Sir Iain Duncan Smith

- Hansard -

Copy Link

- - Excerpts

The hon. Gentleman is absolutely right. This relates to my earlier comment about the linkage with the Government. I will come back to Huawei’s ability to draw on support finance—which we might call Government support.

I am aware that you want me to make progress, Mr Paisely, so I shall. I will also ask others to restrain themselves slightly, although I will not refuse interventions. That will not win me points from you, Mr Paisley, but I will not defy my colleagues.

Perhaps most bizarrely, I think that the rush by the Government is being driven by the fear that we will be left behind by others. It is worth tackling that point. I find it difficult to comprehend their position, given that a growing number of leading western nations, many of them our competitors in many fields, intend not to use Huawei—in fact, they will depart completely from Huawei, even if that means a delay—or any other untrusted vendors. Surely, therefore, it is inevitable that the worldwide roll-out of 5G must slow down. Given that so many nations are saying no to Huawei, this should be an opportunity for us to prioritise national security over the breakneck speed with which the deployment of 5G is being pressed on us.

Sir Iain Duncan Smith

- Hansard -

Copy Link

- - Excerpts

Yes, I agree. My hon. Friend makes a very good point. In fact, I have read a note from Samsung declaring that it is completely feasible to do this work without any involvement from Huawei. Indeed, Samsung made very clear its belief that Huawei is a direct threat to our national security because its system is not a trusted one.

Far from Huawei having some insurmountable technological lead, it seems, when one starts to investigate, that the quality of its work is no better than anybody else’s, and in some cases somewhat worse. I recall even Dr Ian Levy, the technical director of GCHQ’s National Cyber Security Centre, saying about a year ago that Huawei’s security was “very, very shoddy”. He also said that

“it’s engineering like it’s back in the year 2000”.

We need to take stock of this nonsense propaganda that Huawei is light years ahead as an organisation. Yes, it has a lot of people in research and development, but the reality is that its development has been about money.

The Government say that telecommunications companies are all reliant on Huawei. It was said earlier in the debate that telcos are absolutely reliant on Huawei, so delay would leave them significantly out of pocket. According to that line of argument, however, I would argue that reducing Huawei’s involvement to even 35% would leave telcos out of pocket, so we are already halfway there, as it were. It seems daft to try to make that argument.

Of course, the reliance on Huawei comes as a result of it having constantly bid well below other market competitors for UK and other business. After all, there is a long history of the China Development Bank providing low-cost financing for Huawei customers, and that approach is updated every few years. A recent report estimates that, when one takes in tax breaks, grants and low-cost land acquisitions, the subsidy comes to more than $75 billion. No western company in this sector will be able to compete on those grounds.

Despite all that, it is not common knowledge that at least one very significant UK service provider has contacted me to say that it has already made clear that it will not use Huawei in its 5G network. O2 suggests that the idea that these systems cannot be created without Huawei—my hon. Friend the Member for Tonbridge and Malling (Tom Tugendhat) mentioned this earlier—is complete and utter nonsense.

The NCSC’s guidance does not even mention services. I understand that Huawei is now taking over the managed services for another operator, Three, which opens up yet another huge area to gather information from. If someone has a map of a radio network, they will also have a map of everything connected to that radio network. They will know what each piece is, what it does and how to attack it.

Yet our dependence on Huawei goes even deeper—much deeper than many people realise. I have just noticed that Huawei is present in the emergency services network, which is often referred to as the blue lamp or blue light service. The service is part of our critical national infrastructure, but the issue did not come out in the statements. I am astonished that that would be allowed. We can imagine how dangerous any form of disruption would be to that service. It beggars belief. Then I discovered that MI5 uses a systems provider that is heavily dependent on Huawei equipment. These decisions are barking mad.

Sir Iain Duncan Smith

- Hansard -

Copy Link

- - Excerpts

There is no question that the US Administration are very exercised by the UK’s decision to go ahead with 5G and Huawei. In fact, I cannot think of any other time when we have been so separated from most of our allies that we respect. The thing I cannot get is that even Vietnam, for God’s sake—a communist country next door to China—will not have Huawei in their systems.

Sir Iain Duncan Smith

- Hansard -

Copy Link

- - Excerpts

Indeed. We are all neighbours in the global environment, as the dreadful coronavirus shows us.

The problem is compounded—this is not really spoken of in these debates, and the Government never make any mention of this—is a deeper and further problem. It exposes the degree to which western Governments, including our Government, to a degree—I am talking about successive Governments; this is not a shot at my Government, as the issue goes back further than that—have taken their eye off the ball. Much of the available equipment, including electronic sub-assemblies, is of unknown security provenance. At present, beyond existing contracted functions, we have little to no idea what else lies in our installed systems. UK Governments and others—I particularly want to focus on my Government—have done little to tackle the problem. Understanding what is inside the chips and processors is critical. Any malware needs to be detected. Surely, after all these years, we could have worked to ensure as much as possible that products deployed into secure or critical national infrastructure are auditable, so that we understand what is in them. What better way to do that than by collaboration with our Five Eyes allies, to ensure that we drive security much deeper? Nothing has happened, however.

We are in a mess, and the only way to get out of it, as my right hon. Friend the Member for North Shropshire (Mr Paterson) said, is to ensure that Huawei’s involvement is reduced from the Government’s present position of 35% down to 0%. I recognise that may take a little time, but that should be the purpose of the Government over the next two years.

Successive British Governments—this is the point that my right hon. Friend the Member for Haltemprice and Howden (Mr Davis) made—have tried to get close to China in the hope that we can take advantage of their markets. I recognise that that is not unreasonable, but in so doing, we seem to be playing a dangerous game. After all, this totalitarian regime is not an ally of ours, and we get confused about that at times, even if the Foreign Office is reluctant to admit that China poses a threat to us, for fear of upsetting the Chinese Government. That threat is not just in its cyber-attacks on our systems, but also in the way in which it does not obey the international rules-based order in trade. That point has been made today. By the way, no other country does a level of business proportionate to its population as much as Australia does with China. Australia is not frightened of saying no to the procedure, and I do not see anybody trying to beat it up on trade. Sometimes I wonder if we do not project the sense of power or force that we should.

As the UK leaves the EU, we should avoid kowtowing, as my right hon. Friend so rightly said—that wonderful Chinese act of placing one’s forehead on the ground in front of one’s respected superior—to China or anyone else. The British Government should commit to reducing and eradicating our dependence on Huawei, in line with our allies. That is really important. After all, defence of the realm is surely our first priority, and that goes for cyber-space as well. If defence of the realm is our first priority, what the Government are proposing today is not defence of the realm, but semi-defence of the realm, and that simply will not do.

Jeremy Wright

- Hansard -

Copy Link

- - Excerpts

I agree with my hon. Friend that it is sensible to make sure we do not undermine diversity through our own actions. However, as a matter of principle, taking suppliers out of the system does not assist diversity. The points he has made are substantially about security, and I agree that this debate must focus on that question. Whether we use market caps or bring along other suppliers in the market, diversity is a legitimate security objective, just as it is a legitimate economic objective. However, I am afraid that we do not have the luxury of inventing a domestic contributor to this market in a short space of time, so we have to deal with the market as it is.

There is a good reason why we focus on the security of the system as a whole and not on one supplier. If we are worried about China, as it is perfectly right for us to be, it is worth keeping in mind the fact that many of the competitor suppliers referred to in this debate use Chinese components in their equipment, or assemble their equipment in China. It is therefore important to recognise China’s potential to intervene.

Jeremy Wright

- Hansard -

Copy Link

- - Excerpts

My hon. Friend really should not get me started on HS2; we do not have time.

We should not just be worried about Huawei or about China, but about the security of the entire telecoms infrastructure. However, if we are going to talk about Huawei, let us not forget first of all that Huawei is already in the system. Sometimes these debates are conducted as though it were going to come in for the first time, but it is here already, managed differently to other suppliers. Secondly and most importantly, let us not disregard the advice of our highly respected intelligence agencies, which have said that the inclusion of Huawei’s equipment is consistent with our security requirements. I have had the privilege of working with those agencies, as I know many other Members present have. They are world class, and it is important that we do not disregard what they say.

The Parliamentary Under-Secretary of State for Digital, Culture, Media and Sport (Matt Warman)

- Hansard -

Copy Link

- - Excerpts

This has been an important and timely debate. I am glad that my right hon. Friend the Member for Chingford and Woodford Green (Sir Iain Duncan Smith) has provided the Government with an opportunity to clarify some of their position.

As he knows, the Government’s first priority is to protect our citizens and their interests. That means that the security of our telecoms and critical national infrastructure is of paramount importance. That is why we undertook the telecoms supply chain review—to allow us to make hard-headed, evidence-based decisions.

The UK is a global leader in cyber-security. Our world-class security agencies have set out their security analysis of the telecoms sector in a level of public detail unmatched anywhere in the world.

It is because of the need to manage the risks to national security that we have made the decisions that we have on high-risk vendors, concluding that there needs to be strong restrictions on their presence in the network. It is because we need to improve the security of the network overall that we need a new security framework for telecoms.

Over time, our intention is to reduce our reliance on high-risk vendors, as market diversification takes place. We want to get to a position where we do not have to use a high-risk vendor in our telecoms network at all.

Bob Seely

- Hansard -

Copy Link

- - Excerpts

Will the Minister give way?

Matt Warman

- Hansard -

Copy Link

- - Excerpts

In a moment. Although it is driven by security, our decision making reflects the reality of the UK network and the global supply chain marketplace, and that is why diversification is key. I give way to the Chair of the Foreign Affairs Committee.

Matt Warman

- Hansard -

Copy Link

- - Excerpts

As I say, we want to get to a position where we do not have to use a high-risk vendor in our telecoms network.

Matt Warman

- Hansard -

Copy Link

- - Excerpts

As I said, we are introducing the new regime because of some of the concerns that my hon. Friend addresses. I reiterate the Government’s offer to put at the disposal of any Member of the House as many experts from the public and private sectors that we can, so that colleagues can be in touch with the latest thinking on this issue.

We understand the threat from China and are robust with it when our interests are challenged. We will continue to publicly call out malicious cyber-activity, and the decision to categorise Huawei as a high-risk vendor took into consideration the potential links between Chinese companies and the Chinese state, including the fact that Chinese companies are subject to China’s national intelligence law. The UK has also been vocal in drawing attention to the systematic human rights violations against Uyghur Muslims and other ethnic minorities in China. The Government have set out our expectations of businesses in the UK national action plan on business and human rights.

The telecoms supply chain review, which was laid before the House in July 2019, underlined the range and nature of the risks, highlighting the risks of dependence on one vendor, faults or vulnerabilities in network equivalence equipment, the back-door threat, and vendors’ administrative access. We need to be alive to the totality of the risks that the telecoms network faces today and will face in the future. High-risk vendors are part of that security risk assessment, but they are not the sole factor.

I want to address some of the myths about how the network will develop. It is true that technical characteristics of 5G create a greater surface area for potential attacks, but it will still be possible to distinguish different parts of the network. As my hon. Friend the Member for Rushcliffe (Ruth Edwards) said, what matters are the critical functions within the network. We need to ensure that critical functions, wherever they are, have appropriate security.

Matt Warman

- Hansard -

Copy Link

- - Excerpts

I will come to the issue of the network’s core and edge, which will answer some of the questions that Members want to ask.

Ian Levy, the technical director of the National Cyber Security Centre, set out in a recent blog post that the notion that there is no distinction between the core and the edge cannot be true. He says that, with 5G networks,

“you need lots of smaller basestations as well as big ones, and the small ones will be on lampposts, bus shelters and other places that aren’t secure from physical interference by bad guys. So, if your network design means that you need to run really sensitive functions processing really sensitive data (i.e. core functions) on an edge access device on top of a bus stop, your choice of vendor is the least of your worries and you probably shouldn’t be designing critical national infrastructure. The international standards that define what a 5G network actually is allow you to do all sorts of things, and some of those things could lead to security or operational risks that can’t be mitigated. That doesn’t mean you have to do them.”

We in this country will not do such things.

Matt Warman

- Hansard -

Copy Link

- - Excerpts

I will give way briefly to the Chair of the Foreign Affairs Committee.