Gillian Merron on plans afoot in the Lords to ensure UK gets a proper grip on telecoms security
New technologies have long transformed how we work, live and travel, but our experiences during the pandemic have upped the ante on the degree to which we rely on telecommunications networks. At the same time, it has reinforced how intertwined those networks are with issues of national security – including the top priority of any government: to protect its citizens from risk.
When O2 suffered a major network failure in December 2018 due to an expired certificate in Ericsson software, over 32 million users in the UK had their data network go down for up to 21 hours. Hackers targeted TalkTalk in October 2015 stealing the personal data of over a million customers. And in March of the same year, internet traffic for BT customers, including a UK defence contractor that helps deliver our nuclear warhead programme, became illegally diverted to servers in Ukraine before being passed to its final destinations. The latter took place over five days, with no known cause or outcome.
It is important, therefore, that we legislate for government to have the power to act to prevent dependency on high-risk vendors, and to recognise the blurring of the lines in the grey zone where cyber-attacks on critical infrastructure will become increasingly regular. But the sector should have been subject to rather more attention over a decade ago. Instead, a telecoms industrial strategy has been lacking and the focus has been on foreign investors rather than national security.
During that time, successive Conservative governments have allowed Huawei to dominate the sector, taking us from golden times to a creeping ice age. Regrettably, competition on price rather than security has become the order of the day for telecoms operators. Ministers failed to notice that security could not be left to the market. In 2010, the UK had a world-leading infrastructure. Now, we rank 47th in the table of broadband speeds.
The Telecommunications (Security) Bill, the Lords Report stage of which takes place today, is a necessary step to protect us. But the bill has also raised key questions and concerns, especially given the absence of an effective plan to diversify the supply chain. Broad agreement exists that we cannot have a robust and secure network with only two service providers, which is what will remain when Huawei goes. That is why Labour will press for an amendment to ensure a diversity of suppliers at different points of the chain, with sufficient support for the UK’s own start-ups.
Our telecoms security also depends on strengthening our international intelligence bonds, and the Five Eyes (involving the UK, United States, Australia, Canada, and New Zealand), provides the perfect opportunity to do so. The government, however, having promised to work with this alliance in the Integrated Review has resisted introducing a requirement that the UK should automatically review vendors when others in the Five Eyes ban companies from their networks. Such inaction flies in the face of common sense, and Labour will be part of a cross-party move to ensure this all too necessary change in legislation.
As a result of our efforts in the earlier stages of the bill, the government is to accept our arguments that ‘codes of practise’ to be issued by the Secretary of State to telecoms providers must first come before Parliament. Such scrutiny will not only mean proper accountability to and transparency for the public, but is should also improve the effectiveness of security.
I hope Ministers realise the UK cannot again end up in another costly debacle like Huawei. At the very least they need to illustrate that the government is looking to the future rather than letting it continue to overtake us and risk national security. They can start by showing they are truly serious about building up resilience on the home front. Otherwise, what’s the point?
Baroness Gillian Merron is a Shadow DCMS Minister in the House of Lords
Published 19th October 2021