first, this Bill and the measures in it implement what we announced as a Government in January and July, which, in turn, was based on the advice of the National Cyber Security Centre and GCHQ. In relation to whether I, or any Secretary of State, has sufficient powers in the Bill, I refer him to clause 16(2), which inserts new section 105Z8(4)(a) to (l) into the Communications Act 2003, which sets out a very wide range of bases on which I can designate a provider as high risk and take measures, so I am confident that I have those sufficient powers.
We must never find ourselves in this position again. Over the last few decades, countless countries across the world have become over-reliant on too few vendors, thanks to a lack of competition in the global telecoms supply chain. While this is a global problem, today this Government are officially leading the way in solving it. Alongside the Bill, we have published an ambitious diversification strategy—the first such strategy to be published anywhere in the world. It sets out our vision of what an open, competitive, diverse supply market for telecoms will look like, and the measures we will bring forward to develop an innovative and dynamic market.
We want to make progress as quickly as possible, so today I can also confirm that we are committing £250 million to kick-start this work. That includes funding and building a state-of-the-art national telecoms lab, which will bring together suppliers from across the world to test the performance and security of their equipment. We are also running a 5G open radio access network trial with the Japanese supplier NEC in Wales to help the entire UK benefit from this exciting new industry. That, of course, comes on top of NEC establishing a global open RAN centre of excellence in the UK just last month. We also know that Vodafone has recently announced that it intends to deploy open RAN technology across more than 2,600 of its sites—the largest commitment of its kind across any European network.
The Secretary of State is rightly focusing on open RAN and the opportunity to partner with others in the democratic and law-abiding world. What has he done to reach out to countries such as South Korea, whose Samsung system could provide for the UK, and to encourage Nokia, Ericsson and Fujitsu in Japan?
I am pleased to say that the Minister for Digital Infrastructure has met every one of the parties my hon. Friend named; indeed, I have met many of them. Essentially, we are working across three strands. First, we are working with the existing vendors—there were three, now to become two—to secure them and make sure we do not lose a further one. We are also working with new potential incumbents such as NEC and Samsung. In addition, we are working across a range of countries, in particular the D10, to ensure that we work together to improve standards in telecoms.
I am grateful to my right hon. Friend, who is being customarily generous in giving way, but can I just make a point to him and hear his answer? This situation has constantly been wrongly described as a market failure. It was not a market failure; the failure was in the reality of one country abusing and breaking World Trade Organisation rules on subsidies. The key problem has been that China has subsidised its providers dramatically, even over 100% on contract, which has killed this market over the last 10 years. Once we release the market by stopping that, the private sector will come back into this industry because competition will be real competition, not broken competition. That is the key point.
My right hon. Friend highlights one of a range of different market distortions that have been going on. To a certain extent, there will be some market correction, but the Government also need to intervene, and our diversification strategy addresses that. If we are to get existing vendors who are not currently in the UK market back in, or to create a new open RAN solution, we need to provide financial incentives, and the diversification strategy touches on many of the steps that we propose to take.
We are taking concrete steps towards a solution, but diversification is not just a problem to be solved. It is also an opportunity to be seized. As part of our strategy, we will invest in homegrown solutions that will put us at the forefront of developing 5G technology and all the transformative benefits it brings. The next phase of this work will be taken forward by the Telecoms Diversification Task Force, chaired by Lord Livingston, formerly of BT, and others. I am grateful for the work that he, industry and academic experts have done in developing the strategy and in taking it forward.
The Bill has not been designed around one company, one country or one threat. Its strength is that it creates an enduring, flexible and far-reaching telecoms regime, one that keeps pace with changing technology and changing threats, that supports billions of phone calls, email exchanges and file transfers in this country every day, and that is essential to the UK’s economy and its future prosperity.
I listened carefully to the concerns of Members on both sides of the House in designing the legislation, and I have sought to address those concerns head on in the Bill as it stands before the House. I genuinely hope that the Bill will command cross-party support and that we will be able to work together in the national interest to ensure the security of our telecoms networks. I commend the Bill to the House.