I beg to move,
That this House
has considered the security implications of including Huawei in 5G.
It is a pleasure to serve under your chairmanship, Mr Paisley. I am pleased to see so that many right hon. and hon. Members want to speak, so I will be as brief as possible.
The Government’s decision to go ahead with Huawei in the 5G network in the UK—it is clear from the evidence—has angered our allies and perplexed many of us who see this as an avoidable risk. In the rush—I believe it is a rush—to go ahead with the 5G system for the UK using Huawei’s products extensively, the UK Government have brushed aside the concerns of all our most important allies and the people we generally rely on. There is an overwhelming body of evidence indicating that Huawei is an untrusted vendor, which should not be given any further opportunity of access to our most vital communication networks.
The decision of the UK Government leaves us, at the moment, utterly friendless among our allies. After all, Huawei is effectively a state-owned corporation in the People’s Republic of China under the Communist party. Huawei Technologies is 99%-owned by Huawei Investment & Holding, which in turn is completely owned by Huawei Investment & Holding’s trade union committee. According to Chinese law, trade union committees are classified as public or mass organisations, which do not have shareholders, as they are recognised under Chinese law as legal persons or entities in their own right. An example of a public organisation would be the Communist Youth League.
The relationship between Huawei and the state is the same as the Communist Youth League to the state. Therefore, is it not baffling that the Government continue to argue that Huawei is a private company, given that, by the western definition, that cannot be said in any meaningful sense?
I was on a radio programme a couple of weeks ago with a director of Huawei in this country, who happens to be a former permanent secretary. I was surprised to hear him describe Huawei as being rather like John Lewis, in that it was owned by its employees, and that we had all got this wrong. Does my right hon. Friend agree that that is an absurd characterisation of Huawei?
It is either absurd or I will have to review my purchase from John Lewis. My socks might even be bugged! My right hon. Friend is exactly right. I want to make this point, which often goes missing in this debate. Huawei is also seen as a national security threat. It continues to deal extensively with Iran without full public knowledge of how; it built a mobile network for North Korea; and it is providing security surveillance and censoring systems to authoritarian regimes, not least the Chinese Government.
It has long been documented that Huawei has a long and intimate history with the Chinese security services, and there are issues around the security systems that have been provided for them, which are now being used, I think, to supress the Uyghur people. I have real concerns about that.
I want to bring to the right hon. Gentleman’s attention a recently published report from the Australian Strategic Policy Institute, “Uyghurs for sale”, which reports a horrific programme of exporting Uyghurs from Xinjiang to other parts of China. According to the report, Huawei is one of the companies that has benefited as a consequence.
That is shocking. If true, it is an absolute indictment. The British Government and other western Governments must speak up more about this and say that what is going on there is simply intolerable. If that were any other Government, it would be shocking. It is time that we call it what it is.
If all that is not enough to make one concerned—it should be—I hope that the UK Government, my Government, have noticed the following:
“A superseding indictment was returned yesterday in federal court in Brooklyn, New York, charging Huawei Technologies Co. Ltd. (Huawei), the world’s largest telecommunications equipment manufacturer, and two U.S. subsidiaries with conspiracy to violate the Racketeer Influenced and Corrupt Organizations Act”.
That is a very serious charge, which was made a matter of weeks ago, yet the UK Government announced that although they recognise Huawei as an untrusted provider, we would not stop network providers using Huawei equipment in the new 5G system. Instead of banning them, as our allies have done, we would place limits on the locations and the extent to which Huawei products may be deployed in our 5G network, to reduce Huawei’s involvement over time to the figure of 35%.
Does my right hon. Friend agree that by conceding that there is a problem and that it must be limited to 35%, the Government are admitting that the only safe option is to go to 0%? We have infuriated the Americans and our other allies in the Five Eyes. We know the Foreign Secretary had a bad time in Australia. Should we not have a concerted programme now with the Five Eyes allies to get to 0% over a short period of time?
I completely agree. I think the figure of 35% has been plucked from thin air. I will come on to the reasons why it does not work. Imagine that in 1939 we had been developing our radar systems and decided to have one of the Nazi companies in Germany directly involved. Oh, but we reduced their involvement to 35%, so they only controlled 35%. I wonder how ridiculous that would have seemed.
My right hon. Friend is making an excellent speech. I am not an expert in this field, but as the technology catches up, the Government intend to reinject our technology into 5G. I assume that once the Chinese are in there, we will never get them out.
That is the point. Each time, we are told that they will reduce, but, in fact, we get more and more addicted to them and are unable to change.
When the Government announced the figure of 35%, they made the point that the plan to exclude Huawei products from the core of the 5G infrastructure meant that we would solve the problem by restricting them only to the edge, as it was described. This position critically rests on the assumption that the core cannot be compromised from the edge. Most cyber experts whom I have spoken to know that this is an unsafe assumption, because they know that the whole 5G network can be attacked starting from the compromised edge, given the nature of change to the technological capability of the edge.
The edge components can be compromised. Indeed, there is some evidence that such attacks have already taken place on a limited scale elsewhere. For example, a hostile adversary might disable our 5G network by simply shutting down our antennas and/or routers at the edge by remotely activating the malware already buried inside many of those processors. Those embedded in the edge will have kill switches, which are currently nigh on impossible to detect and, therefore, to mitigate.
My right hon. Friend is making an excellent speech. One facet of living in a free country is that we are free to make our own mistakes. This is the first big mistake that we have made. As a former Armed Forces Minister, I want to reinforce everything he has said. Given what I learned when I was in office, the idea that we can keep them securely on the edge is complete and utter nonsense.
I agree with my right hon. Friend and he will see that in the course of my remarks I will point out that we—alone, it appears—are taking an enormous gamble.
The second reason the Government prayed in aid of their decision on 5G was the fact that it offered three main benefits: faster data transmission rates, shorter delays and increased network capacity. While faster data transmission rates can improve user experience—there is no doubt about that—for most people, 5G will not significantly impact their experience. Tasks such as viewing a movie will not be perceptibly different from 4G. In any case, the data speeds offered by 5G—100 megabits per second to 1000 megabits per second—are in the range offered by more conventional superfast fibre broadband. In many cases, the desired performance can and should be achieved by other means. Completing the roll-out of superfast fibre broadband, which my Government have constantly promised to complete to the level it should be at, is the No. 1 priority. Further, that will affect the ability of 5G to operate.
This comes down to a rather taxing conundrum. On the one hand, we have the intense concern of our Five Eyes partners about potentially allowing China into our security and societal networks; on the other hand, there is the economic opportunity cost of excluding Huawei from 5G. In the final analysis, does my right hon. Friend agree that security and democracy trump economics in all circumstances?
I am really grateful to my hon. Friend for that intervention. He is absolutely right; at the end of it all, our point is that defence of the realm comes first.
The right hon. Gentleman is making a really first-class speech. Of course, the argument about 5G or 4G is rather esoteric in parts of my constituency, because far too many of my constituents have zero G; I will just put that on the record. However, when we buy the box of tricks from the Chinese, if I can call it that, is there not also an issue, in that we are losing something here? That is because in this country we must maintain our skills in all of this stuff, and I believe that in going down this route we are going down a very dangerous road indeed in that regard.
The hon. Gentleman is absolutely right and I will come back to that point in a short while.
Although the Government claim that 5G will increase network capacity, there are concerns about the proliferation of the connected internet of things—the IOT devices—and a dramatic increase in self-driving cars with next-generation telematics. That is the key point.
There may be response-time critical benefits—in fact, there certainly are—in future with 5G, such as how self-driving cars share safety-critical information with one another. However, these applications overwhelmingly lie in the future and importantly will rely on a wider set of technological changes and significant changes in social attitudes; we must bear that in mind. This pressure that we can do things tomorrow, or within a few years, will somehow be another one of those gains that are used to leverage the idea that we have to make this development.
My right hon. Friend makes the very important point that if 5G is the technology of the future, it will drive many things that people use on a daily basis. Does he agree that we should not accept critical infrastructure for this country to be built by companies that we have no trust in and about which there are serious security concerns, and that if we do not have the capacity to build that 5G system now, we should build coalitions of companies that can work together and be credible alternative providers of this important technology?
My hon. Friend is absolutely right and prompts the question: who has been asleep on their watch? That goes right back to the time when the Labour party was in government and was not even told by civil servants that they had made the decision to approve the involvement of 5G. Saying that is not to blame Ministers; it was the fault originally of civil servants.
Even if the Government disagree about the urgent need for such developments or disagree with my argument about this issue, surely, as my hon. Friend the Member for Folkestone and Hythe (Damian Collins) said, security is a greater priority. Government policy must consider the wisdom of proceeding to deploy vast numbers of IOT sensors in our environment, offices and homes, unless and until current legitimate security concerns about this issue have been laid to rest.
I thank the right hon. Gentleman for securing this extremely important debate. First, may I say that it is quite clear in this Chamber that there is bipartisan support for his position, as indeed there is in the United States among Republicans and Democrats on this issue, and as indeed there is in Australia with the Australian Liberal Government and the Australian Labour party on this issue? Therefore, one must ask: why are the Government pursuing this course? I ask that because the right hon. Gentleman is slightly in danger of accepting the argument that somehow Huawei is light years ahead of other companies in this field. It is probably a few months ahead, given the nature of this industry, which is always changing rapidly, and companies such as Ericsson, Nokia and Samsung are clearly developing, too. What those companies really need are orders, which are what Huawei has had from the Chinese Government, to pull through their development.
I am grateful, as ever, to the right hon. Gentleman, who is in danger of making my speech before I do, because I am coming on to those points. He will find that we not do not just have cross-party support; we are absolutely linked in our concern about Huawei.
I will come back to this point later, but I am afraid that a lot of this issue is about the way in which the establishment at the moment in the UK has somehow found itself locked into this Huawei process, and we need to break it free; it is like getting somebody free of an addiction to heroin. We need to put it into rehabilitation, which is the point of my speech at the moment.
The right hon. Gentleman is making the case that security is paramount. Does he agree that there is also a commercial argument, in that the Government are going to reward Huawei, which has bought its way into the system? Its first tenders in the 3G and 4G networks were at a quarter of the costs of its commercial competitors in Europe and North America. We should not reward people who are basically trying to bankrupt our industry.
The hon. Gentleman is absolutely right. This relates to my earlier comment about the linkage with the Government. I will come back to Huawei’s ability to draw on support finance—which we might call Government support.
I am aware that you want me to make progress, Mr Paisely, so I shall. I will also ask others to restrain themselves slightly, although I will not refuse interventions. That will not win me points from you, Mr Paisley, but I will not defy my colleagues.
Perhaps most bizarrely, I think that the rush by the Government is being driven by the fear that we will be left behind by others. It is worth tackling that point. I find it difficult to comprehend their position, given that a growing number of leading western nations, many of them our competitors in many fields, intend not to use Huawei—in fact, they will depart completely from Huawei, even if that means a delay—or any other untrusted vendors. Surely, therefore, it is inevitable that the worldwide roll-out of 5G must slow down. Given that so many nations are saying no to Huawei, this should be an opportunity for us to prioritise national security over the breakneck speed with which the deployment of 5G is being pressed on us.
I, too, praise my right hon. Friend for making a very strong speech. Does he agree that the two successful roll-outs of 5G so far have been carried out in South Korea and Japan—by Samsung and Fujitsu respectively—and neither of them seems to have included Huawei?
Yes, I agree. My hon. Friend makes a very good point. In fact, I have read a note from Samsung declaring that it is completely feasible to do this work without any involvement from Huawei. Indeed, Samsung made very clear its belief that Huawei is a direct threat to our national security because its system is not a trusted one.
Far from Huawei having some insurmountable technological lead, it seems, when one starts to investigate, that the quality of its work is no better than anybody else’s, and in some cases somewhat worse. I recall even Dr Ian Levy, the technical director of GCHQ’s National Cyber Security Centre, saying about a year ago that Huawei’s security was “very, very shoddy”. He also said that
“it’s engineering like it’s back in the year 2000”.
We need to take stock of this nonsense propaganda that Huawei is light years ahead as an organisation. Yes, it has a lot of people in research and development, but the reality is that its development has been about money.
The Government say that telecommunications companies are all reliant on Huawei. It was said earlier in the debate that telcos are absolutely reliant on Huawei, so delay would leave them significantly out of pocket. According to that line of argument, however, I would argue that reducing Huawei’s involvement to even 35% would leave telcos out of pocket, so we are already halfway there, as it were. It seems daft to try to make that argument.
Of course, the reliance on Huawei comes as a result of it having constantly bid well below other market competitors for UK and other business. After all, there is a long history of the China Development Bank providing low-cost financing for Huawei customers, and that approach is updated every few years. A recent report estimates that, when one takes in tax breaks, grants and low-cost land acquisitions, the subsidy comes to more than $75 billion. No western company in this sector will be able to compete on those grounds.
Despite all that, it is not common knowledge that at least one very significant UK service provider has contacted me to say that it has already made clear that it will not use Huawei in its 5G network. O2 suggests that the idea that these systems cannot be created without Huawei—my hon. Friend Tom Tugendhat mentioned this earlier—is complete and utter nonsense.
The NCSC’s guidance does not even mention services. I understand that Huawei is now taking over the managed services for another operator, Three, which opens up yet another huge area to gather information from. If someone has a map of a radio network, they will also have a map of everything connected to that radio network. They will know what each piece is, what it does and how to attack it.
Yet our dependence on Huawei goes even deeper—much deeper than many people realise. I have just noticed that Huawei is present in the emergency services network, which is often referred to as the blue lamp or blue light service. The service is part of our critical national infrastructure, but the issue did not come out in the statements. I am astonished that that would be allowed. We can imagine how dangerous any form of disruption would be to that service. It beggars belief. Then I discovered that MI5 uses a systems provider that is heavily dependent on Huawei equipment. These decisions are barking mad.
The point I am making is that the systems and everything else that is being used are making things very vulnerable. The right hon. Gentleman makes my point exactly.
I am worried about the Government mobile system, which I understand the Government are working on. As usual for the civil service, it has some ghastly acronym. It is called gomo for short, which rather describes the process that we have been going through so far with Huawei. The Government have decreed that it will be one supplier only. It stands to reason that unless the Government block untrusted providers from the system, we will likely be handing over control of yet another vital and sensitive system to the organisation under discussion. That is a big question for the Government. Will they ensure that when that contract is let, the supplier will not have any input from untrusted providers such as Huawei? The Minister needs to answer that question.
I do not think John Lewis is in the market, but we can check that. I have not been there for any telecommunications.
I say to my colleagues and to you, Mr Paisley, that the situation is an utter mess at the moment.
I have been listening carefully to my right hon. Friend’s brilliant speech. As far as I can see, so far he has knocked down the Government’s arguments on technical grounds, diplomatic grounds, security grounds, practical grounds, commercial grounds and public safety grounds. After listening to his speech, there are no grounds on which to accept Huawei involvement in our national infrastructure. Can it be, therefore, that the Government’s only argument for accepting Huawei’s involvement is fear of China’s economic and geostrategic power? Giving in to that may be expedient, but does my right hon. Friend agree that it would be geostrategically wrong to kowtow to the Chinese Government?
My right hon. Friend is right. He also comes to a point that I will make shortly. My concern is that there are other logical reasons in play, which I want to talk about in a second.
I am so grateful. This is my second intervention, and then I will sit down and shut up. On the list that my right hon. Friend just gave, one thing he did not mention was trade. As the UK leaves the EU, we desperately seek our friends and allies to make a good trade deal. As I understand it, the US is now thinking not to sign up to a trade deal if 5G is linked to any part of it.
There is no question that the US Administration are very exercised by the UK’s decision to go ahead with 5G and Huawei. In fact, I cannot think of any other time when we have been so separated from most of our allies that we respect. The thing I cannot get is that even Vietnam, for God’s sake—a communist country next door to China—will not have Huawei in their systems.
Indeed. We are all neighbours in the global environment, as the dreadful coronavirus shows us.
The problem is compounded—this is not really spoken of in these debates, and the Government never make any mention of this—is a deeper and further problem. It exposes the degree to which western Governments, including our Government, to a degree—I am talking about successive Governments; this is not a shot at my Government, as the issue goes back further than that—have taken their eye off the ball. Much of the available equipment, including electronic sub-assemblies, is of unknown security provenance. At present, beyond existing contracted functions, we have little to no idea what else lies in our installed systems. UK Governments and others—I particularly want to focus on my Government—have done little to tackle the problem. Understanding what is inside the chips and processors is critical. Any malware needs to be detected. Surely, after all these years, we could have worked to ensure as much as possible that products deployed into secure or critical national infrastructure are auditable, so that we understand what is in them. What better way to do that than by collaboration with our Five Eyes allies, to ensure that we drive security much deeper? Nothing has happened, however.
We are in a mess, and the only way to get out of it, as my right hon. Friend Mr Paterson said, is to ensure that Huawei’s involvement is reduced from the Government’s present position of 35% down to 0%. I recognise that may take a little time, but that should be the purpose of the Government over the next two years.
Successive British Governments—this is the point that my right hon. Friend Mr Davis made—have tried to get close to China in the hope that we can take advantage of their markets. I recognise that that is not unreasonable, but in so doing, we seem to be playing a dangerous game. After all, this totalitarian regime is not an ally of ours, and we get confused about that at times, even if the Foreign Office is reluctant to admit that China poses a threat to us, for fear of upsetting the Chinese Government. That threat is not just in its cyber-attacks on our systems, but also in the way in which it does not obey the international rules-based order in trade. That point has been made today. By the way, no other country does a level of business proportionate to its population as much as Australia does with China. Australia is not frightened of saying no to the procedure, and I do not see anybody trying to beat it up on trade. Sometimes I wonder if we do not project the sense of power or force that we should.
As the UK leaves the EU, we should avoid kowtowing, as my right hon. Friend so rightly said—that wonderful Chinese act of placing one’s forehead on the ground in front of one’s respected superior—to China or anyone else. The British Government should commit to reducing and eradicating our dependence on Huawei, in line with our allies. That is really important. After all, defence of the realm is surely our first priority, and that goes for cyber-space as well. If defence of the realm is our first priority, what the Government are proposing today is not defence of the realm, but semi-defence of the realm, and that simply will not do.
We have had a 26 minute-speech or thereabouts and 15 interventions, some very substantial, which have maybe taken the ardour out of some people already. I have 11 speakers to get in, including the Front-Bench spokespersons for the Government and the Opposition parties. I will therefore be time-limiting Members to four minutes, to allow all the speakers on my official list to speak. However, if they take interventions, that could be reduced or may knock a speaker out.
I associate myself with much of what Sir Iain Duncan Smith has said. Much of Britain’s security future is not invested in weapons or armies, but in communications. The decision to allow Huawei into Britain’s communications puts our infrastructure at risk. Giving Huawei 35% of the 5G network and allowing it into our infrastructure sends a message globally that in terms of telecoms security, anything goes in the UK.
The 5G network is coming and it will be beneficial. The question is how to bring the network forward. Innovations that allow us to speak to friends across the world, that give us limitless information and that will ensure that mobile wi-fi speeds rival those of broadband are necessary for our economic viability, but those possibilities create new threats, such as the placing of spy cameras in every home and microphones in every workplace.
The Americans and the Dutch recognise the threat. The former chief of MI6 recognises the threat. In December 2018, the then Defence Secretary—now the Secretary of State for Education—expressed grave and deep concerns about Huawei providing technology to upgrade Britain’s services to 5G. He accused Beijing of sometimes acting in a malign way. Why can the rest of the Government not recognise the threat? Do we allow a foreign company potential access to every laptop, phone and self-driving car in this country and pay them for the privilege? Do we allow one of the main suppliers of the great firewall to have free rein over our internet back end here? Do we allow a company, closely aligned to a state that has more than 1 million Uyghur Muslims locked up without trial, access to our network infra- structure? I think not.
There have been some attempts to separate the horrors of the Chinese state and Huawei the company, but we have seen time and again that Huawei is intimately intertwined with Chinese policy towards the Uyghur. According to the Australian Strategic Policy Institute:
We know that Huawei is collaborating with the Chinese Government to build mass surveillance to target the Uyghur people. Why are we rolling out the red carpet to Huawei? It has shown little concern about human rights violations. Its company policy asks:
“Is it legal within the countries in which we operate?”
That is its criterion. It says it is for others to make a judgment on whether that is right or wrong. Is that the kind of company we want at the heart of our infrastructure?
On workers’ rights, we know that Huawei mistreats not only the Uyghurs, but its own workers. It operates a “wolf” work culture of long hours and brutal workplace norms. Hours are so long that new employees are given mattresses to collapse on. The wolf culture encourages employees to break and bend rules. It means that the company uses the police against its own workers, with some being imprisoned for months and months.
Huawei will not hesitate to break the trust that the Government have placed in them if it thinks it will benefit the company. The Government can choose to release the wolf into our country, but they cannot be surprised if they then get bitten. Ironically, the company claims to be owned by the same workers that it mistreats, but its ownership structures, as the right hon. Member for Chingford and Woodford Green said, are hugely opaque. The operating company is 100% owned by a holding company, which is in turn approximately 1% owned by Huawei’s founder and 99% owned by an entity called a “trade union committee”.
It is a pleasure to serve under your chairmanship, Mr Paisley. I congratulate my right hon. Friend Sir Iain Duncan Smith on securing the debate. In the four minutes that I have I shall go through some of the important points that have not been covered. Huawei is a high-risk vendor and should not be in our critical national infrastructure. That is the first significant mistake that this Government have made. How bad and how serious it becomes will be obvious in time. I want to cover not only national security, which my right hon. Friend has eloquently spoken about, but data privacy, our values, our alliances, and, critically, other issues around the competence of Huawei, and fair trade and economics.
I still do not understand why the Government continue to claim that Huawei is a private firm. The point has been made already that it is 99% owned by Chinese trade unions, so will the Minister explain why he and previous Ministers—certainly previous Ministers—have argued that Huawei is a private firm when to all intents and purposes it is part and parcel of the Chinese state? The Government claim that Huawei can be safely limited to the periphery of a network. Most experts and many security agencies say not. I quote Mike Burgess, head of Australia’s version of GCHQ:
“The distinction between core and edge collapses in 5G networks. That means that a potential threat anywhere in the network will be a threat to the whole network.”
Will the Minister comment on that? One of Mike Burgess’s senior directors, Simeon Gilding, tried to design a system that could have a high-risk vendor in Australia’s five G network. He failed and said it was not possible. He said that the British
“think they can manage the risk but we don’t think that is plausible given Huawei would be subject to direction from hostile intelligence services.”
Again, will the Minister comment on that? Are there espionage issues with Huawei? They are multiple. Chinese national intelligence law states that citizens have to co-operate. Furthermore, it states that the information that Huawei gets from the UK is the property of the Chinese state. Again, will the Minister comment?
China has a dreadful reputation for cyber-attacks. Chinese People’s Liberation Army soldiers have been charged with the 2017 cyber-security security attack on Equifax, which included data on millions of Britons. Why does the Minister think the Chinese want to collect so much information on so many millions of people in the west? That applies not only to Britons, but the 21.5 million files they stole on US federal employees in 2015. Can the Huawei Cell offer reassurances? Not really. It states that the Cell
“can only provide limited assurance that all risks to UK national security from Huawei's involvement...can be sufficiently mitigated”.
It complained that no material progress was being made by Huawei on the concerns of 2018, and it continued to identify security issues. Are there other security issues? Yes, for sure there are. I quote Finite State, a respected US company:
“Huawei devices quantitatively pose a high risk to their users.. In virtually all categories we studied, we found Huawei devices to be less secure.”
Bloomberg reported that Vodafone in several countries found illicit backdoors on Huawei technology. In March 2019, Microsoft uncovered Huawei MateBook systems running a system whereby unauthorised people could create super-user privileges. There are significant industrial espionage issues with Huawei. Will the Minister comment on those?
We know about Huawei’s involvement in China’s human rights abuses. It works closely with the state in Xinjiang province. Indeed, it boasts about it. In this country, it is a private company. In China, it is part and parcel of the state apparatus. I would love a comment from the Minister. Huawei claims it is a market leader. According to Chris Balding, an academic who studies Huawei, it is not. It is ranked fourth to sixth globally. It has a $100 billion credit line from the China Development Bank, which means that, apart from any other questionable business practices it has—we have been told of quite a few—it can undercut by 30% to 50% any other vendor. By allowing Huawei in the system, we effectively allow data privacy issues, damage to our alliances, and damage to free trade. We do western companies out of business so that we will have to become reliant in due course on China’s 5G as part of a significant power play in our critical national infrastructure.
That is quite all right.
We can tell this debate is important because of the variety of personalities sitting here. We have several former Cabinet Ministers, a former Deputy Prime Minister, and the Chairman of the Foreign Affairs Committee. The Chairman and the former Chairman of the Digital, Culture, Media and Sport Committee were here earlier. If the Tory party had a politburo, this would be it. It is clearly a sign that the Government have trouble ahead, and so they should. I do not need to echo many of the objections already made by Members here this morning. I am sure they will continue as the debate goes on, not only here in this room today, but in other parts of the House.
I want the House to consider the issue in a much broader sense. Who writes the rules on this part of international engagement when it comes to things such as the use of chemical or nuclear weapons, or traditional kinetic warfare? We have all kinds of international rules and treaties on the international order, as Sir Iain Duncan Smith mentioned, but we have very little written down internationally with our partners when it comes to the cyber world. As far as I can see, as Graham Stringer said, by dint of China buying its way into the market, China is writing the rules. The decision has been made by the UK Government from a position of enormous weakness. I take no pleasure in that. I want the Government to get this right, but they are getting it wrong—badly wrong.
The Government are getting it wrong not only because of all the issues around privacy and the broader issues of security, and not only because of the actor involved and its appalling human rights record, but they are in danger of being present but not involved, to coin a phrase, when it comes to setting rules that our citizens rely on so that we can live peacefully, freely and with prosperity. If this is global Britain, I am concerned. Global Britain is not my project, but I wish it well. It is important that it is got right. From where I stand, this looks like gullible Britain, and I think that is a great shame.
During the 2014 independence referendum the parliamentary private secretary to the Minister, John Lamont, who is sitting here, would have argued that an independent Scotland would be thrown out of Five Eyes and unable to get access to it. It strikes me that the United Kingdom is doing its best to get chucked out of Five Eyes at this very minute, and I do not want that to happen.
I hope that the Minister will respond to many of the concerns that have been raised, but we all need to lift our eyes a bit. We need greater international co-operation on attribution. Given that we do not have—here comes the dreaded phrase—a coalition of the willing in order to set some rules, we will continue to be played by not just China but Iran, Russia, North Korea, non-state actors and surrogate actors. My goodness, what a mess that will make.
If we are serious about global Britain—my party has something to say on that—let us have that discussion, but we cannot talk about Huawei and 5G in isolation, because there is a much bigger picture and something more dangerous at stake.
I start by declaring an interest: I used to work for BT’s cyber-security team before I was elected. I have spent 10 years working in the cyber-security industry, and I refer the House to my entry in the Register of Members’ Financial Interests.
The security of our telecoms network is vital as we move towards an ever more connected society and economy. It does not, however, rest on the presence or absence of equipment from any single supplier. Strong cyber-security for any system, including our telecoms networks, is determined by: the security architecture principles that have been followed in its design; how the system is managed in-life, including the security controls and monitoring around it; the contingency planning that has taken place, which enables any risks that materialise to be dealt with effectively; and the testing of that contingency planning.
I will address each of those briefly, but the key thing I wish to emphasise is that there is no risk-free option. Regardless of the equipment used, our telecoms networks, Government bodies, businesses and critical national infrastructure operators will always be targets for nation states, aggressors, criminals and hackers. The key thing is to manage the risk and reduce it to an acceptable level. That is what, in my view, the telecoms security requirements achieve.
I am sorry to interrupt; I know that time is short. Is my hon. Friend saying that there is no implication for 5G security, never mind the geopolitics and politics, of having a high-risk, untrusted vendor from a potentially adversarial state in the system? Is it not like giving the burglar the keys to our house, while pretending that we have a safe that is safe?
For a start, there are no trusted vendors. Most companies operate a zero-trust policy when it comes to all cyber-security vendors. Secondly, the key point is how we manage that risk. I will go on to answer the question in a bit more detail, if my hon. Friend will bear with me.
The TSRs establish a baseline for security in telecoms, and put it on a statutory footing. They prohibit the use of high-risk vendors in sensitive functions of the network, and cap the use of such vendors at 35% across the network as a whole. As a result of their implementation, we will have some of the most secure networks in the world. The TSRs provide a clear and exhaustive list of sensitive functions related to the control, orchestration and virtualisation of our networks where high-risk vendors cannot be used. They will not be used in the intelligence or control planes of the network, and therefore will not interact with customer traffic in a detailed manner. Any impact of failure will also have a limited, localised geographical reach.
Many understandable concerns have been raised that moving to 5G networks will somehow merge those sensitive functions, often referred to as core functions, with less sensitive parts of the network in which equipment from high-risk vendors will be used. Moving to 5G network technologies could enable us to move sensitive functions out to the edge of the network, but “could” does not mean “should”. Were we to do so, using a high-risk vendor would be the least of our problems.
The further restrictions of only one high-risk vendor in the network and the hard cap of 35% further enhance the security standards. Security architecture principles are not a desperate measure to enable us to use a high-risk vendor; they are part of every network deployment everywhere, whether it is a telecoms network at national level or a business network at company level. More sensitive information and functions with higher risk are treated differently from those with lower risk. A blanket approach of doing away with all higher-risk vendors or technologies would mean that we could not use emerging technologies that offer so much benefit when deployed appropriately.
Today’s motion specifically references Huawei. The UK has globally leading insight into Huawei’s operations, processes and products through the Government-chaired Huawei cyber-security evaluation centre. Whoever the vendor is, any responsible telecoms provider will fully test all hardware and software before deploying it into their networks.
Is that not the problem? So much of our kit is not being tested, which is why we need a fuller security audit. Also, the Cell is becoming increasingly concerned about Huawei, saying that Huawei is not delivering the improvements that the Cell needs. The Cell highlights those concerns in its reports.
I thank my hon. Friend for that point. There are engineering problems in Huawei, and the Government and many UK customers have been very clear that they want Huawei to solve them. The news that I must give him is that if he started looking at the code of any supplier, he would see security issues. In security engineering, I am afraid that people make mistakes when it comes to software.
Equipment and performance is monitored in-life by telcos, and threat hunting is carried out across the whole network. Technologies are increasingly powered by artificial intelligence. AI look for anomalies of behaviour both inside the network, in terms of patterns of incoming traffic, and suspicious outbound traffic. Attempts to sabotage equipment or exfiltrate data at scale will be detected.
The National Cyber Security Centre, my former employer BT and many other telcos have all been very clear that they have not previously detected attempts at malicious activity by Huawei. If they had, they would hardly be doing business with them for their 5G networks. However, we cannot rely on the past to determine the future. That is why the cap on the amount of equipment provided by one supplier is so important, as it stops an over-reliance on one supplier in the network. Other arrangements, such as the escrow of source code, enable providers to isolate equipment in their networks and take over full operation of it, should that be deemed necessary due to mounting international tensions.
Thank you, Mr Paisley. It is a pleasure to speak in the debate. I thank Sir Iain Duncan Smith for introducing it, for setting the scene so well, and for speaking for the majority of us in this House and in the Chamber today, and the majority of those outside as well.
I am no tech expert—far from it—yet I have had concerns from the outset about the safety of allowing Huawei into the 5G network. When I find myself at a loss regarding the nuances of an issue, I always turn to those who understand it much better. For that purpose, I have looked at the relations of other nations with Huawei, and the facts cannot be ignored. My concerns have led me to question the Minister, today and on previous occasions.
Security and democracy must have priority. Defence of the realm, as the right hon. Member referred to, for this great nation of the United Kingdom of Great Britain and Northern Ireland must be protected. Our first duty must always be to our citizens and constituents. They have told me that they share the deep concerns that so far all Members bar one have expressed in the Chamber today.
My fears and concerns have not been assuaged since the question I asked the then Minister, Jeremy Wright, in April last year. I said:
“Huawei has been banned from the core of 5G, but it is to be allowed to operate at the edge. The edge includes masts and antennas, which are also very sensitive. Canada and New Zealand have expressed concern, and Australia and the United States of America have said there is no relevant distinction between the core and the edge of 5G networks. What discussions has the Minister had with those four countries, and has their determination had any influence on our decision?”—[Official Report,
The then Minister’s response was that discussions with our Five Eyes partners were ongoing, yet we appear to have dismissed that, while still allowing that there is a safety implication of Chinese interference and reliance on that technology. Again, I find myself uneasy and desirous that, even at this stage, we rethink this massive step. That is the feeling of the majority in the Chamber.
China is guilty of some of the worst, barbarous, evil, surgical human rights abuses against its own citizens. Mr Carmichael and others have referred to the Uyghur Muslims, but it is not just them; there are also the Christians, the Falun Gong, and many other people. China has tried to re-educate them through forced labour and surveillance of what they are doing, and has used Huawei 5G to do so. Huawei has also been deeply involved in organ harvesting—commercial harvesting of organs from people who just happen to have a different faith.
The Financial Post has given this summary:
“The United Kingdom has now broken ranks with many of its closest allies”— allies in whom we have great trust—
“including fellow members of the Five Eyes intelligence-sharing club. The British government classified Chinese company as a ‘high-risk vendor’ and banned it from the core network that manages access and authentication, but nevertheless permitted it to compete for up to 35 percent market share in the country’s access network—that is, its antennae and similar equipment.”
I am only one of 650 Members of this House, and I absolutely believe in the tenets of democracy, but I will not stay silent. I do not believe that what the Government are doing is in the best security interests of this nation, and if steps can be taken to pare it back, those steps must be taken. We have been known as security giants, and I do not like the idea that we are now standing on the shoulders of Chinese giants. We have stood alone, and can do so again, but it is always best that we stand with our allies. The Chinese may hopefully be strong trading partners post Brexit, but by no stretch of the imagination can they ever be considered our allies; their human rights abuses cannot be ignored. This issue is concerning, and we must not leave it here.
Thank you, Mr Paisley, for calling me to speak in this important debate. Many of the security questions have been covered, so while I do not resile from them I will not cover them again. We have not yet addressed what will be an important issue going forward, which is the simple fact that just as we write laws in this place to shape the culture of society, we shape the culture of our systems by writing code. The code that is being written today in places like Shenzhen is going to shape the culture of our communication systems and the way in which they act together.
This may sound like it is simply a question of noughts and ones—a mathematical process that is devoid of culture—but that is simply not true. Even supposedly neutral systems like accountancy rely on concepts of ownership, individuality, privacy, collectivity or state interference that are culturally specific. That is as true of accountancy today as it was when it was first created, several hundred years ago on these islands. The code that is now being written will have the same implications, so the real decision for us is not just “What are we looking at today in our 5G network, and how much influence will it have on the systems that we seek to operate now and in the immediate future?” but “What cultural norms are we embedding into our society that will shape the concepts of liberty and individuality”—concepts that I thought we held dear?
If we are arguing, as many of my right hon. and hon. Friends have done so successfully, that these islands have the right to determine their own future and take back control of their destiny, it seems odd to decide that having just done so, we are going to hand it over to Beijing. I fail to understand why government from Beijing is better than government from Brussels, or why cultural norms set in a collectivised state are better than those that arise among democracies with which, at least, we share values. When I hear colleagues on both sides of the aisle in the United States, Australia or New Zealand speaking clearly about the security implications for all of us, I also think about the foreign policy implications. Whatever we think about our security preparations, if our allies do not trust us, that undermines the alliance. If our allies do not believe that we can keep their data safe, that undermines the sharing of data, and if they do not think we are going to be reliable, that calls the alliance into question. China is already having some success in its geopolitical world, because the game it is playing—the game of dividing its opponents—is meeting with some success. I am very sad that our Government are allowing themselves to be the pawn in that game.
I understand that the Government must take risks in certain areas, and that the decisions they must take are difficult. The Government have to decide whether, if Nokia and Ericsson were the only companies in this space, the collapse of one of those companies would lead to a monopoly, and they therefore see a requirement for a third. However, instead of risking a monopoly, they are taking risks with security, which is a mistake.
It is a great pleasure to serve under your chairmanship, Mr Paisley, and I congratulate my right hon. Friend Sir Iain Duncan Smith on securing this debate. I will use my four minutes to discuss where I agree with the consensus that has emerged in this debate, and where I respectfully disagree.
I agree that 5G is hugely important, for the reasons that have already been given. Two things follow from that: first, security is absolutely paramount in the 5G network, but secondly, subject to our security requirements we should have the best equipment possible. This debate cannot ignore the fact that a great many people in the telecoms industry believe that Huawei equipment is not simply cheaper than its competitors, but better. It therefore seems to me that if our security requirements can be met, it is not logical to entirely exclude Huawei equipment.
This debate has quite sensibly focused on the question of security, but when we are considering the security of the network, it does not seem sensible to focus entirely on Huawei: we have to think about the security of the entire network. These are complex and interdependent networks that must be secure from threats, wherever those threats come from. That is why the telecoms supply chain review that began while I was in the Department for Digital, Culture, Media and Sport is the right way to approach this issue, and the general principles that it has set out are sound. I am not going to run through all of those principles, although my hon. Friend Ruth Edwards has mentioned some of the telecoms security requirements we should have. However, it is worth saying that diversity, in terms of the number of suppliers in the system, is in itself a security advantage that we should not dispense with unless we need to.
Does my right hon. and learned Friend accept that the diversity argument is one of many flawed arguments, because Huawei is undermining diversity? Through Huawei and ZTE, the Chinese state is trying to build up other states’ dependency on it to provide advanced communications, so by getting Huawei in, we are undermining diversity in the market.
I agree with my hon. Friend that it is sensible to make sure we do not undermine diversity through our own actions. However, as a matter of principle, taking suppliers out of the system does not assist diversity. The points he has made are substantially about security, and I agree that this debate must focus on that question. Whether we use market caps or bring along other suppliers in the market, diversity is a legitimate security objective, just as it is a legitimate economic objective. However, I am afraid that we do not have the luxury of inventing a domestic contributor to this market in a short space of time, so we have to deal with the market as it is.
There is a good reason why we focus on the security of the system as a whole and not on one supplier. If we are worried about China, as it is perfectly right for us to be, it is worth keeping in mind the fact that many of the competitor suppliers referred to in this debate use Chinese components in their equipment, or assemble their equipment in China. It is therefore important to recognise China’s potential to intervene.
Given that we are about to spend £100 billion on a train line, would it not be sensible to invest some of that money in our own infrastructure if we are so concerned about Chinese suppliers?
My hon. Friend really should not get me started on HS2; we do not have time.
We should not just be worried about Huawei or about China, but about the security of the entire telecoms infrastructure. However, if we are going to talk about Huawei, let us not forget first of all that Huawei is already in the system. Sometimes these debates are conducted as though it were going to come in for the first time, but it is here already, managed differently to other suppliers. Secondly and most importantly, let us not disregard the advice of our highly respected intelligence agencies, which have said that the inclusion of Huawei’s equipment is consistent with our security requirements. I have had the privilege of working with those agencies, as I know many other Members present have. They are world class, and it is important that we do not disregard what they say.
The Government have found themselves between a rock and a hard place, facing a decision between spiralling costs and high security. We have serious concerns about establishing such a fundamental part of our digital infrastructure with Chinese-owned technology. Any and all our concerns and doubts about the impact it could have on the security and autonomy of our data must be answered beyond reproach before such a risk is taken with our vital national infrastructure. To ensure that, the Government should conduct a full independent review and assessment in collaboration with allies in the Five Eyes.
Ensuring our grasp on the information and capabilities reliant on 5G technology is pivotal in exploiting the benefits and power that it undoubtedly offers, as well as in protecting ourselves from it. We have heard a lot about the threat of back doors in Huawei hardware and software that would allow it to be controlled remotely from outside the UK. Of course that is a legitimate concern, but the bigger issue is the more systematic security failings in the software that could be remotely exploited.
The 2019 report of the board that supervises the Huawei Cyber Security Evaluation Centre said that Huawei lacks “basic engineering competence” and brings a
“significantly increased risk to UK operators”.
The board could give “only limited assurance” about the ability for risks to be managed.
Another risk is that equipment providers usually have automated authorised remote access to their hardware to provide support to carry out a managed services contract, with the equipment requiring regular software security updates and bug fixes. There is a lot of outsourcing in the sector, including to Huawei, with further potential for security breaches.
I understand the concerns raised by the hon. Gentleman and other hon. Members, but given that our intelligence agencies have designed the Government’s approach, that the National Security Council has signed off on it and that all Ministers going to its briefings have agreed with it, should we not put more faith in the risk mitigation measures that the Government have announced?
No, I would not put faith in them, not least because there is little consensus among former heads of intelligence about the issue.
I will not; I will make progress.
The UK has spent, and continues to spend, billions of pounds on the development, maintenance and renewal of 20th-century defence systems, such as Trident, that are simply not fit to face the security challenges of the modern era. The biggest threats we now face—terrorism, climate change and, of course, cyber-security—will not be deterred by multibillion-pound nuclear weapons in the firth of Clyde.
In the meantime, our telecoms infrastructure security has been left weak and exposed by decades of under-investment. Countering the threat would require serious investment in, and protection of, our native companies, which would involve a hard look at China’s enthusiasm for the acquisition of small engineering firms. Sir Iain Duncan Smith asked who has been asleep at the watch, but we all know which Government and which party has been in charge for the last decade. With China aiming to monopolise the market, it is not too late for the Government and the country to wake up.
It is a great pleasure to serve under your chairmanship, Mr Paisley. I congratulate Sir Iain Duncan Smith on securing this incredibly important debate. We are on opposite sides of the House, but we share a deep commitment to British security and technological capability, which is clearly also shared by the many hon. Members present.
The UK has a proud technological history, from the earliest days of the industrial revolution to the invention of the first fibre-optic cable and, of course, the world wide web. Why, then, at the outset of the fourth industrial revolution, are we in a Huawei hole of our own making? As an enabling technology, 5G represents much more than faster mobile internet speeds. As the web enables applications that its inventor Sir Tim Berners-Lee could never have dreamed of, 5G provides the platform for the technologies that will define the 21st century.
As I may have mentioned before, I am a chartered electrical engineer and a tech evangelist. I want the United Kingdom to harness all the benefits that 5G networks can bring, but if the foundations are poorly laid, or not laid at all, the potential for national harm is significant. After I graduated from Imperial College London, my first job was for a world leader in the then-emerging telecommunications sector. I spent eight years with Nortel designing networking equipment all over the world and working with many of the other equipment vendors at the time, such as Alcatel, Siemens, Nokia, Ericsson and Motorola. If someone had said to me that, a couple of decades later, we would be incapable of building a European telecoms network without a Chinese supplier, I would have been dumbfounded.
As we have heard, Huawei is bound by China’s national intelligence law to support, co-operate and collaborate with national intelligence work. That raises many concerns for the security of our 5G network. I will not repeat those raised by many hon. Members, including the hon. Members for Isle of Wight (Bob Seely) and for Tonbridge and Malling (Tom Tugendhat). The fact that Huawei is designated by our National Cyber Security Centre as high risk says it all. It is high risk, so why are we taking a risk with our national security? My hon. Friend Alex Sobel and Jim Shannon highlighted the human rights and employment rights abuses with which Huawei is linked.
I have 10 questions for the Minister. How has the industry got itself into a position where our critical national infrastructure is so dependent on one high-risk vendor? The UK telecoms supply chain review, as summarised by Ruth Edwards and Jeremy Wright, was seven months ago. The then Government committed to reduce our reliance on high-risk vendors over the next five to 10 years. Can the Minister say how that is happening? We have heard nothing since. The Government also said then that they would legislate at the earliest available opportunity. Again, we have heard nothing since.
With network design, cyber-security specialists will always advise people to assume breach, but the Government’s approach seems to have designed into it breach by a foreign power at a time of unprecedented geopolitical tension. I have many more questions as there is much that we do not know. What percentage of the UK’s currently deployed full fibre and mobile networks involves a designated high-risk vendor? From what proportion of our networks are they to be excluded under the terms of the NCSC advice?
If I understand the Government’s position, 5G and full fibre are critical national infrastructure, but only parts of them need to be secure. That is a difficult but, as the hon. Member for Rushcliffe suggested, tenable technological position, but we need to see the measures that will mitigate the risks and manage them out of our network.
On the international ramifications of the Government’s decision, as we have heard, the UK is the only member of the global intelligence-sharing network Five Eyes to have chosen to accept Huawei, with the exception of Canada, which is yet to make a decision but is being advised to block it. All the other members, the US, Australia and New Zealand, have blocked Huawei’s involvement, citing security concerns. Can the Minister tell us why our allies are taking such a different approach? Does he have a proper and detailed understanding of the impact on our international relationships, as Stewart Malcolm McDonald highlighted?
Labour wants to work with the Government on this clear issue of national security. The Government say that the economic cost of barring Huawei would be too great and Mobile UK has estimated that a delay would cost £7 billion. If I compare that with the £8.3 billion committed by the Government to Brexit preparations, however, it strikes me as a clear case of political priorities—and what priorities they are, when we are at a profound national security crossroads.
I hold the National Cyber Security Centre in the highest regard—I thank its representatives for meeting me yesterday—but I ask the Minister to address a concern. The supply chain review report spoke of statutory guidance, but so far we have only had blogs. It is good to be responsive and we know that President Trump’s tweets have some force of law in America. Is the same true of these blogs? Will Ofcom be enforcing them?
The supply chain review report also promised telecoms security requirements, which would set a new bar for security and be enforced by Ofcom. The hon. Member for Rushcliffe seemed to imply that those requirements are available, but I have not seen them. Will the Minister tell me whether they are available, how they are to be enforced and with what resources, for both Ofcom and the Huawei cyber-security observance centre?
Finally, consolidation and competition from the Chinese subsidised sector means that many of the vendors and operators in the telecoms sector have finances that do not look exactly sustainable or stable. What is the Minister doing to assess the financial security of the sector?
As the Government shilly-shallies over national security, we will be tabling amendments to the Telecommunications Infrastructure (Leasehold Property) Bill currently going through Parliament that will seek to reduce our dependence on high-risk vendors. I hope I will have the support of the Minister and other Members in this Chamber.
Labour also has proposals on the telecommunications industrial strategy, which has been highlighted by many Members, to ensure that we can take a leap forward in this critical technological area, including support for new standards and a new catapult, to bring together existing centres of excellence to ensure that we can once more be at the forefront of technological innovation. The good news is that, in technology, you are never so far behind that you cannot leapfrog existing technology. The bad news is that it takes investment in strategic vision—a quality that this Government sorely lack. Huawei is a test of both.
I return to my first question. Why are we in this position and what steps are the Government taking to ensure that it does not happen again, and to eliminate our dependence on high-risk vendors? The Government should start to proactively identify future technological needs and invest strategically to ensure that they can be met by a wider range of platform providers.
The Government claim to care about political sovereignty—about taking back control from foreign powers. It is high time that we started caring about technological sovereignty too.
This has been an important and timely debate. I am glad that my right hon. Friend Sir Iain Duncan Smith has provided the Government with an opportunity to clarify some of their position.
As he knows, the Government’s first priority is to protect our citizens and their interests. That means that the security of our telecoms and critical national infrastructure is of paramount importance. That is why we undertook the telecoms supply chain review—to allow us to make hard-headed, evidence-based decisions.
The UK is a global leader in cyber-security. Our world-class security agencies have set out their security analysis of the telecoms sector in a level of public detail unmatched anywhere in the world.
It is because of the need to manage the risks to national security that we have made the decisions that we have on high-risk vendors, concluding that there needs to be strong restrictions on their presence in the network. It is because we need to improve the security of the network overall that we need a new security framework for telecoms.
Over time, our intention is to reduce our reliance on high-risk vendors, as market diversification takes place. We want to get to a position where we do not have to use a high-risk vendor in our telecoms network at all.
Can I be very clear on what the Minister said? He is saying that the Government’s aim is to reduce to zero high-risk vendors, of which Huawei is one.
As I say, we want to get to a position where we do not have to use a high-risk vendor in our telecoms network.
This is a very important point. I want to know, and I think the rest of the House would like to know, whether it is now Government policy to drive to 0% involvement by Huawei and other non-secure vendors. Is that now the policy—not just to 35%?
Our aim is not to be reliant on high-risk vendors at all. I appreciate that my right hon. Friend would like me to set out a timetable for that, but I cannot do that today.
There are major market problems we need to address and they are common to all western nations. We have to remain hard-headed and evidence-based. We want to ensure that, as new technologies develop, we have a vibrant and diverse ecosystem of suppliers that we can rely on. The decisions we have made in this area are the right ones because they are based on hard evidence.
We are not getting at the Minister, who we hold in high regard, but at the decision that he is, unfortunately, having to defend. He is now talking about the economics. The problem is that because Huawei is so bankrolled by the Chinese state, it can simply undercut other providers. Even if Fujitsu and Samsung—not to mention UK companies—want to come into the market, so that there is a diverse, multiplayer, western market in 5G, it is very difficult to get to that because Huawei will always undercut, and telcos are heavily indebted and therefore will do Huawei’s bidding. That is a structural problem.
I will come on to what we will do to try to promote market diversification in a moment. Suffice it to say, we do not and will never put anything other than national security at the very top of our agenda on this issue.
I want to clarify a very simple point. The moving to 0% of high-risk vendors seems good common sense to me. Is the Minister telling the Chamber that Huawei is classified by this Government as a high-risk vendor?
I fear making no progress at all if I keep giving way.
Put simply, in the view of the most expert telecommunications specialists in the world, as others have said in the debate, a limited amount of carefully controlled hardware from China does not compromise our national security. This Government will continue to do all it can to put the experts who hold that view, both private and public sector, at the disposal of this House. I am grateful to all those hon. Members who have taken up the opportunities for such briefings and I wish they were greater in number. The Government are confident that we are putting the nation’s interests first.
I say to the Minister that a mixture of good and bad is not diversity. That is the first thing. He says that he puts the security of the nation first. In pursuit of that, the Government have claimed that there is no back door to Huawei hardware. The Americans assert differently. The Germans agree with them. Other countries agree with them. He served on the Bill Committee for the Investigatory Powers Act 2016. I remind him of sections 252 and 253, which give us the right to have a back door. How can we have a back door, when the hardware installer, the hardware supplier and the hardware administrator does not?
My right hon. Friend highlights the need for oversight, which I will come on to talk about in a minute.
Telecoms networks are complex. They rely on global supply chains, where some limited measure of vulnerability is inevitable. The critical security question that we have to ask ourselves is how we mitigate such vulnerabilities and stop them damaging the British people and our economy.
The Minister keeps talking about the security of the nation, but we know that many UK companies working in the areas of photonics and quantum are concerned about national security. They want to scale up but cannot get funding from his Government, and they therefore look to countries such as China in order to expand—another area where this Government are failing.
The hon. Member raises a point that I would be happy to cover in another debate, but the Government and I share some of her concerns.
It is because of our security and intelligence agencies that we have a comprehensive understanding of the threats and risks of 5G, and I would like to remind right hon. and hon. Members—not that I need to—that our agencies are the envy of the world. They work every day to safeguard our national security and put the UK’s interests at the heart of everything we do. The National Cyber Security Centre has provided expert technical and security advice on 5G. They are experts in the technical changes that will take place in the network and in the risks we currently face from the presence of high-risk vendors’ equipment in our networks and those of many of our allies. They are experts in security, including the national security threats that we face today. Our unique shared understanding of security threats and risks, together with that of the technical characteristics of the network, means that the NCSC is in the best possible position to advise on the cyber-security of the UK’s telecoms national infrastructure.
The Minister has so nearly got the Government to the right position. He has admitted that Huawei is a high risk and that it is the Government’s intention to get to no high-risk vendors. He has admitted that he listens to our allies, who are overwhelmingly against Huawei’s involvement in the 5G network. Australia, France and the United States have all said that they have taken advice. We know that Korea has gone for an alternative supplier. Why can the Minister not follow the logic of what he is saying and tell us, “Yes, we are going to get out of Huawei over a fixed period of time and work closely with our Five Eyes allies.”? He is so nearly saying the right thing, but he has a ghastly brief because the Government have got themselves into a mess. They have inherited a mess from their predecessors. Why can he not be honest and say, “We want to get to zero, and that is the safe place to go to.”?
I hope my right hon. Friend takes significant comfort from what I have said: we want to get to a position where we are not reliant at all on high-risk vendors.
We have confidence in the independent technical assessment from our security experts and, importantly, the telecommunications industry has confidence in those assessments, too. That is why we have been in a position to publish as much of our security assessment as we have done. As a result, we have the most detailed study of what is needed to protect 5G networks anywhere in the world. We are not naive about Huawei or its relationship with the Chinese state. Since Huawei has entered the UK network, it has been carefully managed. Through the cyber-security evaluation centre and the oversight board, we have the greatest access to, and insight on, Huawei equipment anywhere in the world.
I am grateful to the Minister for giving way yet again.
Does he understand that many of us take issue with what he has just said? First, figures from the security world who have publicly spoken up, such as Richard Dearlove, are hostile to what the Minister says. There is a sense that the Government have given our security agencies a fait accompli, because almost all our allies’ cyber-security agencies take a diametrically opposed view to the one that he presents. Secondly, will he acknowledge that the Banbury Cell now has very serious concerns about Huawei?
As I said, we are introducing the new regime because of some of the concerns that my hon. Friend addresses. I reiterate the Government’s offer to put at the disposal of any Member of the House as many experts from the public and private sectors that we can, so that colleagues can be in touch with the latest thinking on this issue.
We understand the threat from China and are robust with it when our interests are challenged. We will continue to publicly call out malicious cyber-activity, and the decision to categorise Huawei as a high-risk vendor took into consideration the potential links between Chinese companies and the Chinese state, including the fact that Chinese companies are subject to China’s national intelligence law. The UK has also been vocal in drawing attention to the systematic human rights violations against Uyghur Muslims and other ethnic minorities in China. The Government have set out our expectations of businesses in the UK national action plan on business and human rights.
The telecoms supply chain review, which was laid before the House in July 2019, underlined the range and nature of the risks, highlighting the risks of dependence on one vendor, faults or vulnerabilities in network equivalence equipment, the back-door threat, and vendors’ administrative access. We need to be alive to the totality of the risks that the telecoms network faces today and will face in the future. High-risk vendors are part of that security risk assessment, but they are not the sole factor.
I want to address some of the myths about how the network will develop. It is true that technical characteristics of 5G create a greater surface area for potential attacks, but it will still be possible to distinguish different parts of the network. As my hon. Friend Ruth Edwards said, what matters are the critical functions within the network. We need to ensure that critical functions, wherever they are, have appropriate security.
I will come to the issue of the network’s core and edge, which will answer some of the questions that Members want to ask.
Ian Levy, the technical director of the National Cyber Security Centre, set out in a recent blog post that the notion that there is no distinction between the core and the edge cannot be true. He says that, with 5G networks,
“you need lots of smaller basestations as well as big ones, and the small ones will be on lampposts, bus shelters and other places that aren’t secure from physical interference by bad guys. So, if your network design means that you need to run really sensitive functions processing really sensitive data (i.e. core functions) on an edge access device on top of a bus stop, your choice of vendor is the least of your worries and you probably shouldn’t be designing critical national infrastructure. The international standards that define what a 5G network actually is allow you to do all sorts of things, and some of those things could lead to security or operational risks that can’t be mitigated. That doesn’t mean you have to do them.”
We in this country will not do such things.
My hon. Friend knows that we have some of the most imaginative experts working for us in our agencies, which is why we are establishing one of the strongest regimes for telecoms security in the world—a regime that will raise standards across the UK’s telecoms operators and the vendors that supply them. At the heart of the new regime, the NCSC’s new telecoms security requirements guidance will provide clarity to industry on what is expected of network security, and it will raise the height of the security by including the supply chain management. The Government will legislate at the earliest opportunity to introduce the new comprehensive telecoms security regime and new statutory telecoms security requirements, which are to be overseen by both Ofcom and the Government.
I will not take any more interventions.
We expect that the new regime will include new obligations on telecoms operators to comply with telecoms security requirements, and we are considering whether Ofcom requires further power to ensure that, as we have said before, high-risk vendors will be excluded from security-critical network functions, limited to a minority presence of up to 35% in other network functions, and be subjected to tight restrictions.
Those controls are not without cost. BT has already identified a £500 million cost to it alone, and we did not take these decisions lightly. We will legislate at the earliest opportunity, and that legislation will be important in enabling the Government to manage the risks to the network and enforce conclusions on high-risk vendors. However, it also needs to be flexible enough to allow us to continue to manage the risks as they evolve; as I have described, we will manage them over time. I want to reassure Members that the Government share the ambition that our long-term goal is to reduce our reliance on high-risk vendors, and a timetable must be contingent on diversification in the market.
Successive western Governments have failed to ensure that there is effective competition in the market, and we are faced with a very narrow choice of suppliers for these technologies. Through a strategy of market diversification, we will seek to attract global vendors and to ensure there are new entrants into the supply chain, and we will promote the adoption of open, interoperable standards. We are already in talks with Samsung, and our 5G test beds and trials programmes do not use high-risk vendors. We need to work quickly with like-minded countries to develop a diversification strategy.
The debate on 5G security is global, and our Five Eyes network and other partner relationships are incredibly important. We will continue to work closely with them, and we know they understand the decision that we have taken. I conclude by saying simply that national security will always be at the top of our priorities and we will work to move towards no involvement of high-risk vendors.
Motion lapsed (