Telecommunications (Security) Bill Debate
Full Debate: Read Full DebateTobias Ellwood
Main Page: Tobias Ellwood (Conservative - Bournemouth East)Department Debates - View all Tobias Ellwood's debates with the Department for Digital, Culture, Media & Sport
(4 years ago)
Commons ChamberI beg to move, That the Bill be now read a Second time.
Cutting-edge technology such as 5G and gigabit broadband have the potential to transform our lives and this Government are investing billions of pounds in their roll-out nationwide, but we can only have confidence in that technology if we know it is secure, and this Bill will create one of the toughest telecoms security regimes in the world, one that will protect our networks even as technologies grow and evolve, shielding our critical national infrastructure both now and for the future.
This Bill acts on the recommendations of the United Kingdom telecoms supply chain review, which in turn was informed by the expert technical advice at the National Cyber Security Centre in GCHQ. First, it establishes a tough new security framework for all the UK’s public telecoms providers. This will be overseen by Ofcom and the Government, and they will have a legal duty to design and manage their networks securely. Rigorous new security requirements will be set out in secondary legislation, and codes of practice will set technical guidance on how providers should meet the law, and where providers are found wanting, Ofcom will have the power to impose steep fines. For example, under the current regime fines for failing to protect security are limited to just £2 million or £20,000 per day, while under the new regime they will rise significantly, to up to 10% of turnover or £100,000 per day. Under the current regime Ofcom has limited monitoring and enforcement powers. Under the new regime it will have the power to enter premises of telecoms providers, to interview staff and to require technical systems tests.
If we pass this Bill, few other countries in the world will have a tougher enforcement regime, and the point of this Bill is not just to tackle one high-risk vendor; it raises the security bar across the board and protects us against a whole range of threats. According to the NCSC, the past two years have seen malicious cyber-activity from Russia and China as well as North Korea and Iranian actors. While I know that telecoms providers are working hard to protect our networks against this hostile activity, the Government have lacked the power to ensure they do so. This Bill puts a robust security framework in place, guaranteeing the protection of our networks.
It feels like a long time since we had debates about Huawei at, I think, the beginning of the year, which perhaps started this national conversation about our critical national infrastructure. My right hon. Friend speaks about threats: what is the biggest long-term geostrategic threat facing the UK now?
I thank my right hon. Friend for his intervention. The interventions are tempting me to jump around points that I intend to make, but he is right about the importance of diversification. We have published the diversification strategy, which is available for Members to examine, and I will come on to it in a moment.
It is this Bill and this Bill alone that gives Members the assurances they seek for the security of our networks both now and in the future. Further to the point made by my hon. Friend the Member for Tonbridge and Malling (Tom Tugendhat), operators are already taking our approach seriously—they are working now to meet the Government’s requirements. For example, BT has signed a deal with Ericsson for 5G equipment to enable it to phase out Huawei and is already in the process of using Ericsson products to replace Huawei in its core. Where operators can go further and faster without jeopardising the stability of our network, we will of course encourage them to do so, but it would be a big risk to force them to go even further. BT and others have warned that moving faster could put our networks under considerable strain, creating significant risk of blackouts, and it would take longer for 5G to reach the parts of the country where it would make the most difference.
O2, Three and BT had concerns that they would have to cancel their contracts with Huawei but still pay for them, because the equipment was on its way. Could my right hon. Friend clarify what happens to contracts that are in the pipeline, which could see these companies go bust if they have to pay for them?
My Department is in close contact with mobile network operators. I do not think that the sort of risk my right hon. Friend describes of companies going bust is remotely the case. Furthermore, we have given clear advance notice of this. For example, we made the first statements in January this year. We updated the guidance in July, and we also consulted extensively with the mobile network operators on the requirements in relation to installation that I am announcing today.
The hon. Lady is setting out a long list of concerns with which many in the House would absolutely agree. Does she agree that for the reasons she is outlining it is perhaps now time for us to review the overseas aid that we give to China?
I do not want to step beyond my brief and interfere in that of my shadow Cabinet colleague, but we certainly should not be doing business with any companies that breach both human rights and workers’ rights. We have international labour standards in place and these are not companies with which to do business.
Turning now to broadband and 5G roll-out, and the delays and the costs layering on top of them, we have already seen delays in the roll-out of second and third generation fixed broadband, and we are now at the bottom of the OECD tables. In fact, only last week the Government sneaked out in the Chancellor’s spending review plans to water down their broadband promises. Instead of keeping to their manifesto promise to roll out gigabit-speed broadband to every home in Britain by 2025, the Chancellor revealed that the Government are now aiming to have a minimum of 85% coverage by that date. The budget for that plan remains the same, but now only £1.2 billion of the £5 billion will be made available up until 2024, so this will impact on the so-called levelling-up agenda.
The Government’s delay in dealing with the issue of high-risk vendors until now has also meant that there will be added delays and costs to the roll-out of 5G. The Secretary of State accepted that in July, when he said that the cumulative delay would be two to three years. However, the Government’s impact assessment for the Bill does not establish the effect of removing Huawei from the core network on the timescale for the 5G roll-out, so has the Secretary of State’s position, set out in July, of a two to three-year delay changed at all, and why does the impact assessment fail to address that issue? Also in July, the Secretary of State predicted that removing Huawei would cost operators up to £2 billion, but that could be a huge underestimate, because BT alone is saying that it will cost it £500 million, and the costs could be far greater, including the knock-on effects in terms of lost revenue and wider economic benefits.
As well as those economic consequences, there is another impact, because the provision of 5G for most of the UK will increase the digital divide without significant measures to tackle it. The three central problems at the heart of this divide are lack of internet connection, lack of technological devices, and lack of the skills to use new technology in a meaningful way. The Government have promised, and so far failed, to solve the lack of connection, which is a particular problem for under-served communities. There is nothing about 5G that will make it a better option for those communities, who are already lacking affordable access to fast internet. In addition, there is the distinct possibility that in order to access mobile 5G internet, users will need newer and more expensive devices built for those increased speeds. The pandemic has highlighted these divides and thrown into stark relief the need for help and support for those whose lack of connection, skills and equipment is a real barrier both in terms of employment and other meaningful connections.
There is one other significant consequence to the Government’s delay, and that is the new 4G-based emergency services network. That is now unlikely to completely take over from the existing platform until 2024-25. This delay is costing taxpayers millions. If the Government are forced to keep airwaves going beyond 2022, every year of delay adds an extra cost of about £550 million. The core of the ESM network does feature Huawei equipment, but EE has said that it is already working to strip this out and hopes to complete that by 2023. However, can the Secretary of State reassure the House that the presence of Huawei kit in the 4G ESM network will not have any impact on its lifespan, financial implications or security status and safety concerns?
I turn now to the removal of high-risk vendors’ equipment from the 5G networks. For the purposes of this debate, it is probably easier to refer to it as the removal of Huawei equipment, because that is where everybody’s current focus is. This must all be removed from networks by 2027. There is the “no new purchasing” rule from the end of this month, and the Secretary of State has announced today that existing stocks cannot be used after September 2021. However, there are questions for the Government around the implementation of this that I hope the Minister will be able to answer.
I have five specific questions. First, given that the Bill is based on a distinction between the core and the edge of the networks, how confident are the Government of the durability of the barrier between the core and the edge? Secondly, what steps are the Government taking to prioritise the removal of any existing Huawei equipment from the more sensitive core part of the network, and how much equipment does Huawei have in it? Thirdly, are the Government proposing to provide help to businesses who have invested in Huawei equipment ahead of this decision, and will there be legal support, as many operators may have to honour contracts that they cannot actually use or possibly afford? Fourthly, what steps will the Government be taking to work with local authorities and others to minimise disruption to businesses and individuals when removing the equipment? Fifthly and finally, what steps are being taken to minimise the costs to business?
I have one other point, from a different policy angle. When Australia banned Huawei from participating in its 5G network in 2018, China imposed retaliatory measures on Australian goods. The Government’s impact assessment does not address the economic consequences of potential retaliatory measures, so can they explain what steps are being taken to plan for that possibility?
Thank you, Madam Deputy Speaker—does that mean that I get 16 minutes to speak? That is fantastic. [Interruption.] That is my first intervention, so it is now 17 minutes. It is good to catch your eye in this important debate, Madam Deputy Speaker, and to see present so many colleagues who were there at the start of the journey—I referred to this in the first intervention I made—when we first discussed Huawei in the Chamber.
The Defence Committee looked at this subject because the security of 5G is now critical, given our ever-growing reliance on data movement. To establish a new security framework for the UK telecoms sector and to ensure that telecoms providers operate a secure network and resilient services and manage their supply chains is absolutely fundamental to our new way of life. The completion of 5G over the next decade will be nothing short of revolutionary. Every aspect of our lives as we know them, including how we communicate, socialise, work, travel and manufacture things, will become increasingly dependent on lightning movements of wireless data. The advantages of such scope and scale in our growing online world have very much been appreciated during this pandemic, but, equally, we must recognise how our reliance leaves us very much exposed to those who might choose to cause us harm.
The backdrop of this was of course the lively debate, which I have referred to, over Huawei. Perhaps that was a wake-up call on just how powerful and tech savvy China has become. The Minister and the Secretary of State have made it very clear that this is not just about China—other non-state and state actors are now developing capabilities to interfere with our online world—but I make it very clear indeed that what we are discussing today exposes the wider uncomfortable reality of the gradual geopolitical shift in global power from west to east.
In our lifetimes, China is on course to become more powerful economically, technologically and militarily than the United States of America, and how we handle this so-called Thucydides trap is yet to be reckoned with. This is a usually disruptive transition of influence from one ruling power base to a rising power with eventually more dominance—a transition that history suggests is rarely peaceful. The only example of a peaceful transition is that from the British empire to the American superpower. If we are honest, this Bill is about exactly that. This is the starting point of a bigger conversation about how we manage such a transition. We are placing protections on our country against China, which we privately no longer trust, but I have to say that, publicly, we may be in denial about what we need to discuss.
We should finally come to terms with the fact that China has not matured into the responsible global citizen that, a decade ago, we hoped it would be. Instead, China offers a competing authoritarian ideology, leveraging its colossal economic growth to undercut western competition and ensnare dozens of countries into infrastructure projects and high-tech plans on terms that they can ill afford. Our growing dependence on the online world has created a new virtual theatre of war. The actual character of conflict has been changing in front of us: it is less about terrain, and now more about data. We are becoming increasingly vulnerable, with cyber-attacks, disinformation campaigns, interference in elections, manipulation of social media, data theft, online espionage and sabotage. These are the new battlegrounds that we must prepare for and defend against. Our international rules-based order was crafted in the pre-digital age. A major cyber-attack, for example, could cause more damage than a dirty bomb, but would not technically trip a NATO article 5 response. International law must catch up, and this legislation is a small line of defence in a far wider geopolitical battle that we need to embrace.
Britain is rightly seeking to remain on the cutting edge of this fast-developing digital world, but this can only be achieved with greater protection and, indeed, investment in our critical national infrastructure. Our 5G capability must leave no virtual backdoors left open. Consequently, phasing out high-risk vendors, such as Huawei, from our 5G programme is the right call. However, we have to ask the question: why is it that a decade ago there were 12 vendors that can provide this support, yet today there are only six? There are two in Europe, with Ericsson and Nokia, two in the far east, with NEC and Samsung, and then of course two in China—Huawei and ZTE—and there the question lies. What we need to do about it is to make sure we have that capability to move forward in a secure environment.
We must accept that Huawei has grafted its way into our telecoms network partly because the UK vendor market is not diverse enough. Regaining the secure technological capability on which our new digital world will depend requires more than just legislation to block high-risk vendors from entry; it needs the advancement of our own technological capabilities. Open RAN has been mentioned, but it is still a long way off. OneWeb has been purchased as a possible capability for communications. We have yet to hear what the Government plan to do with that.
Ultimately, we must recognise that Huawei, ZTE and others are so powerful because they are state funded. Perhaps it is time for an Apollo moment: when the United States knew it was losing the space race, a combination of state aid and the commercial sector allowed it not only to catch up with but to overtake the Soviet Union. We need the same penny to drop here and to recognise what China is all about.
It is good to hear growing talk of the D5 trusted alliance of nations. It has been mentioned as an advancement of the Five Eyes community and I very much welcome that. We need to provide an alternative to the cheap solutions that the Chinese are rolling out, which continue to be peddled across the road. They are high-tech versions of the one belt, one road programme. Only with greater western resolve can we design and build the secure foundations for the profound new technological world we are about to experience.
I will underline the elephant in the room: what do we do about China? Unless we in the UK and collectively in the west address China’s conduct, there will be a geopolitical clash. That is inevitable and will slide us towards another cold war.
We should make it clear that the UK has huge respect for the Chinese people. Our histories are intertwined, perhaps more than many of us appreciate. The opium wars, the ceding of Hong Kong, the Boxer rebellion, the century of humiliation—perhaps Britain glosses over many of those historical footnotes, but for those in China, they influence their thinking and their attitude towards the west today.
However, today, the west is recalibrating its view of China. China’s conduct in the pandemic, from its initial efforts to hide the outbreak to rejecting any independent investigation, has exposed a dangerous agenda that we can no longer ignore. During China’s incredible economic ascent, western policy focused on deepening engagement in the hope that China would evolve into a responsible global citizen that embraced hard-fought principles of liberty, democracy and open trade. It is clear that the Chinese Communist party has something very different in mind. As it has increased its economic power, Beijing has deliberately shunned international accountability and rules. It may be gaining superpower status, but it avoids any sense of duty to uphold core values of freedom and the rule of law. Knowing that its conduct repudiates those values, it now pursues a geopolitical authoritarian agenda, as illustrated in the crackdown in Hong Kong, the terrible treatment of the Uyghur minority and its manipulation of the digital world, which mimics its one belt, one road initiative.
With countries becoming locked into long-term commitments with reduced autonomy and little prospect of withdrawal, more and more countries are becoming ensnared in China’s authoritarian sphere of influence. The US now publicly confirms that China is a strategic and geopolitical threat to the west, while here in the UK we have yet to say so, though I am pleased that the Secretary of State pointed out concerns about China.
I hope that the full publication of the Government’s integrated review will confirm that China now is a geopolitical threat. We require a turning point—another Sputnik moment, where we no longer pretend and we do not just legislate on high-risk vendors, but hold the regime behind the state-owned companies to account.
I hope that, with the changing of the guard in Washington, there will be a rejuvenation of the west’s collective resolve about what we stand for, what we believe in and what we are willing to defend. The next decade will be very bumpy indeed. If we are to avoid another cold war, protecting our telecoms infrastructure must be the first step of many.