Huawei and 5G Debate
Full Debate: Read Full DebateTom Tugendhat
Main Page: Tom Tugendhat (Conservative - Tonbridge)Department Debates - View all Tom Tugendhat's debates with the Department for Digital, Culture, Media & Sport
(4 years, 9 months ago)
Westminster HallWestminster Hall is an alternative Chamber for MPs to hold debates, named after the adjoining Westminster Hall.
Each debate is chaired by an MP from the Panel of Chairs, rather than the Speaker or Deputy Speaker. A Government Minister will give the final speech, and no votes may be called on the debate topic.
This information is provided by Parallel Parliament and does not comprise part of the offical record
The hon. Gentleman is absolutely right. This relates to my earlier comment about the linkage with the Government. I will come back to Huawei’s ability to draw on support finance—which we might call Government support.
I am aware that you want me to make progress, Mr Paisely, so I shall. I will also ask others to restrain themselves slightly, although I will not refuse interventions. That will not win me points from you, Mr Paisley, but I will not defy my colleagues.
Perhaps most bizarrely, I think that the rush by the Government is being driven by the fear that we will be left behind by others. It is worth tackling that point. I find it difficult to comprehend their position, given that a growing number of leading western nations, many of them our competitors in many fields, intend not to use Huawei—in fact, they will depart completely from Huawei, even if that means a delay—or any other untrusted vendors. Surely, therefore, it is inevitable that the worldwide roll-out of 5G must slow down. Given that so many nations are saying no to Huawei, this should be an opportunity for us to prioritise national security over the breakneck speed with which the deployment of 5G is being pressed on us.
I, too, praise my right hon. Friend for making a very strong speech. Does he agree that the two successful roll-outs of 5G so far have been carried out in South Korea and Japan—by Samsung and Fujitsu respectively—and neither of them seems to have included Huawei?
Yes, I agree. My hon. Friend makes a very good point. In fact, I have read a note from Samsung declaring that it is completely feasible to do this work without any involvement from Huawei. Indeed, Samsung made very clear its belief that Huawei is a direct threat to our national security because its system is not a trusted one.
Far from Huawei having some insurmountable technological lead, it seems, when one starts to investigate, that the quality of its work is no better than anybody else’s, and in some cases somewhat worse. I recall even Dr Ian Levy, the technical director of GCHQ’s National Cyber Security Centre, saying about a year ago that Huawei’s security was “very, very shoddy”. He also said that
“it’s engineering like it’s back in the year 2000”.
We need to take stock of this nonsense propaganda that Huawei is light years ahead as an organisation. Yes, it has a lot of people in research and development, but the reality is that its development has been about money.
The Government say that telecommunications companies are all reliant on Huawei. It was said earlier in the debate that telcos are absolutely reliant on Huawei, so delay would leave them significantly out of pocket. According to that line of argument, however, I would argue that reducing Huawei’s involvement to even 35% would leave telcos out of pocket, so we are already halfway there, as it were. It seems daft to try to make that argument.
Of course, the reliance on Huawei comes as a result of it having constantly bid well below other market competitors for UK and other business. After all, there is a long history of the China Development Bank providing low-cost financing for Huawei customers, and that approach is updated every few years. A recent report estimates that, when one takes in tax breaks, grants and low-cost land acquisitions, the subsidy comes to more than $75 billion. No western company in this sector will be able to compete on those grounds.
Despite all that, it is not common knowledge that at least one very significant UK service provider has contacted me to say that it has already made clear that it will not use Huawei in its 5G network. O2 suggests that the idea that these systems cannot be created without Huawei—my hon. Friend the Member for Tonbridge and Malling (Tom Tugendhat) mentioned this earlier—is complete and utter nonsense.
The NCSC’s guidance does not even mention services. I understand that Huawei is now taking over the managed services for another operator, Three, which opens up yet another huge area to gather information from. If someone has a map of a radio network, they will also have a map of everything connected to that radio network. They will know what each piece is, what it does and how to attack it.
Yet our dependence on Huawei goes even deeper—much deeper than many people realise. I have just noticed that Huawei is present in the emergency services network, which is often referred to as the blue lamp or blue light service. The service is part of our critical national infrastructure, but the issue did not come out in the statements. I am astonished that that would be allowed. We can imagine how dangerous any form of disruption would be to that service. It beggars belief. Then I discovered that MI5 uses a systems provider that is heavily dependent on Huawei equipment. These decisions are barking mad.
There is no question that the US Administration are very exercised by the UK’s decision to go ahead with 5G and Huawei. In fact, I cannot think of any other time when we have been so separated from most of our allies that we respect. The thing I cannot get is that even Vietnam, for God’s sake—a communist country next door to China—will not have Huawei in their systems.
Indeed. We are all neighbours in the global environment, as the dreadful coronavirus shows us.
The problem is compounded—this is not really spoken of in these debates, and the Government never make any mention of this—is a deeper and further problem. It exposes the degree to which western Governments, including our Government, to a degree—I am talking about successive Governments; this is not a shot at my Government, as the issue goes back further than that—have taken their eye off the ball. Much of the available equipment, including electronic sub-assemblies, is of unknown security provenance. At present, beyond existing contracted functions, we have little to no idea what else lies in our installed systems. UK Governments and others—I particularly want to focus on my Government—have done little to tackle the problem. Understanding what is inside the chips and processors is critical. Any malware needs to be detected. Surely, after all these years, we could have worked to ensure as much as possible that products deployed into secure or critical national infrastructure are auditable, so that we understand what is in them. What better way to do that than by collaboration with our Five Eyes allies, to ensure that we drive security much deeper? Nothing has happened, however.
We are in a mess, and the only way to get out of it, as my right hon. Friend the Member for North Shropshire (Mr Paterson) said, is to ensure that Huawei’s involvement is reduced from the Government’s present position of 35% down to 0%. I recognise that may take a little time, but that should be the purpose of the Government over the next two years.
Successive British Governments—this is the point that my right hon. Friend the Member for Haltemprice and Howden (Mr Davis) made—have tried to get close to China in the hope that we can take advantage of their markets. I recognise that that is not unreasonable, but in so doing, we seem to be playing a dangerous game. After all, this totalitarian regime is not an ally of ours, and we get confused about that at times, even if the Foreign Office is reluctant to admit that China poses a threat to us, for fear of upsetting the Chinese Government. That threat is not just in its cyber-attacks on our systems, but also in the way in which it does not obey the international rules-based order in trade. That point has been made today. By the way, no other country does a level of business proportionate to its population as much as Australia does with China. Australia is not frightened of saying no to the procedure, and I do not see anybody trying to beat it up on trade. Sometimes I wonder if we do not project the sense of power or force that we should.
As the UK leaves the EU, we should avoid kowtowing, as my right hon. Friend so rightly said—that wonderful Chinese act of placing one’s forehead on the ground in front of one’s respected superior—to China or anyone else. The British Government should commit to reducing and eradicating our dependence on Huawei, in line with our allies. That is really important. After all, defence of the realm is surely our first priority, and that goes for cyber-space as well. If defence of the realm is our first priority, what the Government are proposing today is not defence of the realm, but semi-defence of the realm, and that simply will not do.
Thank you, Mr Paisley, for calling me to speak in this important debate. Many of the security questions have been covered, so while I do not resile from them I will not cover them again. We have not yet addressed what will be an important issue going forward, which is the simple fact that just as we write laws in this place to shape the culture of society, we shape the culture of our systems by writing code. The code that is being written today in places like Shenzhen is going to shape the culture of our communication systems and the way in which they act together.
This may sound like it is simply a question of noughts and ones—a mathematical process that is devoid of culture—but that is simply not true. Even supposedly neutral systems like accountancy rely on concepts of ownership, individuality, privacy, collectivity or state interference that are culturally specific. That is as true of accountancy today as it was when it was first created, several hundred years ago on these islands. The code that is now being written will have the same implications, so the real decision for us is not just “What are we looking at today in our 5G network, and how much influence will it have on the systems that we seek to operate now and in the immediate future?” but “What cultural norms are we embedding into our society that will shape the concepts of liberty and individuality”—concepts that I thought we held dear?
If we are arguing, as many of my right hon. and hon. Friends have done so successfully, that these islands have the right to determine their own future and take back control of their destiny, it seems odd to decide that having just done so, we are going to hand it over to Beijing. I fail to understand why government from Beijing is better than government from Brussels, or why cultural norms set in a collectivised state are better than those that arise among democracies with which, at least, we share values. When I hear colleagues on both sides of the aisle in the United States, Australia or New Zealand speaking clearly about the security implications for all of us, I also think about the foreign policy implications. Whatever we think about our security preparations, if our allies do not trust us, that undermines the alliance. If our allies do not believe that we can keep their data safe, that undermines the sharing of data, and if they do not think we are going to be reliable, that calls the alliance into question. China is already having some success in its geopolitical world, because the game it is playing—the game of dividing its opponents—is meeting with some success. I am very sad that our Government are allowing themselves to be the pawn in that game.
I understand that the Government must take risks in certain areas, and that the decisions they must take are difficult. The Government have to decide whether, if Nokia and Ericsson were the only companies in this space, the collapse of one of those companies would lead to a monopoly, and they therefore see a requirement for a third. However, instead of risking a monopoly, they are taking risks with security, which is a mistake.
I agree with my hon. Friend that it is sensible to make sure we do not undermine diversity through our own actions. However, as a matter of principle, taking suppliers out of the system does not assist diversity. The points he has made are substantially about security, and I agree that this debate must focus on that question. Whether we use market caps or bring along other suppliers in the market, diversity is a legitimate security objective, just as it is a legitimate economic objective. However, I am afraid that we do not have the luxury of inventing a domestic contributor to this market in a short space of time, so we have to deal with the market as it is.
There is a good reason why we focus on the security of the system as a whole and not on one supplier. If we are worried about China, as it is perfectly right for us to be, it is worth keeping in mind the fact that many of the competitor suppliers referred to in this debate use Chinese components in their equipment, or assemble their equipment in China. It is therefore important to recognise China’s potential to intervene.
Given that we are about to spend £100 billion on a train line, would it not be sensible to invest some of that money in our own infrastructure if we are so concerned about Chinese suppliers?
My hon. Friend really should not get me started on HS2; we do not have time.
We should not just be worried about Huawei or about China, but about the security of the entire telecoms infrastructure. However, if we are going to talk about Huawei, let us not forget first of all that Huawei is already in the system. Sometimes these debates are conducted as though it were going to come in for the first time, but it is here already, managed differently to other suppliers. Secondly and most importantly, let us not disregard the advice of our highly respected intelligence agencies, which have said that the inclusion of Huawei’s equipment is consistent with our security requirements. I have had the privilege of working with those agencies, as I know many other Members present have. They are world class, and it is important that we do not disregard what they say.
This has been an important and timely debate. I am glad that my right hon. Friend the Member for Chingford and Woodford Green (Sir Iain Duncan Smith) has provided the Government with an opportunity to clarify some of their position.
As he knows, the Government’s first priority is to protect our citizens and their interests. That means that the security of our telecoms and critical national infrastructure is of paramount importance. That is why we undertook the telecoms supply chain review—to allow us to make hard-headed, evidence-based decisions.
The UK is a global leader in cyber-security. Our world-class security agencies have set out their security analysis of the telecoms sector in a level of public detail unmatched anywhere in the world.
It is because of the need to manage the risks to national security that we have made the decisions that we have on high-risk vendors, concluding that there needs to be strong restrictions on their presence in the network. It is because we need to improve the security of the network overall that we need a new security framework for telecoms.
Over time, our intention is to reduce our reliance on high-risk vendors, as market diversification takes place. We want to get to a position where we do not have to use a high-risk vendor in our telecoms network at all.
In a moment. Although it is driven by security, our decision making reflects the reality of the UK network and the global supply chain marketplace, and that is why diversification is key. I give way to the Chair of the Foreign Affairs Committee.
Can I be very clear on what the Minister said? He is saying that the Government’s aim is to reduce to zero high-risk vendors, of which Huawei is one.
As I say, we want to get to a position where we do not have to use a high-risk vendor in our telecoms network.
As I said, we are introducing the new regime because of some of the concerns that my hon. Friend addresses. I reiterate the Government’s offer to put at the disposal of any Member of the House as many experts from the public and private sectors that we can, so that colleagues can be in touch with the latest thinking on this issue.
We understand the threat from China and are robust with it when our interests are challenged. We will continue to publicly call out malicious cyber-activity, and the decision to categorise Huawei as a high-risk vendor took into consideration the potential links between Chinese companies and the Chinese state, including the fact that Chinese companies are subject to China’s national intelligence law. The UK has also been vocal in drawing attention to the systematic human rights violations against Uyghur Muslims and other ethnic minorities in China. The Government have set out our expectations of businesses in the UK national action plan on business and human rights.
The telecoms supply chain review, which was laid before the House in July 2019, underlined the range and nature of the risks, highlighting the risks of dependence on one vendor, faults or vulnerabilities in network equivalence equipment, the back-door threat, and vendors’ administrative access. We need to be alive to the totality of the risks that the telecoms network faces today and will face in the future. High-risk vendors are part of that security risk assessment, but they are not the sole factor.
I want to address some of the myths about how the network will develop. It is true that technical characteristics of 5G create a greater surface area for potential attacks, but it will still be possible to distinguish different parts of the network. As my hon. Friend the Member for Rushcliffe (Ruth Edwards) said, what matters are the critical functions within the network. We need to ensure that critical functions, wherever they are, have appropriate security.
I will come to the issue of the network’s core and edge, which will answer some of the questions that Members want to ask.
Ian Levy, the technical director of the National Cyber Security Centre, set out in a recent blog post that the notion that there is no distinction between the core and the edge cannot be true. He says that, with 5G networks,
“you need lots of smaller basestations as well as big ones, and the small ones will be on lampposts, bus shelters and other places that aren’t secure from physical interference by bad guys. So, if your network design means that you need to run really sensitive functions processing really sensitive data (i.e. core functions) on an edge access device on top of a bus stop, your choice of vendor is the least of your worries and you probably shouldn’t be designing critical national infrastructure. The international standards that define what a 5G network actually is allow you to do all sorts of things, and some of those things could lead to security or operational risks that can’t be mitigated. That doesn’t mean you have to do them.”
We in this country will not do such things.
I will give way briefly to the Chair of the Foreign Affairs Committee.
Does the Minister recognise that it was not Tim Berners-Lee, but Rod Stewart, who foresaw the amazing power of the internet? It is not just the technical experts, but the imagination of people who will build on their technical skills, that will determine where the risks really lie.