I start by declaring an interest: I used to work for BT’s cyber-security team before I was elected. I have spent 10 years working in the cyber-security industry, and I refer the House to my entry in the Register of Members’ Financial Interests.
The security of our telecoms network is vital as we move towards an ever more connected society and economy. It does not, however, rest on the presence or absence of equipment from any single supplier. Strong cyber-security for any system, including our telecoms networks, is determined by: the security architecture principles that have been followed in its design; how the system is managed in-life, including the security controls and monitoring around it; the contingency planning that has taken place, which enables any risks that materialise to be dealt with effectively; and the testing of that contingency planning.
I will address each of those briefly, but the key thing I wish to emphasise is that there is no risk-free option. Regardless of the equipment used, our telecoms networks, Government bodies, businesses and critical national infrastructure operators will always be targets for nation states, aggressors, criminals and hackers. The key thing is to manage the risk and reduce it to an acceptable level. That is what, in my view, the telecoms security requirements achieve.