Telecommunications (Security) Bill (Fourth sitting) Debate
Full Debate: Read Full DebateSara Britcliffe
Main Page: Sara Britcliffe (Conservative - Hyndburn)Department Debates - View all Sara Britcliffe's debates with the Department for Digital, Culture, Media & Sport
(3 years, 11 months ago)
Public Bill CommitteesThank you. I want to try to squeeze in both Sara Britcliffe and Chris Matheson before we go the Minister and the shadow Minister, so we need short questions and succinct answers.
Q
Dr Johnson: I think broadly the Bill is okay. I have a couple of questions about the wording. The definition of a security compromise is too narrow. At the same time, the first clause would cover every single bug in every single system, regardless of whether they were to do with security or not. Does it affect availability, performance or functionality? Every bug on the planet would qualify for that. The Bill does not cover the issue of prepositioned viruses that are implanted in software, which are crucial to the next phase of network security, but it broadly makes sense.
I have one other comment around the designated vendors. What do the friends of the Bill think about a designated technology register? Designated vendors are all very well, but the technology that is being incorporated into telecoms networks is itself subject to security concerns. Should such a register of the specific technology generations or of particular operating systems and libraries, which are known to be buggy or compromised from a security point of view, be included in the Bill? It might be too late in the day for that, but I guess some of this will be picked up by the NCSC.
I am sorry to interrupt, but I want to move on to Heba Bevan. The question was, what is there in the Bill that you really approve of?
Heba Bevan: One of the things in the Bill that, to me, is essential is that whoever is providing the telecommunications system has to be liable for providing the security on it. I totally agree on that. They have to make sure it is secure. There are a few bits and pieces on how that is being achieved but, because of time, I can send you a few points around that.
Q
Doug Brake: At a very high level, I would say cyber-security generally. The goal of Government intervention should be to make it easy, cheap and desirable for the private sector to do cyber-security well. I have some vague concerns that some increased costs might come from the Bill—the compliance costs—but identifying this as a serious issue that needs to be looked at and giving Ofcom the tools that it needs to investigate security challenges, especially with regard to the equipment and working with the private sector to mitigate those risks, is a big step forward.
On the diversification strategy, I think it is a very wise document. That to my mind is one of the best opportunities that we have to mitigate long-term risks, particularly where there are high-risk vendors in the area. So I think the diversification strategy is quite wise and would make the UK a real leader in this space in terms of policy.
Q
Doug Brake: That is a good question. A lot of people are asking that question and trying to figure out exactly where this will go. I think that at a high level we have passed through the confrontation with Huawei and China over some of these innovational mercantilist policies that we have seen, which have undermined the global innovation of wireless equipment. I don’t think that will change at a high level. No politician in Washington in the US wants to be seen as soft on China. I think there will continue to be policies that attempt to roll back some of the innovation mercantilism that we have seen in the wireless equipment space. I expect and hope that it will be done with a more measured and co-ordinated effort with like-minded allies such as the UK and with less scattershot policies across the US Government.
What we have seen over the last several years in the United States is a variety of different agencies doing what they can to mitigate the risks. It is less a co-ordinated whole of Government approach in the US and more a disjointed and fragmented policy response across different agencies, so I am hopeful that under a Biden Administration we will see a much more co-ordinated effort and one that is more co-operative with allies.