Gillian Merron on why the UK needs to get a grip on telecoms security
New technologies have long transformed how we work, live and travel, but our experiences during the pandemic have upped the ante on the degree to which we rely on telecommunications networks. And at the same time, it has reinforced how intertwined those networks are with issues of national security – including the first priority of any government to protect its citizens from risk.
When O2 suffered a major network failure in December 2018 due to an expired certificate in Ericsson software, over 32 million users in the UK had their data network go down for up to 21 hours. Hackers targeted TalkTalk in October 2015 stealing the personal data of over a million customers, including bank details, email addresses, and phone numbers. And in March 2015, internet traffic for BT customers, including a UK defence contractor that helps to deliver our nuclear warhead programme, was illegally diverted to servers in Ukraine before being passed along to its final destinations. This incident took place over five days, with no known cause or outcome.
It is important that we legislate for government to have the power to act to prevent dependency on high-risk vendors such as Huawei, and to recognise the blurring of the lines in the grey zone where cyber-attacks on critical infrastructure will become increasingly regular. But the sector should have been subject to rather more attention over a decade ago. Instead, a telecoms industrial strategy has been lacking and we have seen a focus on foreign investors over national security.
During that time, successive Conservative governments have allowed the sector to be dominated by a high-risk vendor, taking us from what were golden times to the current ice age. Regrettably, competition on price rather than security has become the order of the day for telecoms operators. Ministers, meanwhile, failed to notice that security could not be left to the market. The result? In 2010, we had a world-leading infrastructure. Now, we are placed 47th as a nation in the table of broadband speeds.
The Telecommunications (Security) Bill, which has its Lords second reading today, is a necessary step to protect us. But it also raises some key questions and concerns. For example, the decision to exclude the cross-party Intelligence and Security Committee from oversight of the measures in proposed legislation, despite its remit in relation to national security. It does seem that the government has had an unhealthy aversion to the Committee since failing to secure the post of Chair for its preferred candidate.
It is disappointing that the bill is silent on the need for an effective plan to diversify the supply chain. Not least, as there is general agreement that we cannot have a robust and secure network with only two service providers, which is what will be left once Huawei is removed from our networks. Labour wants to see a diversity of suppliers at different points of the chain with sufficient support for the UK’s own start-ups. It’s difficult, however, to see how the government’s initial investment of £250m can make that happen.
With a vast and continuing expansion of Ofcom’s remit, the bill also gives the regulator sweeping new powers and responsibilities. Yet, Ofcom lacks experience in national security, and these changes will need to be met by proper resourcing and the recruitment of people with the right skills and experience, and the required level of security clearance.
I hope ministers realise the UK cannot again end up in another costly debacle like Huawei, but at the very least they need to illustrate that the government is looking to the future rather than letting it continue to overtake us.
Baroness Gillian Merron is a Shadow DCMS Minister in the House of Lords
Published 29th June 2021