Telecommunications (Security) Bill – in a Public Bill Committee at 3:00 pm on 26 January 2021.
‘(1) The Communications Act 2003 is amended as follows.
(2) After section 105Z29 insert—
“105Z30 Network diversification
(1) The Secretary of State must lay before Parliament an annual report on the impact of progress of the diversification of the telecommunications supply chain on the security of public electronic communications networks and services.
(2) The report required by subsection (1) must include an assessment of the effect on the security of those networks and services of—
(a) progress in network diversification set against the most recent telecommunications diversification strategy presented to Parliament by the Secretary of State;
(b) likely changes in ownership or trading position of existing market players;
(c) new areas of market consolidation and diversification risk including the cloud computing sector;
(d) measures taken to implement the most recent telecommunications diversification strategy presented to Parliament by the Secretary of State;
(e) the public funding which is available for telecommunications diversification.
(3) A Minister of the Crown must, not later than two months after a report has been laid before Parliament under this section, make a motion in the House of Commons in relation to the report.’ —
This new clause requires the Secretary of State to report on the impact of the Government’s diversification strategy as it relates to the security of telecommunications networks and services, and to allow for a debate in the House of Commons on the report.
It is with some sadness that I come to the last new clause we have to present—[Interruption.]. I see that causes some hilarity in the Committee; I am sure that is just nervous laughter and everyone shares my dismay that the focus on telecommunications that the Committee has ably exhibited for the last few sittings will soon come to an end. Our consideration in some detail of the importance and implications of our telecoms network’s security must conclude, but I am pleased that we end on this new clause, which sums up one of the key themes we have focused on throughout our discussions: the importance of the diversification strategy.
Many amendments tabled by the Opposition reflect our concern that the Bill claims to seek the security of our telecommunications networks and yet does not mention once the diversification strategy. We are moving the new clause to put that right. We support the Bill and the Government’s aims in the Bill. We believe it is right to remove high-risk vendors from the UK’s networks and to take the measures in the Bill that will ensure that the Government will be able to designate vendors and require telecoms operators to comply with security requirements. However, those steps must go hand in hand with credible measures to diversify the supply chain, and that must be subject to parliamentary scrutiny.
As I said, the Bill as drafted fails to mention the Government’s diversification strategy and chooses to ignore the impact that the new powers afforded to the Secretary of State and Ofcom will have on supply chain diversity. The Minister recognises that they will reduce diversity, yet there is no reference to the steps that will be taken to diversify the supply chain. The new clause would require the Secretary of State to report on the Government’s diversification strategy’s impact as it relates to the security of telecommunications networks and services.
The Opposition have argued throughout our deliberations that the sweeping powers afforded to the Secretary of State and Ofcom by the Bill must be put under proportionate scrutiny, and the new clause would do that. It would bring about a debate in the House on the findings of the Secretary of State’s diversification strategy report and require a ministerial response no more than two months after the report’s publication. The new clause would therefore provide accountability for the diversification strategy’s progress and lead to real action, not just talk.
It has been said that
“it is essential that we create a more diverse and competitive supply base for telecoms networks”
because reliance on two providers creates “an intolerable resilience risk”. Those are not my words, but the words of the Secretary of State. Members from across the House agree that we cannot have a robust and secure network with only two service providers. That is something we were repeatedly told in the evidence sessions. The chief technology officer of BT Group, the director of emerging technology at Ofcom and the former head of cyber-security at GCHQ think so, and even the Secretary of State thinks so, yet the lack of link between the diversification strategy implementation and the security of our networks is ongoing cause for concern. Now we have the chance to take action, and I am glad to offer the Minister the opportunity to put this right.
This is not new information. The dependence of our telecoms networks on diversifying the supply chain was set out in the 2019 telecoms supply chain report. A leak from that report caused a Cabinet resignation, so important was it considered to be. Unfortunately, in the intervening year and a half, the Government have failed to act, refusing to take the necessary steps to ensure the diversification of our national supply chain, leaving us at real risk of being short-changed on national security. I emphasise, once again, that we place national security at the heart of everything that we do in this Committee.
The UK defence industry seeks to encourage, support and create markets for UK small and medium-sized enterprises, supporting the very best in innovation and helping innovative small and medium-sized enterprises to grow. We would like to see the UK’s telecommunications industry do likewise, to ensure a sovereign security capability. We want the Bill and the diversification strategy to create significant opportunities for UK businesses, linking them to global supply chains.
I welcome the Government’s diversification strategy. After all, I have been calling for a strategy to grow and diversify our telcoms sector for a long time—even before I came to this House. Although the Government have been talking about such a strategy for some time—there was an awful lot of talk about a diversification strategy and bigging it up before it was published—as is often the case with this Government, the strategy that was published was a bit of a disappointment. It lacked the clear commitment and funding that one would expect to find in any effective strategy.
The £250 million committed by the Government over five years came with little detail on how it would be spent. I have now had assurance that the funding is focused on integration and testing facilities, which are necessary, but there is no emphasis on supporting research and development, and particularly supporting our start-ups in the telecommunications sector. In the evidence sessions, Mike Fake of Lumenisity highlighted that the first year of the £250 million diversification funding was equivalent to only 10% of BT’s annual research and development budget. This is not the bold action of a Government committed to network diversification and our telecommunications security.
The diversification strategy declares itself
“a clear and ambitious plan to grow our telecoms supply chain while ensuring it is resilient to future trends and threats.”
That is a bold ambition. It says it will do that by focusing on three main areas:
“Supporting incumbent suppliers to ensure their resilience and ability to supply the market in the near term, while supporting their transition into the emerging market structure; attracting new suppliers into the UK market to build resilience and competition, prioritising deployments that are in line with our longer term vision; accelerating open-interface solutions and deployment so that we are not reliant on any single vendor and begin to realise our long term vision for a more open and innovative market.”
These are all highly laudable. They are not easy. I recognise the challenge that the Government face. As we discussed in the evidence sessions, this comes after decades of neglect of sovereign capability, not only in the UK but by other countries, which is why we find ourselves with only two vendors, both from Scandinavian countries, and no UK, US or other European capability.
We have heard just how difficult this challenge will be. Will the Minister tell me how we can possibly achieve that bold ambition if we fail to monitor the impact of the strategy? We need an annual report on the progress made by the diversification strategy, so that we can apply appropriate parliamentary scrutiny. After all, the strategy commits the Government to regular reports on progress, which is what the new clause asks for, while adding a focus on the diversification strategy’s impact on our national security. That is what it is all about. The Secretary of State tells us that the Government are implementing one of the toughest telecommunications security regimes in the world, but why is there to be no scrutiny applied to this key part of the regime?
When I asked the Minister in parliamentary questions why the diversification taskforce was not diverse in terms of geography—it includes no one from north of Watford—or discipline, having on it no equipment supply chain expertise, I was told that geography did not matter, and that the taskforce was focusing on cyber-security skills. To be fair, the Minister did say that Ian Livingston, the chair, was Scottish, but I think he will acknowledge that he has not lived in Scotland for some time. Geography does matter. We need to build up concentrations of skills and expertise—clusters. Cyber-security is very important, but focusing on it suggests that we are not serious about developing sovereign capability in other very important areas.
We are agreed that diversification is essential, and I hope that we are agreed that that should include UK capability. We also agree that it is challenging. How do we do it? In an evidence session, Professor Webb said:
“If I wanted to diversify, I would instruct the telecoms operators to diversify. I would not try and pull the levers one step removed. I would say to the telecoms operators, either with a carrot or a stick, ‘You must diversify. If you have x number of vendors in your network, I will give you £x million as a carrot.’ The stick might be some kind of licence condition that said, ‘In order to meet your licence, you have to have at least x number of vendors in your network.’”––[Official Report, Telecommunications (Security) Public Bill Committee,
We also heard from Chris Jackson, who said:
“Incentives definitely play a part in this; to comment on Japan for a moment, I know the Japanese Government have incentivised companies to embrace open RAN, and that might well explain why companies such as Rakuten and NTT DOCOMO have been very successful in launching the technology. That proves it can be done and shows that where there is a willingness, there is a way, but if we can drive all those different parties coming together, that is how we will get traction.”––[Official Report, Telecommunications (Security) Public Bill Committee,
The Government have chosen not to do that. They have chosen to focus on big sticks for security, as set out in the Bill, such as designations, enforcements and fines of up to 10% of turnover, but they have left diversification very much to the market, providing it with a sweetener of £250 million over five years. Surely we have a right—indeed a duty—to monitor how and whether that is successful.
We heard in the evidence sessions that we have significant national promise in terms of capability. Dr Andy Sellars, the strategic development director for the Compound Semiconductor Applications Catapult, said:
“In the UK we have something like 5,000 companies that design and manufacture electronic systems. Something like 600 of them are involved in telecoms. I am not suggesting that all of those 600 become equal players. That would be a crazy scenario. But there are certainly some parts of the telecom network where the UK is pre-eminent. There are some backhaul and fibre technologies that we are very good at. As we deploy 5G into rural communities, that is likely to require low Earth orbit satellites; we are very good at satellite communications.”––[Official Report, Telecommunications (Security) Public Bill Committee, Tuesday
I will give the Minister a specific example of both the opportunity and the challenge, which I hope he will respond to equally specifically. I am very pleased to say that the example comes from my constituency of Newcastle upon Tyne Central: INEX, which is leading the UK’s drive for a sovereign radio frequency and communications gallium nitride semiconductor—an important semiconductor capability for telecommunications.
INEX is currently working with many of the organisations in the north-east communications cluster, including aXenic, Evince, VIPER RF, II-VI, Newcastle University and Durham University. Further afield, it works with companies and organisations in south Wales, Glasgow, Cambridge and Edinburgh, deploying compound semiconductors for RF and microwave applications, and working on the microfabrication of devices for quantum, medical and centres markets. Most recently, that has been expanded to include graphene-based devices.
Despite covid-19, in 2020 INEX grew by 50%, having recruited six highly qualified and experienced people. To address and grow the telecommunications market, those businesses in the north-east will have to extend their reach to partners in tier 1 telecommunications companies and their labs, and demonstrate that they have the skills and resources to scale the delivery of telecommunications hardware. The biggest challenge will be accessing the capital investment to buy the process and manufacturing equipment to deliver at-scale commercial products. That is a fundamental barrier to entry for many small and medium-sized enterprises in the sector. I ask the Minister what specifically he is doing to redress that. He will say that the diversification strategy suggests that there will be funding for testing and integration, but we are specifically looking at the challenge regarding capital investment.
If that group of companies is to be an intrinsic part of telecommunications deployment, we must ensure that it can reach into and benefit from the competitive pull of tier 1 labs and access the global telecommunications industry. I strongly believe that although direct procurement of critical subsystems, cyber-certification and sponsoring the UK’s attendance on standards bodies is beneficial —I will talk a bit about that—for truly secure telecommunications, the UK’s sovereign businesses, both hardware and software, need to be embedded in the global supply chain from which telecoms infrastructure is built.
The Bill needs to ensure that the UK is an embedded development partner, rather than simply a taker of technology. I am afraid that right now the Bill simply tries to ensure that we are a taker of technology. During the evidence sessions, we heard repeatedly of the importance of standards from numerous sources. Emily Taylor, the chief executive officer of Oxford Information Labs, heralded the exciting opportunities presented by inter-operable standards, and the impact that they could have on prevention of vendor blocking. The diversification strategy recognises that too, stating that standards
“play a critical role in determining the barriers to entry for new suppliers and establishing principles such as open interfaces and interoperability”,
but the Bill gives no requirement for reporting on the progress of standards, and no indication of how our involvement in standards, which is necessary for diversification, will be achieved.
Emily Taylor also said:
“The ITU is headed by a Chinese national, and of 11 working groups within the ITU’s Telecommunication Standardisation Sector …China has a chair or vice-chair in 10, and a total of 25 positions at chair or vice-chair”.––[Official Report, Telecommunications (Strategy) Public Bill Committee, Tuesday
Clearly there is a huge challenge in increasing UK participation in the standards necessary for telecommunications security, but how are we to see the progress that I am sure the Minister envisages if we do not have a report on the progress of the diversification strategy and its implications for security?
On standards, Professor William Webb told us:
“The UK Government themselves could not really have an influence, and nor could a university or any other organisation like that, not unless they spent inordinate amounts of money and hired a lot of people to write a lot of papers. There needs to be a concerted global or western European effort, or some kind of larger scale activity that can help the larger companies with the resources and expertise and the standards bodies to step up their efforts”––[Official Report, Telecommunications (Security) Public Bill Committee,
yet we see no reflection of that in the Bill.
The impact that standards can have on vendor supply chain diversity is reflected in the diversification taskforce and the diversification strategy, which put a lot of emphasis on open RAN. We had much discussion in the evidence sessions about the maturity or otherwise of open RAN. The Government seem to have placed open RAN technology at the centre of their strategy to diversify 5G hardware, and aim to see live 5G open RAN in the UK this year. We support utilising open RAN, but evidence suggests that the technology may not be mature for another five to eight years, and Doug Brake stated that open RAN may not even be ready to be incorporated into 5G.
I acknowledge that through open RAN, the Government are thinking about how we will build the next generation of UK networks, but the UK currently has only two vendors. Our telecoms security is desperately in need of diversification and the development of a sovereign capability as soon as possible. We need an appropriate way of measuring that success.
We have also discussed the implications of changes in the architecture of telecommunications networks, and of moving control and services to the cloud. We have discussed the importance of forward-looking assessment, but I feel that a report to Parliament would ensure that those matters were kept very much at the forefront of the minds of Ofcom and the Department. It is worth mentioning that, on diversification and strategy, Dr Bennett suggested that a commissioner could help by
“keeping an eye on what is going on here, and in order to be able to help policy makers and the Secretary of State to make the right changes.”––[Official Report, Telecommunications (Security) Public Bill Committee,
I will make a couple more points before I bring my remarks to a close. First, we heard concerns from a number of operators that they might be left in a contractual limbo, with designated vendor notices rendering them unable to buy from a supplier but contractually obligated to. If the Government will not address that now, they should at least allow us visibility, through a report, of the impact. Secondly, as discussed, neither the Bill nor the diversification strategy include incentives to diversify, but the Government could put in place incentives to innovate, which might have the same effect—requiring improving rates of spectral efficiency, and network SIP funds, such as the rural one, for example. Is the Minister considering that?
Finally, I think we can all agree that this should involve working with our allies. We heard in evidence that the new Administration in the United States, for example—we all congratulate the new President, Joe Biden —would be inclined to do that. Doug Brake said:
“What we have seen over the last several years in the United States is a variety of different agencies doing what they can to mitigate the risks. It is less a co-ordinated whole of Government approach in the US and more a disjointed and fragmented policy response across different agencies, so I am hopeful that under a Biden Administration we will see a much more co-ordinated effort and one that is more co-operative with allies.”––[Official Report, Telecommunications (Security) Public Bill Committee,
We also heard from Emily Taylor about the idea of a D10, which the Defence Committee has talked about—a Five Eyes-type of collaboration among our allies. That idea has been kicking around for some time, yet we are yet to see it progress to anything concrete. Bringing together allies to work internationally and collaboratively on reinvigorating our telecoms sector is a laudable aim, but why is the Minister so afraid of monitoring its success?
A decade of neglect of our telecoms infrastructure has left us vulnerable and created the need for this Bill. We support the Bill, but it is clear that to protect our national security now and in future we must have an effective network supply chain diversification strategy, plan and implementation. New clause 6 would ensure that this vital aspect of our telecoms security is regularly reviewed and scrutinised, so that the UK is never again forced to choose between technological progress and national security.
The hon. Lady raised an important issue. Fundamentally, however, the issue of diversification is twofold. The Government want to see greater diversification within our telecoms supply chain. The £250 million allocated for the first three years of that programme to support the diversification strategy is a hugely important part of it.
As we are already seeing in the increased use of open RAN, whether with Vodafone in Wales or the NeutrORAN project with the NEC, there is already significant progress. I think that demonstrates that the industry does regard this—whether the hon. Lady wants to call it as an incentive or a carrot—as something that is making things happen to a greater extent. The Government cannot legislate for the diversification of the market; that is something that we can incentivise and work with the market to do.
We can monitor the diversity of networks, as Ofcom has the powers to do. We can set requirements on what the minimum standards might look like. For instance, NCSC guidance already says that two vendors should be the minimum, rather than one, for a telecoms network. That gives you an indication of what we will be monitoring and looking at, potentially, in codes of practice in the future. The hon. Lady is right to focus on this important issue, but it is wrong to pretend, important though Secretaries of State are, that any Secretary of State could legislate in the way she describes for the greater diversification that we all seek.
The focus of the Bill is on setting clear and robust security standards for our networks that telecoms providers must adhere to, and they must be met regardless of the diversity within any of those networks. To be fair, the diversity within a provider’s supply chain, in and of itself, does not offer the guarantee of network security. A provider using a diverse supply chain needs to be held to the standards set out in this Bill, so that the provider is able to offer the security standards that we need, regardless of the number of suppliers that they have available.
It is important to reassure hon. Members that Ofcom will have the ability to collect information relating to the diversity of suppliers’ networks under section 135 of the Communications Act 2003, as we have discussed. I do not think it is necessary to specify the need to collect information relating to diversification, as that is just one set of information that Ofcom may collect; it is just as important as several others in monitoring and reporting the security and resilience of networks. It is also important to clarify that, although greater diversity is critical in ensuring that we reduce our national dependence on a small number of suppliers, it is part of a broader approach to building security and resilience across the global supply chain that sits outside the Bill, important though it is. Diversification is an issue broader than the make-up of supply chains for UK providers alone, as the hon. Lady knows.
At this stage, there is a limited number of suppliers in the global market—a smaller number that are capable of providing equipment suitable for the UK market. It is a global challenge that requires a global solution, which is why it is an integral part of the diversification strategy that the hon. Lady mentions. Our primary objective has to be to grow the supplier base and give operators more choice about the vendors that they use.
As we heard in evidence sessions, operators are equally committed to increasing diversity in UK networks. To achieve that, the Government will take forward the programme of works that the hon. Lady mentioned, with trials and testbeds for new suppliers and open RAN technology. We will ensure that telecoms standards are set in a way that promotes security and interoperability, and we will remove barriers to entry for new suppliers.
As the hon. Lady said, all that work is being informed by an independent taskforce looking at all options to drive increased market diversification. That includes incentives in forms other than those that I have already described, and the taskforce will be making recommendations in the coming months. It is also looking forward to identify areas where market consolidation might occur in the future, what can be done to offset those risks and where the UK can establish its sovereign capability.
The hon. Lady asks why there were not suppliers on the taskforce. If there had been suppliers directly on the taskforce, they would have been conflicted, but the taskforce has worked closely with suppliers because they are obviously very important. Indeed, Manevir, NEC and others who gave evidence are among those who we have spoken to and worked closely with, as we have with Nokia, Ericsson and Samsung.
As the Government deliver our strategy across all these areas, we will be making announcements and providing regular updates as required. That approach, rather than the one the hon. Lady seeks through the new clause, will enable us to provide up-to-date and timely information on progress. With that, I hope she will be content that there is plenty in the diversification strategy that will deliver what she wants, but it is not an issue for the new clause.
I thank the Minister for his comments; having spoken for so long myself, I was reluctant to interrupt him. I am pleased that he has clarified that the £250 million is over three years, as opposed to being over five years—I had not seen that before. That is welcome, and I anticipate further funding.
However, the Minister says that the Government cannot legislate for the diversification of the network. Why not? The Government can legislate to break up consolidation in other markets, and they have legislated to do so—for example, competition law does exactly that. We heard in evidence sessions from some who felt that diversification could be achieved only through direct intervention. He implies that I am arguing that diversification delivers telecoms security on its own, but I am not arguing that. I am arguing that it is necessary though not sufficient—clearly, other methods are needed.
The Minister suggests that diversification is one of many things that Ofcom can report on, if it so chooses. That is equally important, but let us be clear that it was the diversification of a supply chain that was the critical report—a report so important that the current Secretary of State for Education was forced to resign because of its leaking, which is why we are here today. The diversification of the supply chain is absolutely critical.
The Minister says that we heard from operators that were committed to diversification, but we also heard that there were real challenges in their commitment to diversification. We would not be where we are today if they were so committed to diversification of their supply chain. That is why there is a need for incentives and intervention. On that basis, it is important to test the will of the Committee on the new clause.
I realise that this will come as a devastating blow to all of you, but the final question I must put is that—
On a point of order, Mr McCabe. I put on the record my gratitude, and that of my right hon. Friend the Member for North Durham and my hon. Friend the Member for City of Chester, to you and your colleague, Mr Hollobone, for the way in which you have expertly chaired proceedings in the Committee. I also sincerely thank all House staff who have supported our work here, including those representing Hansard, and particularly the Clerks, who have been absolutely invaluable in setting out our desires to improve the Bill in clear and orderly amendments and new clauses.
I also thank all members of the Committee from both sides of the House. This detailed, technical Bill is critical for our national security, coming at a time of national crisis, when we are braving—all of us: staff and Members—a pandemic in order to be here. We have had an orderly and constructive debate.
Further to that point of order, Mr McCabe. What fun we have had! It is a pleasure to come to this point in the Bill’s passage. I echo the hon. Lady’s thanks to the House staff and to yourself, Mr McCabe, and Mr Hollobone. I also reiterate her point that this is a crucial Bill—one that I am glad enjoys cross-party support. I look forward to debating its further stages in the House.