Commons Sense

Hansard-based summaries and metrics

<-- Back to proposed bills

Telecommunications (Security) Bill - Sitting 3

19 January 2021

Proposing MP
Philip Hollobone Con
Kettering
Type
Public Bill Committee

At a Glance

Issue Summary

Philip Hollobone introduces two witnesses, Emily Taylor and Professor William Webb, who will provide evidence on telecommunications security issues before the Committee. Professor Webb discusses the challenges of influencing international standards and expresses concerns about the proportionality of the Telecommunications (Security) Bill's approach to network security. Chi Onwurah discusses the Telecommunications (Security) Bill and questions Professor Webb about open RAN technology maturity and diversification strategy recommendations. Philip Hollobone is questioning the necessity and impact of focusing solely on 5G and a single company in relation to cybersecurity risks for critical national infrastructure. The discussion revolves around the Telecommunications (Security) Bill and its implications for diversifying suppliers in the telecoms industry. MP Philip Hollobone is leading a session with witnesses discussing the Telecommunications (Security) Bill and the challenges it presents for network security and vendor diversification. Dr Drew discusses China's strategy for market domination through telecommunications and emerging technologies, emphasizing its impact on global influence and domestic security. Dr Drew discusses the impact of telecommunications standards set by Chinese companies like Huawei and ZTE through ITU committees and suggests that UK providers should be more proactive in setting global technical standards. Dr Drew discusses the challenges of balancing security and economic development in telecommunications regulation. Philip Hollobone, as chair of the committee, introduces Simon Saunders and Lindsey Fussell from Ofcom to discuss their roles and responsibilities under the Telecommunications (Security) Bill. The discussion revolves around the responsibilities of Ofcom in implementing security measures for telecommunications under the Telecommunications (Security) Bill. The discussion revolves around the oversight and accountability of Ofcom regarding telecommunications security under the Telecommunications (Security) Bill. The statement discusses Ofcom's responsibilities under the Telecommunications (Security) Bill regarding network security compliance and the challenges associated with ensuring this without making direct national security decisions. The discussion focuses on the responsibilities and accountability of Ofcom regarding national security in telecommunications networks, including the assessment of vendor maturity and the requirement for operators to report network compromises. The statement addresses concerns regarding the Telecommunications (Security) Bill, focusing on how costs will be managed and funded for both Ofcom and operators. MP Philip Hollobone is concluding a session with witnesses regarding the Telecommunications (Security) Bill.

Action Requested

Hollobone invites Members to begin questioning the witnesses on matters within the scope of the Bill.

Key Facts

  • Professor William Webb is a telecoms consultant with experience at Ofcom and DCMS.
  • Emily Taylor is CEO of Oxford Information Labs, a cyber-intelligence consultancy.
  • The Committee is focusing on security issues, diversification strategies, and standards in telecommunications.
  • Standards development is crucial but lengthy and can embed engineers' values.
  • China has significant leadership positions in international standards organizations like ITU-T, with Chinese nationals holding 25 chair or vice-chair positions out of 37 total roles.
  • New IP is an alternative internet architecture being standardized by China.
  • Professor Webb was asked about the maturity of open RAN technology.
  • Mavenir claims its equipment can support 2G, 3G, 4G, and 5G networks.
  • Deploying open RAN in complex city centre base stations is more challenging than in rural areas.
  • Emily Taylor questions the fixation on 5G and a single company at the expense of broader cybersecurity issues.
  • Healthcare systems were not initially considered critical but have become so due to recent events.
  • The SolarWinds attack highlights that even trusted vendors can be critical points of failure.
  • Professor Webb suggests offering financial incentives to operators for a more diversified supplier base.
  • Emily Taylor notes that security investments are expensive and not rewarded by the market, suggesting Government recognition is needed.
  • The telecoms supply chain review last year pointed out that the market does not reward investment in security.
  • Professor Webb expressed scepticism within the sector regarding ORAN's ability to diversify in the short term.
  • Emily Taylor noted that Ofcom will need significant upskilling to handle new security responsibilities under the Bill.
  • Dr Alexi Drew, a research associate at King’s College London, is providing evidence on emerging technologies and their security implications.
  • China views telecoms as a key component of advancing economic strength and geopolitical power.
  • The digital and physical supply chain are becoming increasingly entwined.
  • The Chinese Communist Party aims to shape global internet standards.
  • The ITU standard-setting committees and groups are dominated by Chinese state representation and companies like Huawei and ZTE.
  • Dr Drew believes UK providers can benefit from being more proactive in setting global technical standards.
  • Telecoms providers should inform Ofcom about significant supply chain changes.
  • GCHQ faces difficulty in retaining staff at senior levels.
  • Ofcom has responsibilities across the telecommunications sector but lacks technical capability compared to GCHQ and NCSC.
  • Dr Drew suggests more resourcing is required for whatever cooperative body is created to handle the Bill's requirements.
  • Ofcom will have significant responsibilities related to telecoms security requirements under the Bill.
  • Lindsey Fussell is the group director for networks and communication at Ofcom, overseeing all telecoms regulation including network security.
  • The cost of building up resources for the new duties is estimated between £6 million to £7 million in steady state.
  • Ofcom has existing network security responsibilities.
  • The National Cyber Security Centre (NCSC) and intelligence agencies will advise the Government on national security judgments.
  • STRAP clearance is not currently required for Ofcom staff but would be sought if necessary based on guidance from the NCSC.
  • Kevan Jones questions the adequacy of parliamentary oversight over Ofcom's work due to the classified nature of some decisions.
  • Lindsey Fussell explains that Ofcom is required to provide an annual report to the Secretary of State, who then decides on its publication.
  • Chris Matheson inquires about the process within Ofcom for determining national security matters and seeks clarification on internal movement and capacity within Ofcom.
  • Ofcom has new responsibilities under the Telecommunications (Security) Bill.
  • Operators must have detailed asset registers to meet requirements.
  • Ofcom can share information with the National Cyber Security Centre.
  • Ofcom will expand its STRAP-cleared staff.
  • The legislation places explicit duties on Ofcom to monitor and enforce compliance with network security requirements.
  • Fines for failing to meet standards can be up to 10% of a vendor's annual turnover or £100,000 per day.
  • Currently, operators are required to report incidents that cause outages but under new requirements will need to report any incident where they believe their system may have been compromised.
  • Ofcom expects to spend £6 million to £7 million implementing the bill.
  • Ofcom's funding comes from levies on sectors it regulates and fees primarily collected through spectrum duties.
  • The Government is planning further work on assessing costs for telecom security requirements after companies have reviewed secondary legislation and the code of practice.
  • No specific dates or timelines mentioned.
  • No policy changes, funding commitments, or legislative proposals announced.
Assessment & feedback
Summary accuracy