– in the House of Commons at 2:57 pm on 28th January 2020.
Mr Speaker, with permission, I would like to repeat the statement by my noble Friend the Secretary of State for Digital, Culture, Media and Sport in the other place on the security of the telecoms supply chain.
This Government are committed to securing nationwide coverage of gigabit-capable broadband by 2025, because we know the benefits that world-class connectivity can bring—from empowering rural businesses to enabling closer relationships for the socially isolated and new possibilities for our manufacturing and transport industries. We are removing the barriers to faster network deployment, and we have committed £5 billion of new public funding to ensure that no area is left behind. It is of course essential that these new networks are secure and resilient; that is why the Government have undertaken a comprehensive review of the supply arrangements for 5G and full-fibre networks.
The telecoms supply chain review laid before this House in July underlined the range and nature of the risks facing our critical digital infrastructure, from espionage and sabotage to destructive cyber-attacks. We have looked at the issue of how to maintain network security and resilience over many months and in great technical detail; we would never take decisions that threaten our national security or the security of our Five Eyes partners.
As a result, the technical and security analysis undertaken by GCHQ’s National Cyber Security Centre is central to the conclusions of the review. Thanks to its analysis we have the most detailed study of what is needed to protect 5G anywhere in the world, and because of the work of the Huawei cyber-security evaluation centre oversight board, established by the NCSC, we know more about Huawei and the risks it poses than any other country in the world.
We are now taking forward the review’s recommendations in three areas. First, in terms of world-leading regulation, we are establishing one of the strongest regimes for telecoms security in the world, a regime that will raise security standards across all the UK’s telecoms operators and the vendors that supply them. At the heart of the new regime, the NCSC’s new telecoms security requirements guidance will provide clarity to industry on what is expected in terms of network security. The TSRs will raise the height of the security bar and set out tough new standards to be met in the design and operation of the UK’s telecoms networks. The Government intend to legislate at the earliest opportunity to introduce a new, comprehensive telecoms security regime to be overseen by the regulator, Ofcom, and Government.
Secondly, the review also underlined the need for the UK to improve its diversity in the supply of equipment to telecoms networks. Currently, the UK faces a choice of only three major players to supply key parts of our telecom networks, and this has implications for the security and resilience of those networks, as well as for future innovation and market capacity. It is a market failure that must be addressed. The Government are developing an ambitious strategy to help diversify the supply chain, and this will entail the deployment of all the tools at the Government’s disposal, including funding. We will do three things simultaneously: we will seek to attract established vendors who are not present in the UK to our country; we will support the emergence of new, disruptive entrants to the supply chain; and we will promote the adoption of open, interoperable standards that will reduce barriers to entry.
The UK’s operators are leading the world in the adoption of new, innovative approaches to expanding the supply chain, and the Government will work with industry to seize these opportunities. We will also partner with like-minded countries to diversify the telecoms market, because it is essential that we are never again in the position of having such limited choices when deploying such important new technologies.
The third area covered by the review was how to treat vendors who pose greater security and resilience risks to UK telecoms, and I know that the House has a particular interest in this area, so I will cover the recommendation in detail. The risks identified may arise from technical deficiencies or considerations relating to the ownership and operating location of the vendor. As hon. Members may recall, the Government informed the House in July that they were not in a position to announce a decision on this aspect of the review. We have now completed our consideration of all the information and analysis from the NCSC, industry and our international partners, and today I am able to announce the final conclusions of the telecoms supply chain review in relation to high-risk vendors.
In order to assess a vendor as high-risk, the review recommends that a set of objective factors are taken into account. These include the strategic position or scale of the vendor in the UK network; the strategic position or scale of the vendor in other telecoms networks, particularly if the vendor is new to the UK market; the quality and transparency of the vendor’s engineering practices and cyber-security controls; the vendor’s resilience both in technical terms but also in relation to the continuity of supply to UK operators; the domestic security laws in the jurisdiction where the vendor is based, and the risk of external direction that conflicts with UK law; the relationship between the vendor and the vendor’s domestic state apparatus; and, finally, the availability of offensive cyber-capability by that domestic state apparatus or associated actors that might be used to target UK interests.
To ensure the security of 5G and full-fibre networks it is both necessary and proportionate to place tight restrictions on the presence of any companies identified as high-risk. The debate is not just about the core and the edge of networks, nor is it just about trusted and untrusted vendors. The threats to our networks are many and varied, whether from cyber-criminals or state-sponsored, malicious cyber-activity. The most serious recent attack on UK telecoms has come from Russia, and there is no Russian equipment in our networks. The reality is that these are highly complicated networks, relying on global supply chains where some limited measure of vulnerability is almost inevitable. The critical security question is how to mitigate such vulnerabilities and stop them damaging the British people and our economy.
For 5G and full-fibre networks, the review concluded that, based on the current position of the UK market, high-risk vendors should be excluded from all safety- related and safety-critical networks in critical national infrastructure; excluded from security-critical network functions; limited to a minority presence in other network functions up to a cap of 35%; and subjected to tight restrictions, including exclusions from sensitive geographic locations. These new controls are also contingent on an NCSC-approved risk mitigation strategy for any operator who uses such a vendor.
We will legislate at the earliest opportunity to limit and control the presence of high-risk vendors in the UK network, and to allow us to respond as technology changes. Over time, our intention is for the market share of high-risk vendors to reduce as market diversification takes place, and I want to be clear that nothing in the review affects this country’s ability to share highly sensitive intelligence data over highly secure networks, both within the UK and with our partners, including the Five Eyes. GCHQ has categorically confirmed that how we construct our 5G and full-fibre public telecoms networks has nothing to do with how we share classified data, and the UK’s technical security experts have agreed that the new controls on high-risk vendors are completely consistent with the UK’s security needs.
In response to the review’s conclusions on high-risk vendors, the Government have asked the NCSC to produce guidance for industry. This guidance was published earlier today on its website. The NCSC has helped operators manage the use of vendors that pose a greater national security risk, such as Huawei and ZTE, for many years. This new guidance will include how it determines whether a vendor is high-risk, the precise restrictions it advises should be applied to high-risk vendors in the UK’s 5G and full-fibre networks, and what mitigation measures operators should take if using high-risk vendors.
As with other advice from the NCSC on cyber-security matters, this advice will be in the form of guidance. The Government expect UK telecoms operators to give due consideration to this advice, as they do with all their interactions with the NCSC. I hope the whole House will agree that if we are to achieve our digital connectivity ambitions, it is imperative that we can trust the safety and security of our telecoms networks. Risk cannot be eliminated in telecoms, but it is the job of Government, Ofcom and industry to work together to ensure that we reduce our vulnerabilities and mitigate the risks.
The Government’s position on high-risk vendors marks a major change in the UK’s approach, and when taken together with the tough new security standards that will apply to operators, this approach will substantially improve the security and resilience of the UK’s telecoms networks, which are a critical part of our national infrastructure. It reflects the maturity of the UK’s market and our world-leading cyber-security expertise, and follows a rigorous and evidenced-based review. It is the right decision for the UK’s specific circumstances.
The future of our digital economy depends on having trust in its safety and security, and if we are to encourage the take-up of new technologies that will transform our lives for the better, we need to have the right measures in place. That is what this new framework will deliver, and I commend this statement to the House.
I am grateful to the Foreign Secretary for his statement and for giving me advance sight of it.
I am pleased that the Government have finally set out the conclusions of the telecoms supply chain review in relation to high-risk offenders after far too long a period of dither and delay. As the Intelligence and Security Committee made clear in July of last year, this debate has been unnecessarily protracted and damaging. A decision was required urgently so that everyone concerned can move forward. Our telecoms sector, businesses and households need clarity and certainty to move forward; leaks, rumour and confusion on this simply cannot continue.
The safety and security of our critical national infra- structure is crucial. Robert Hannigan, the former head of GCHQ, has said that decisions about providers should be made on
“technical expertise and rational assessment of risk”,
and I agree. It is for the Government to consider the best expert security advice they are given, and act upon it. Ministers should have robustly investigated the risk posed to our critical national infrastructure. I appreciate the confidentiality of National Security Council meetings, but I hope the Foreign Secretary can provide a firm assurance that that is the case.
Guarantees about the safety and security of the network going forward are now absolutely crucial if Huawei is to be involved in building the 5G network. It is for Ministers to make decisions in our national interest now and going forward, and never to be held hostage by shifting transatlantic geopolitics. A rush by the Government to throw themselves into the arms of President Trump to secure a trade deal must not govern everything they do. There is a wider point here. As we assess potential risks to our critical national infrastructure, whether from Huawei or anywhere else, we should ensure that the UK network is constructed in such a way that it is in the best possible condition to withstand attacks, wherever they come from. Resilience in the network is essential, irrespective of this decision or decisions about any other 5G provider. I hope the Foreign Secretary will provide reassurance on that.
Huawei is already embedded in the 4G network, but there is a wider question. After a decade of successive Conservative Governments, we do not have our own capacity to secure our critical national infrastructure and security, rather than relying on other countries. As I think the Foreign Secretary conceded, the UK has been left to choose between just three 5G vendors. What will the Government do to support local manufacturing and our own tech sector in growing businesses that can secure our critical national infrastructure? I have heard his words today about market diversification, but they are not enough. The Government need to act.
5G will have an extraordinary impact on our day-to-day lives. It is transformational, with faster data speeds, higher capacity and faster responsiveness. The majority of our constituents now have access to a large number of smart devices. Every year that number is growing, and the 5G network will have the advantage of being able to cope with that growing capacity. 5G will shape the economy of the future. Innovative technologies of the future rely on its development, and it must progress speedily.
The Government’s original announcement that the UK would be a global leader in 5G was back in 2017. The Government also set a target of the majority of the population being covered by a 5G signal by 2027. In his statement, the Foreign Secretary committed to securing national coverage of gigabit-capable broadband by 2025. Those targets have to be met. The UK is already way too far behind in its digital infrastructure, and we need to act fast. In September 2019, about 10% of premises in the UK—3 million premises— had access to full fibre. In France, 38% of households have access. In Spain, it is 77%. In Portugal, it is 70%. It is simply not good enough. It is letting all our constituents and businesses down, and the Government have to do more.
Moving forward, I would be grateful if the Foreign Secretary responded to the following points. Given the concerns expressed by our Five Eyes partners, if Huawei is to be deemed a high-risk vendor, will the Foreign Secretary again be as transparent as he can be and make clear how the decision will not bring about risk to communication channels that are used for intelligence sharing? Will he explain how the controls on how high-risk vendors are deployed will work? How durable is the barrier between core and periphery in the 5G network, and how will that be overseen? He mentioned the Huawei cyber-security evaluation centre oversight board, and more detail on how that will work would be appreciated.
The Intelligence and Security Committee’s statement on 5G suppliers of July last year set out that the Government must assume all worst-case security scenarios and protect the network accordingly. Will the Foreign Secretary confirm that such contingency planning is taking place? Finally, will he also confirm when the world-leading regulations he talked about will be brought before the House?
The public deserve a durable, secure and reliable 5G network for the future to ensure that our economy moves forward. The Government’s decision today is a small step in a very long process. They can be assured that we will hold them to account on the delivery of a secure, world-class service for all our constituents.
Just before the Foreign Secretary answers, and so that Members know where we are, let me just say that I will be running the statement up to 4 o’clock.
I thank the hon. Gentleman for the considered questions he raises. He is right to do so. We have looked at this issue very carefully. He expressed concern about delay, but I think it was absolutely right that, on such a sensitive decision with such a range of complex considerations, from commercial and infrastructure to security, we took the time to get this right. He called for an objective and rigorous analysis; that is precisely what has gone into this decision through the telecoms supply chain review, the analysis of the National Cyber Security Centre, and the other work that has been done, including by the Huawei cyber security evaluation centre oversight board. As a result, we have a greater level of insight into the challenges and the opportunities relating to 5G—in particular the challenges in relation to high-risk vendors—than any jurisdiction in the world.
The hon. Gentleman asked about intelligence considerations. GCHQ has confirmed categorically that how we construct our 5G and full-fibre public telecoms networks has nothing to do with how we will share classified data. Intelligence sharing will not be put at risk—and will never be put at risk by this Government. It is worth saying that high-risk vendors never have been, and never will be, in our most sensitive networks. He will have heard the public remarks by Andrew Parker, the head of MI5, who said that he has no reason to think the UK’s intelligence-sharing relationship with the US will be impacted, and that the Five Eyes intelligence relationship was the strongest they have ever seen.
The hon. Gentleman asked a range of other questions. The reality is that the decision we are taking today allows us to build on what will be one of the toughest regimes in the world, protecting, and providing the right balance on the protection of, our 5G infrastructure. As I set out in the statement, the Government recognise the imperative to diversify supply. That will involve UK operators making sure that more challengers can come into the market place. It could well involve—this is something we will want to look at—international co-operation with like-minded, close partners, so that we avoid ever having that shortfall of competition and diversity of supply in this country.
The hon. Gentleman referred to the ambitious delivery of the 5G network and full-fibre broadband. That is precisely why we had to undertake rigorous analysis and take the time to get the decision right, and why it is so important to take the right decision, which is what the Government are doing today.
Finally, the hon. Gentleman asked about enforcement. The initial approach will be through guidance, as I explained in my statement. We are committed to bringing forward legislation as soon as possible, but we will make sure we have the robust enforcement to go with the rigorous regime that I set out.
I commend the Government for taking a decision that protects our national security but also recognises the interests of our economy. That is right for the UK, because it recognises the construction of our networks and our capabilities, and gives us the toughest regime in the world. My right hon. Friend has already referenced the fact that we never have had, and never will have, high-risk vendors in our most sensitive networks, and the fact that this decision has no effect on our ability to share intelligence with our allies. My right hon. Friend also referenced the current market failure. He set out the steps the UK Government will take to rectify that. Does he agree that it is essential that our Five Eyes partners—all our Five Eyes allies—be willing to work with us and other like-minded countries to ensure the market diversification that is in all our interests in the long term?
I thank my right hon. Friend, and I pay tribute to the assiduous and rigorous work done under her leadership and by her Government, which has made possible the decision that we make today. I can confirm that, in her words, there will be no impact on intelligence. We seek to continue to work with the Five Eyes on intelligence; indeed, we want to strengthen that relationship as we depart from the EU. Co-operation should also expand in relation to dealing with the shortfall in, and the need to improve diversity of, supply in the telecoms network.
The Conservative party likes to brand itself as the party of security, but many will think that this decision is born out of weakness. It has come about as a result of short-termism and decades of under-investment. The Prime Minister has gone for the cheapest, least secure option, but it does not take a genius to work out why Huawei is so competitive in cost. It is the Chinese Communist party branded as a company, and the Conservative Government have chosen low cost over security. 5G has been described as the central nervous system of a modern society, and every citizen wants to know whether the state itself can be undermined by the decision that the Government have made. But let us be in no doubt: 5G infrastructure from China is not safe. Under Chinese law, every Chinese company is mandated to give whatever help it is asked to give to the Chinese intelligence services, and in secret. That alone should have been enough for the Prime Minister to decide against allowing the company access.
The Secretary of State has said that the company will be limited to 35% market share in the periphery of the 5G network and will be banned from core functions, but anyone who understands 5G will know that that is not how it works. Installing masts, for instance, may seem innocuous, but each antenna has software, which is remotely updatable, and the so-called peripheral access network can communicate. It can contain malware, which these days is tiny and hard to detect. There is a very good reason why countries such as Australia and New Zealand have chosen not to let the company into their markets. I suspect history will judge that their Governments showed more wisdom at a critical time.
The Government have made a choice: low cost over security. It is the wrong choice, and surely the Foreign Secretary must realise that future generations may come to judge his decision harshly.
The hon. Gentleman questioned the rigour of the decision, but as I set out in my statement, it follows—in fairness to Nick Thomas-Symonds, he acknowledged this—what has been a very thorough and extended assessment, including the telecoms supply chain review and the analysis on the security side by the National Cyber Security Centre. I am afraid that John Nicolson is at odds with all of that analysis, including that provided by the intelligence agencies to the Government. He mentioned some countries that have taken a different decision, but as far as I am aware, New Zealand has not taken the decision that he describes. I am afraid that he is wrong on that count. If he is calling for an outright ban he should say so, and he should also address square on the fact that the analysis that we have received shows that that would not be an effective, targeted or forensic way to address the security concerns rightly identified by the review that we conducted. It would not remove Chinese production from the UK telecoms supply. It would reduce competition, which he suggested is part of the problem, and that would make things worse. It would significantly increase the costs for industry and would delay the roll-out of 5G. On all counts, I say respectfully that he has got his analysis wrong.
Do the Government accept something that I had difficulty getting their predecessor to accept—that Huawei should not be regarded as a private company because it is intimately linked with the Chinese communist state and its deeply hostile intelligence agencies? If they do accept that, as they should, are they confident that the safeguards that will be put in place will be sufficient to guard us against a deeply hostile intelligence agency, such as he implied in his statement we needed to do in relation to Russia ?
As I set out in my statement, we have been very clear that the relationship between any private business and a Government or state operator has been at the centre of the analysis that we and that the National Cyber Security Centre have conducted. Based on the distinction between the centre or core and the periphery or edge, the different restrictions that can be made on access, and the 35% cap on accessing the periphery, I am confident that we can provide my right hon. Friend with precisely the reassurance that he asks for.
I welcome the statement and, as a member of the Intelligence and Security Committee in the last Parliament, I can say that I have seen nothing that means that this decision will compromise our Five Eyes relationship, or that the potential risk of including Huawei in the 5G network cannot be mitigated. The Foreign Secretary refers to market failure; this is not market failure. The Chinese Government, through Huawei, have adopted a deliberate policy of dominating the market by billions of pounds of investment in R&D and the acquisition of related activities. Can the Foreign Secretary outline how much the Government are proposing to put into R&D in this sector, and will there be a ban on Chinese companies acquiring UK companies that are developing technologies in the sector?
I thank the right hon. Gentleman for his positive remarks. We are making sure that we produce legislation as soon as possible that can deal with the various enforcement mechanisms and requirements he mentions. He referred to Huawei and the Chinese investment; the critical question for us is what we do, so we are taking the measures now in relation to guidance, and as soon as is practical in relation to legislation. There is a medium-term piece of work that we need to do to look at the health of the telecoms market and make sure that, both in terms of the domestic measures we take—legislative, investment and otherwise—and the international partnerships that we nurture, we do not end up in that situation again with any other critical piece of telecoms, let alone wider national, infrastructure.
I will answer the Foreign Secretary’s question to the Scottish National party spokesman: yes, I do think Huawei should be banned from our networks. It was founded by a member of the People’s Liberation Army. Even if it were not an arm of the Chinese Government, the 2017 law requires that it take instruction from the Chinese intelligence agency. In the future, the size and complexity of the problem we are trying to protect against will be enormous. Huawei alone—forget the rest of China—has tens of thousands of researchers working on this, and I am afraid that the only way to protect our safety is to ban it.
I welcome my right hon. Friend’s scrutiny, as ever. I am afraid I disagree with him because I and the Government do not believe—and, critically, the range of analysis that we have had leading into the decision does not back up—the suggestion that an outright ban would be a targeted way of dealing with the legitimate security concerns that we share right across the House and want to address; nor has he, or anyone else who has called for an outright ban, addressed the wider cost, delays and the impact that it would have both on the telecoms sector and, in particular, the roll-out of 5G.
This statement is a mess, but it is perhaps an inevitable mess, given the Government’s lack of investment in our infrastructure and strategic engineering capability, and their short-term, hands-off, cost-only approach to our digital future. Every generation of telecoms technology is the platform for the next, so will he guarantee specifically that every Huawei box will meet interoperability standards so that it can be swapped out for another vendor when one comes along? And what specifically—not in generalisations—is he doing to enable a British-based manufacturer of telecoms equipment so that we are not in this position again?
On the enforcement side, the first thing that the Government will do is come up with the guidance and requirements for the industry, which I am sure that it will want to comply with. That will be followed very swiftly by legislation to make sure that we have legally binding, thorough, consistent and rigorous enforcement of all the different requirements. The hon. Lady is right to talk more broadly about not just defending against high-risk vendors but building up a wider, more diverse supply of UK-based operators. That obviously requires fiscal measures, international co-operation with our partners and a range of other regulatory considerations. All those are going to be looked at by the Government.
I understand the restriction of high-risk vendors to non-core, but does my right hon. Friend agree that excluding high-risk vendors from any provision is one way that we can discourage companies and states that do not operate under international norms and business standards? That is why this decision is regrettable. Does he agree that this country must never find itself in this position again?
I pay tribute to my right hon. Friend. I agree with the second part of her question, and I have laid out at length the legal, regulatory and fiscal measures that the Government will consider taking to prevent this from happening. I and the Government do not believe that an outright ban would address in a targeted way people’s legitimate security concerns about high-risk vendors. It would be a very blunt tool to address a very specific problem.
The Government make a distinction between the core and the periphery, but many people have made the point that as the network continues to integrate, that distinction will disappear. What reassurances can the Secretary of State provide on that? The periphery, where Huawei will be committed to operate, includes radio masts that are used for emergency services, search and rescue and distress signals, and by 100 community RAYNET—Radio Amateurs’ Emergency Network—organisations. What assurances can he provide on that?
I thank the hon. Lady for those good, focused questions. The core of the network is the nerve centre for our national telecommunications network. It is for the most sensitive functions, relating to things like protecting sensitive data, and that is how we can identify very clearly the specific requirements needed to protect them. The access network—the periphery or the edge, as it is called—is the infrastructure connecting customer devices and equipment to mobile phone masts, transport and transmission networks. There is a clear distinction. She is right to say that technology is fluid and this may change over time, but we are very clear on the functions that we have identified and the way that we are going to protect them.
I say to my right hon. Friend that I am deeply disappointed by this decision. I have spoken at length to security officials, who will always say that defending in cyber-security is a game of catch-up—always catching up with the next algorithm change, and we can never guarantee that we spot it sometimes until too late. The reality of the 5G network is that it is fundamentally different. There will be less and less centralised function with more and more going to the periphery, which is exactly where Huawei will be. Given that he did not mention China as a threat to us in cyber-security—he mentioned only Russia—does he now believe that China is a threat to us in cyber-security; as he takes on those threats to us, does he think that he will now drive Huawei out of our future systems progressively, as quickly as he can?
The Government and the various statements that have been made in relation to the security risks have consistently called out China for cyber-attacks and other nefarious ways in which they risk—[Interruption.] I am doing it now, so hopefully my right hon. Friend will be reassured. We are squarely focused on that, but in relation to 5G it is important to assess very specifically, in a targeted way, the nature of the risk and make sure that we have the right tools to deal with that risk. As I said in an earlier answer, the risk of an outright ban is that it is a very blunt tool to deal with a very specific problem, but he is right to say that we have to be very mindful as technology develops in the future.
In the discussions with the United States over the Huawei decision, did the US Administration make any linkage between our decision and any potential trade deal between the UK and the US?
I have never had any conversation where that linkage has been made, and nor am I aware of any.
I welcome this statement, which balances the advantages of world-class telecoms technology with the need to manage complex challenges from high-risk vendors, and I think the Government’s acceptance of the restrictions and regulations proposed by the National Cyber Security Centre should give us all confidence. Does my right hon. Friend agree that, contrary to some media reporting, rather than this decision setting us on a collision course with the US, in fact the UK will be working very closely with US and other Five Eyes partners to develop alternative technologies over the next few years?
My hon. Friend is right about the challenge we face, but there is also an opportunity, specifically for, but not limited to, the Five Eyes partners, to look at this and see what challenges we face in the future—not just now—and to work collaboratively with business and within government to make sure we never find ourselves in this position again.
It was probably inevitable that this decision would be made, given the Government’s desire—rightly—to roll out 5G and broadband across the UK. The Secretary of State has given assurances today that he will try to ensure that in the future we are not as dependent on foreign technology, but in his statement he said that one of the three areas open to him was to reduce barriers to entry. Does this decision not actually create greater barriers to entry, insofar as Huawei will have a stronger grip on the market and economies of scale and so will be able to keep competitors out of the market?
If the right hon. Member looks at the range of restrictions—from exclusion at the core through to the 35% cap at the periphery and the specific locations where Huawei will not be allowed access—he will see that we have both struck the right balance in terms of market diversity and protected and provided resilience for the telecoms infrastructure.
Notwithstanding the fact that all our iPhones are manufactured in China by a company associated with Huawei, I want to ask my right hon. Friend about the four 5G networks already under construction in the UK. What action is he taking regarding these existing networks? Will the data being transferred, and where it is being transferred to, be secure in the future? Finally, will the resilience of our 5G networks be maintained?
My hon. Friend makes a good point not just about new entrants to the market but about those with existing stakes in infrastructure. The guidance and legislation will apply to all of them. There will be transitional arrangements to make sure that those already in the marketplace can adjust, but that will have to be reasonably swift so that we also have the assurance we need around security.
I cannot work out whether it is naivety or arrogance that prevents the UK Government from seeing the high risk presented to our national security by Huawei. This is a company financed by the Chinese Communist party, and we are giving it an open door to our security. How can the Secretary of State provide any guarantee of our future security when software can be updated remotely and technology develops daily?
The hon. Member is right to point to the fluid nature of technology. We will make sure we have the right regulatory regime. It will be one of the toughest in the world and, through the technical requirements and guidance, will be able to adapt to any shifts in technology. Inherently technology is fluid, and we will have to keep this under constant review, but we have struck the right balance not just to deal with the security risk we face, which both sides of the House share an interest in addressing, but to make sure we have investment in infrastructure. That is the balance the Government have struck.
My right hon. Friend is well aware of the high level of anxiety around this decision both here and in the United States. As far as he is able, can he tell us whether in Washington the anxiety is primarily around Britain’s ability to mitigate the risk of Huawei involvement in 5G or about giving a green light to other countries that do not have the same capabilities as the UK?
I suspect that my right hon. Friend has had many conversations with our American partners and friends. We are starting in a different place from the US, which does not have Huawei in its existing networks and can use different suppliers, but I can reassure him of two things.
First, we considered all those aspects during the telecoms supply chain review, which constitutes the most detailed and broad analysis that has ever been done in the world. Secondly, on a number of occasions during the decision-making process we asked the United States whether it had an alternative to the use of Huawei that would work for the United Kingdom, and none of our conversations in Silicon valley or anywhere else identified a solution that would work for the UK.
The Secretary of State will be aware that many countries, such as the United States, Australia, India and, I think, Japan, have banned Huawei, but is he also aware that Vietnam is developing its own network? How is it that this country cannot do the same?
I do not think there is any reason why we cannot, but we must provide the necessary investment and the right market structure and level playing field. We must also engage in some of the international relations, networks and partnerships that can assure us of either a home-grown alternative for the future, or one that is worked out with our most highly trusted partners.
I welcome much of the telecoms review, and I thank my right hon. Friend for the manner in which he is speaking now, but I still think that Members in all parts of the House will have significant problems with high-risk vendors, partly because of years of under-communication about this issue on the part of Governments. Just for now, however, can my right hon. Friend confirm that Parliament will be able to debate an agreed definition of high-risk and non-high-risk vendors, that Parliament will be able to agree which high-risk vendors we want in the system and what the percentage should be—35% seems an awful lot—and that we will be able to work out how to encourage trusted vendors to compete with high-risk vendors in non-core-periphery elements, so that we can build non-trusted vendors out of the system, not into it?
We have a definition of “high-risk vendor”, but my hon. Friend is absolutely right is to suggest that there will be ample parliamentary opportunity to debate and define when we introduce the legislation, which will be done as soon as possible.
I have some sympathy for the Secretary of State, because this is a highly complex area, and I shall certainly want to go away and study his statement in some depth— as will many of our partners and many of the nations with which we trade regularly—but will he answer one question? Much of the emphasis in his remarks has been on national security, and I understand that, but has he talked to people in universities? Has he talked to entrepreneurs, inventors and designers, all of whom know that intellectual property is stolen by the Chinese every time they put it on the internet? They know that the Chinese cannot be trusted, but we would give the Chinese greater access to university research and the businesses that entrepreneurs are setting up. All those people believe that they will lose their intellectual property. Has the Secretary of State thought of that?
The telecoms supply chain review took extensive soundings and advice from all the sectors that the hon. Gentleman has mentioned. Let me also say that a robust approach to intellectual property enforcement is in no way inconsistent or in conflict with the crucial decision that we have had to take, and have rightly taken today.
My right hon. Friend will have heard the views of the whole House yesterday following an urgent question on this very subject, and it is very hard for me to welcome his statement, but I recognise the position at which he has arrived, given the position with which he began.
Perhaps I can just ask for a little clarity. My right hon. Friend talks about 35%. Is that 35% of the new 5G market, in which case it is an increase, or it 35% of the existing market, in which case it is a huge decrease from where Huawei is now? What we really want to see is a ban, a cap and a cut.
I thank the Chair of the Select Committee—[Interruption.] I am sorry; that may have been premature. I appreciate that there are one or two other candidates who spoke earlier, and I hope that they will forgive me.
The 35% is set out very clearly in the papers. I understand that, effectively, it would be roughly equivalent to the existing market share, but of course it could be changed over time. It is linked with the broader, medium-term challenge that we face, which is to diversify the supply of home-grown and other highly trusted companies —if I can put it that way—from other countries and other jurisdictions. That will ensure that we have a far more diverse supply for telecoms and technology which will contribute to vital national infrastructure in the future.
I congratulate the Government on a decision that I believe will greatly enhance the digital infrastructure of the UK without compromising the security of our communications networks. I believe that 5G networks will be greatly beneficial to businesses and individuals and that this will prevent this country from being dragged into a Donald Trump-inspired trade war with China.
I am not quite sure what the hon. Gentleman’s question was, but we are taking the right decision based on a whole range of technical, commercial and security considerations for this country. Of course we will need to go out and explain our position to all our different partners, but I think that, particularly as we are leaving the EU, it is right that the United Kingdom does the right thing for the people of this country, that we do it in the right way and that we have enough self-belief and the courage of our convictions to stand up and take those decisions. That is what this Government are doing today.
May I commend the serious and sober tone in which the Foreign Secretary has approached this issue? I also commend the enormous amount of work that must have been done by the intelligence agencies to re-examine what I understood was the preliminary position arrived at under the Government of my right hon. Friend Mrs May. It ought to give us comfort that this decision has been properly examined, but the only body in this House that can properly look at this on the basis of all the evidence is the Intelligence and Security Committee. If that Committee, when it is formed, seeks to examine this decision, may I request my right hon. Friend and the Government to allow it to look at it, within all the restrictions that apply? Finally, in relation to the markets of China, will my right hon. Friend make it clear to the Chinese that we expect reciprocity?
I am not quite sure which Select Committee my hon. Friend is going for now, but in any event, I can reassure the House that full scrutiny among all Select Committees will be duly provided. He makes some important points about the nature of our relationship with China and the importance of it engaging in good faith when it has access to our market, even though we are rightly taking the measures that I have described to protect any vulnerabilities. He makes an important point about the bilateral relationship with China.
Industry experts indicate that the distinction between the periphery and the core will gradually become redundant. If that is correct, how will the 35% rule that the Secretary of State has announced today work over time?
The hon. Gentleman is right. I mentioned the approach that the Government will take in relation to the regulatory approach, but the figure of 35%, which will be set down in law, will be able to be amended and revised, so the Government will always have the tools to allow us flexibility to address the risks to 5G and to our infrastructure more generally.
I call Imran Ahmad Khan.
I was going to ask a question that has now been asked by another hon. Member.
I call David Morris.
When we go to China, we are told by the Foreign Office that if we take a phone with us, it should be a burner phone that we can get rid of afterwards, because it will be hacked. We are also told to do that by the embassy in China. Can my right hon. Friend confirm that we are utilising Huawei’s technology but not its services, whether clandestine or otherwise?
I am not quite sure what clandestine services my hon. Friend is referring to, but I can reassure him that there is nothing further than the investment that would be accepted, as laid out in the statement I have made.
After 35 years of working in IT and writing and reading many tenders for telecommunications systems, I would never in my life consider a vendor that I judged to be high risk. Why are the Government doing this? Does the Secretary of State really think that the resilience and integrity of UK telecoms is safe? He has said in his statement that
“risk cannot be eliminated in telecoms”,
but we could at least try to mitigate it.
That is precisely what I set out in my statement.
The disadvantage that the House faces this afternoon is that the most important evidence in helping the Government to make these decisions comes from the intelligence agencies, yet almost all Members of the House will not see that evidence. As it happens, I have seen it—or at least a version of it—and I happen to think that the Government are making the right judgment on a difficult subject. Is it not right, however, that we should not allow ourselves, either in this place or in Government, to be distracted by one single supplier? We should not forget that there is American IP in Chinese components, and Chinese components in products sold by vendors who are not Chinese. The most important thing is to protect our supply network from vendors, whoever they may be, in order to enhance our security.
My right hon. and learned Friend makes an important point about interoperability that was lost on some of the earlier remarks, and he is right in his assessment. On transparency—I appreciate that these are difficult issues for the House to grapple with—we have put as much into the public domain as possible. The telecoms supply chain review’s final report was published in July 2019, and the National Cyber Security Centre’s analysis is available on its website.
The Foreign Secretary said that measures will be put in place to protect sensitive intelligence data, and in due course his judgment will be found to be correct or not. Given that he has described Huawei as high-risk, my constituents will rightly be asking what protections are in place for their sensitive data.
The crucial reassurance that I can give to the hon. Gentleman and his constituents is that their data will not be at risk at all because of the geared, leveraged and calibrated set of restrictions, including the exclusion of high-risk vendors from the core functions —the sensitive network operations—and the various other restrictions, including the 35% cap, on operations at the network level. If the hon. Gentleman looks at the package in the round, he will see that it is the right approach to protect not just the network’s resilience, but the integrity of individual data, while also ensuring that we are open for vital investment.
The Foreign Secretary referenced the oversight board’s work in his statement. He will know that the board said that there are “serious and systematic” cyber-security issues with Huawei’s network in the UK now with “no credible plan” of remedy. Does he agree with the oversight board? Has he seen evidence to suggest there is a plan to put that situation right, or does he believe that it can be managed?
My hon. Friend is right to reference the flaws and the criticisms that have been pointed out and made in relation to Huawei, but it is precisely because we have the Huawei cyber-security evaluation centre oversight board that we can get the right balance between acknowledging the risks, acting on them, and ensuring that we can proceed with investment decisions that are in the country’s national interest.
The Foreign Secretary talks about Huawei as though it is some kind of Chinese answer to John Lewis, but this is a Faustian pact with the Chinese Communist party, and he needs to be honest about that. On the regulatory aspect, it strikes me that the Government are getting things the wrong way around. They are going to introduce what he referred to as a robust regime for telecoms regulations, but surely that should come before giving a green light to allowing something as dangerous as Huawei into the 5G network. What if the new regime decides that what the Government have just greenlighted is too dangerous? Is there an opportunity to stop it?
With respect, I do not think that anyone has described John Lewis as a high-risk vendor. The reality is that the Government announced last July one of the world’s toughest regimes for telecoms security, so that work is already in train. It will require operators to raise their security standards to combat the range of threats—whether cyber-criminals or state-sponsored attacks—and we will ensure the legislation contains the full panoply not just of powers, but of enforcement mechanisms.
I cannot say I welcome this decision, but I understand it. However, what harsh and honest lessons will the UK Government take from finding themselves confronted with this dilemma? This Administration and, indeed, the previous Administration inherited the problem from a long way back. Does it not represent a massive strategic national failure and, indeed, a failure of western strategy that the Five Eyes have been left in this position? How will we learn those lessons? Will he set up a post-hoc review?
I entirely agree with my hon. Friend. I think I expressed in my statement that this was a failure of the market, but he is also right to say it is a failure of Government and, indeed, a failure of western Governments. We have set out a whole range of things that we will do—fiscal measures, regulatory measures, international collaboration—to ensure that we never find ourselves in this situation again.
I commend my right hon. Friend for his thoughtful and calibrated proposal. As someone with first-hand experience of building and operating broadband networks at scale, may I ask him to consider phasing the introduction of the share cap over a number of years to allow time for the industry to respond?
My hon. Friend has particular expertise in this area. We can consider the cap and the issue of phasing at the point of legislation, but it is important that we take these measures as swiftly as possible to show we have a decisive fork in the road that is able to meet the challenges of both investment and security.
The logic of what the Foreign Secretary says about the limited choices is that if he could make this decision on roll-out without Huawei, that is exactly what he would do. As he addresses the domestic telecoms market and the market failure—let us be honest, it is a domestic market failure—will it be possible for us to ease out this high-risk vendor, or will we be in too deep? Is it only for the future that he is addressing that failure?
My hon. Friend makes a very good point. No, it would not just be for the future. The reality is that with a 35% cap, which could be changed over time, and with the investment initiatives we need to take in order to diversify supply, we should start to grapple with the domestic challenge as soon as possible—I cannot give him a precise date—as well as considering what we do afterwards in regulatory terms. The reality is that the more trusted home-grown supply we have, the less we will need to rely on high-risk vendors.
In debate after debate in this Chamber on the economy, hon. Member after hon. Member rightly laments this country’s long-standing failure to raise its productivity. There are serious security concerns, which my right hon. Friend has addressed pragmatically, but does he agree it is hard to think of a single measure more likely to raise our productivity than the early and comprehensive adoption of 5G?
My hon. Friend is right. Those who advocate an outright ban need to come out and defend what that would mean, first, for security—because it would not be a targeted response to the security challenges we face—and, secondly, for investment due to the delayed roll-out of 5G.
The National Cyber Security Centre has today published a document online saying that the reasons behind the 35% limit on Huawei’s involvement in parts of the network are subtle. That is one adjective; another one might be “arbitrary.” Will my right hon. Friend explain the reason for 35%? Over what timescale does he want to drive down that number?
My right hon. Friend is right to say it is a balanced consideration, and the two key factors that have informed the 35% figure are the need for diversity of supply in the market and the need to ensure the security of the network. The quicker we can bring more trusted homegrown alternatives into play, the swifter we can review the 35% cap and reach the point at which we reduce our reliance on high-risk vendors. That is the equation we are addressing.
Can the Secretary of State confirm that any decision to ban Huawei outright would result in possible trade retaliation by China?
There would be that risk, but it is not the basis on which the decision has been made. We have looked at the evidence and consulted partners across the board, and we have come to the right decision for the United Kingdom both on the issue of investment in 5G and, critically, on the right focused approach to protect our infrastructure.
Bearing in mind that we are under constant cyber-attack by China, I am baffled by this decision. As I understand from all the commentators, it is very hard, or impossible, for 5G to distinguish between core and periphery. If the Government give access to the periphery, China will get to the core. That is what we are hearing. Surely this is a major threat to our security.
With respect, I disagree. The core, and certainly at present it is tangible enough to identify, is the nerve centre of the telecommunications network. It is the most sensitive set of functions, such as protecting sensitive data and making sure the network as a whole keeps running. The periphery—the edge, so to speak—includes things like transport and the transmission network, which are important but do not have the same level of critical sensitivity. That is the basis of our decision and our approach today.
Digital connectivity is vital for my constituency, and for other rural and semi-rural constituencies such as mine. The Foreign Secretary mentioned mitigations. What further reassurances can he give my constituents and our international allies that our digital infrastructure will remain secure and safe?
I thank my hon. Friend for that. I can give him and his constituents the reassurance that we have taken the right decision to make sure we can roll out 5G and have our ambitions for levelling up right across the country, at the same time as protecting our infrastructure from the high-level risks where they particularly are targeted and focused.
Given what I have heard today, I accept the sense of the Government’s position. However, on drafting a contract with Huawei, would it not make sense, as far as the British public are concerned, that if there were to be a breach of national security, Huawei should pay for the replacement, not the British public?
I agree with the spirit with which my hon. Friend spoke. Of course, if there were that kind of breach, it would almost certainly be a criminal offence, not just a contractual issue. What I can reassure him is that the legislation will set out all the recourse that would be had against the operators.
For me, there are two key issues: the technology and security challenges, on which my right hon. Friend will have received advice from the UK’s and even the world’s leading authorities; and the political fallout. What assessment have he and the Government made about the impact of this decision on the politics with some of our international partners?
I thank my right hon. Friend for that. We have taken a sensible, sober decision based on rigorous analysis, and we will rightly defend it as such with whoever is interested to know the basis for the decision. Equally, there is an important piece of work to do, as hon. Members have expressed, in relation to making sure that we and other Five Eyes partners do not find ourselves in this position again.
I welcome my right hon. Friend’s statement, but he must recognise that there are considerable fears about this decision. In order to allay those, will he run a Government information campaign to deal with the technical issues—the oversight by the cybersecurity centre, and the difference between the core and the periphery—and to detail the stringent worldwide regulatory powers he is going to put in place?
I thank my hon. Friend, and we will certainly look at both those points.
Having heard the considerable concerns both inside and outside this House today, will my right hon. Friend assure me and my constituents of one simple thing: the Government will always prioritise national security and heed the advice of the security services on our critical national infra- structure?
I assure my hon. Friend that that is precisely what the Government have done in this decision.