My Lords, with the leave of the House, I will repeat the Answer to an Urgent Question made by my right honourable friend the Secretary of State for DCMS in another place earlier today:
“Thank you, Mr Speaker. The security and resilience of the UK’s telecoms networks are of paramount importance. The UK has one of the world’s largest and most dynamic economies, and we welcome open trade and inward investment in our digital sectors. At the same time, the UK’s economy can prosper only when we and our international partners are assured that our critical national infrastructure remains safe and secure.
As part of our plans to provide world-class digital connectivity, including 5G, DCMS has been carrying out a cross-Whitehall evidence-based review of the supply chain to ensure a diverse and secure supply base. The review aims to ensure stronger cybersecurity across the entire telecommunications sector, greater resilience in telecommunications networks and diversity across the entire 5G supply chain. It has considered the full UK market position, including economic prosperity and the quality, resilience and security of equipment.
Despite the inevitable focus on Huawei, this review is not about one company, or even one country. We have to strike a difficult balance between security and prosperity, and recognise the reality of globalised networks and supply chains although our security interests are pre-eminent, and that has been the focus of the review. The way to ensure that the UK fully realises the potential of 5G is through its safe and secure deployment.
As you would expect given the importance of this subject, it is a thorough review into a complex area, which has made use of the best available expert advice and evidence, including the National Cyber Security Centre. It will report with its conclusions once ministerial decisions have been taken. This review is an important step in strengthening the UK’s security framework for telecoms and ensuring the secure rollout of 5G and full-fibre networks.
I am sure the House will understand that National Security Council discussions should be confidential and will understand why this must be the case. However, I know that honourable Members on all sides of the House feel strongly about this issue. I will make a statement to this House to communicate final decisions at the appropriate time”.
My Lords, I am quite sure that the noble Lord would have asked a very pertinent and searching question, and no doubt he will do it eventually. The fact that much of what is happening is hidden behind this question of a leak limits the Minister’s ability to answer some of the questions, but no doubt the time will come for that. Today, £5 billion is quoted as the likely amount that Facebook will have to pay as a fine for the misappropriation of data and technological information in the last period. The Statement says that the review,
“is not about one company, or even one country”.
Are we not already in a complicated relationship with firms of this kind from America? Can we have a global set of assurances that all these sources of information will be adequately managed for the well-being of us all?
The noble Lord is exactly right. As I said, this is not just about one country. The National Security Council looks at all these issues. The problem with a global network such as the internet is that threats can come from any country, and they may originate in one but attack through another. It is complicated. In this country, we have one of the best organisations to deal with this: the National Cyber Security Centre in GCHQ. The main thing to stress is that our security is pre-eminent, but we have to strike a balance with new and emerging economies and how we deal with them—and not just with regard to cybersecurity.
My Lords, the security of the UK is greatly enhanced by its membership of the Five Eyes group of countries, almost all of which are very concerned that Chinese tech companies are required by law to co-operate with Chinese security agencies. Five Eyes countries will continue to share sensitive intelligence with the UK only if they have trust and confidence in our security services. What assessment have the Government made of the damage caused by the alleged leak from the National Security Council—both the fact that there has been a leak and the content of the alleged leak?
To pick up on the noble Lord’s first point, I do not place a huge amount of importance on the Chinese law that he referred to, which requires companies to co-operate with the Government. If anyone thought beforehand that that law did not exist, they were unwise. On his point about security and the leak, I can only re-emphasise that when security matters are discussed at government level, they should be kept confidential. There is an assessment of that going on at No. 10 at the moment, but I have no details of it because it has not been completed.
My Lords, is my noble friend aware that he is sounding much more hesitant and uncertain of himself than is normal? Is that because he is in fact one of those who are concerned that a company under the control of the Chinese Government will have a very large degree of control over our most sensitive communications? It really is no good that some Ministers are alleged to have said, according to the newspapers, that this will be about only the antennae. It occurs to me that all the important information goes through the antennae, does it not?
I assure the House that I do not feel certain about many things. But seriously, my noble friend has a point. However, one should not be led into a false sense of reassurance by saying we should ban one particular company. There are really only about three main suppliers of this 5G equipment: Nokia, Ericsson and Huawei. Both Nokia and Ericsson either have their components assembled in or buy components from China. We must be very careful about trying to give a false sense of reassurance by banning just one company or another.
My Lords, I apologise for leaping in earlier; it is not like Radio 4. It is an absolute disgrace that things discussed at the National Security Council are leaked. I hope the Minister can tell us exactly what is to be done about this and how it will be looked into. It is really disgraceful.
On the work that is going on, does the Minister not agree that it is really important to complete that full survey? This is such a complex subject. Many of the firms referred to have exactly the same sort of problems as Huawei does. We have used Huawei since 2009. We know there are risks. We must never forget that China is a very real risk—let us face it: it has, on an industrial scale, stolen IP from us—but that does not mean that we cannot use its equipment in certain ways, as long as our experts are able to modify that risk.
My Lords, I completely agree with the noble Lord that any leak from the National Security Council is a disgrace. Obviously it should not happen. On what is happening about that, I am not able to comment—and he would not expect me to—on any particular inquiry or investigation, but I can say that the Prime Minister takes leaks from the Government very seriously, particularly when they are to do with security. I will leave it at that.
As far as Huawei in particular is concerned, I absolutely agree with the noble Lord. We must mitigate the risks where we can. We have an extensive oversight programme for Huawei—more extensive than for any other company. We have to face up to the fact that the risks come from not just the hardware but the software, and 5G in particular will mean that upgrades to software will be going through the networks the whole time. That is one of the areas we have to concentrate on and it does not come from a particular supplier of hardware.
My Lords, I commend to the Minister the report of the Intelligence and Security Committee published in 2013, which sets out considerable reservations about the role of Huawei in the United Kingdom. I also support the point made by my noble friend Lord Paddick: it would be hardly in the national interest were we and the other members of the Five Eyes to be at odds on Huawei’s role. Finally, suppose the roles were reversed: can the Minister envisage circumstances in which the Chinese Government would give a similar contract to BT?
I cannot answer for the Chinese Government, but I am sure there are many examples where they have given contracts to UK industry. We must remember that potential IT and cybersecurity problems can come from not just IT manufacturers but industry as well. This is a problem for all Governments. I take the noble Lord’s point about the report he referred to. The review we are doing will take into account all those factors, but a lot has happened in the six years since it was published.
It is a much more nuanced picture across the Five Eyes. I think that Australia has the only de facto ban. The US has restricted Huawei from its federal agencies; it is not barred from US public networks. In this country as well, Huawei is already excluded from defence and security networks.
My Lords, first, I associate myself with what my noble friend said about these absolutely scandalous leaks. Secondly, these reports, coming at a time when we are separating ourselves from our friends and allies in the European Union, seem to suggest that we are now separating ourselves from our friends and allies in the Five Eyes. It is impossible for those of us who have not been privy to the discussions to form a view, but a pattern is beginning to emerge. Another difficulty in interpreting what the Government are doing is that here we have them apparently going to invite the Chinese into this very sensitive sector, when they are already a nuclear power, but the Secretary of State for Defence is notable for his bellicose comments when he talks about sending our aircraft carrier to the South China Sea.
To pick up on one of my noble friend’s points, there is absolutely no question of inviting Huawei into this area; it is here already, and has been for 15 years. The issue is to look at how we mitigate the risks from Huawei—because there are risks, and we acknowledge that. I do not accept his slightly pessimistic view of how we are separating ourselves from the Five Eyes and other security partners in the way that he suggested. As I tried to explain, the Five Eyes approach to Huawei is much more nuanced. We are in exactly the same position as Canada, which is carrying out a review. The US has recently revoked its ban on ZTE and allows Huawei in public networks. New Zealand has suggested that one telecoms manufacturer should not be allowed but is also reviewing its position, so in many cases in the Five Eyes we are in exactly the same position as others. We understand that there is a risk; we have to do our best to mitigate it.