Asked by: Bob Seely (Conservative - Isle of Wight)
Question to the Department for Digital, Culture, Media & Sport:
To ask the Minister of State, Department for Digital, Culture, Media and Sport, with reference to the oral contribution of the Chancellor of the Duchy of Lancaster and Minister for the Cabinet Office, Official Report, 2 May 2019, column 364, what recent assessment he has made whether Huawei is a private company.
Answered by Matt Warman
The government’s decision to categorise Huawei as a high risk vendor takes into consideration the potential links between Chinese companies and the Chinese State. And the limits we have imposed on the presence of all High Risk Vendors constitute some of the toughest security measures in the telecoms sector in the world.
We have unique insight through the Huawei Cyber Security Evaluation Centre (HCSEC), which was established in 2010. As a result of our work, we know more about Huawei, and the risks it poses, than any other country in the world. Huawei’s operations in the UK are subject to the strongest oversight possible. The company’s presence in the UK has been subject to detailed, formal oversight through the HCSEC, and the HCSEC Oversight Board which has reported annually since 2014.
Asked by: Bob Seely (Conservative - Isle of Wight)
Question to the Department for Digital, Culture, Media & Sport:
To ask the Minister of State, Department for Digital, Culture, Media and Sport, what assessment he has made of the human rights implications of the decision to use of Huawei systems in the UK's 5G network.
Answered by Matt Warman
The UK has been vocal in drawing attention to the systematic human rights violations against Uyghur Muslims and other ethnic minorities in China. Ministers and senior officials regularly raise our concerns both directly with the Chinese and multilaterally. On 29 October, at the UN Third Committee, the UK read out a joint statement, on behalf of 22 other countries, drawing attention to the human rights violations in Xinjiang and calling on China to uphold its obligations to respect human rights. The UK also co-hosted an event on Xinjiang during the UN General Assembly in September.
The Government has also set out its expectations of businesses in the UK National Action Plan on Business and Human Rights and continues to encourage all British businesses to undertake appropriate levels of due diligence before deciding to do business or invest in foreign companies. The United Nations Guiding Principles on Business and Human Rights advises UK companies to respect human rights wherever they operate including adopting appropriate due diligence policies to identify, prevent and mitigate human rights risks, and commit to monitoring and evaluating implementation
Asked by: Bob Seely (Conservative - Isle of Wight)
Question to the Department for Digital, Culture, Media & Sport:
To ask the Secretary of State for Digital, Culture, Media and Sport, if he will make an assessment of the implications for his policies of the findings of the report entitled, Defending Our Data: Huawei, 5G and the Five Eyes published by the Henry Jackson Society in May 2019.
Answered by Matt Warman
In reaching the final decision on high risk vendors, the Government took into consideration the full range of threats and risks informed by the technical and security expertise of the UK’s intelligence community, led by the National Cyber Security Centre, together with all relevant information, both public and classified, including that from international partners.
Asked by: Bob Seely (Conservative - Isle of Wight)
Question to the Department for Digital, Culture, Media & Sport:
To ask the Minister of State, Department for Digital, Culture, Media and Sport, what criteria the Government is using to define the safety critical infrastructure that will be excluded from high risk telecommunications vendors.
Answered by Matt Warman
As set out in the oral statement of 28 January by the Secretary of State for the Foreign and Commonwealth Office, a high risk vendor is a vendor that poses greater security and resilience risks to UK telecoms. That statement also provided details of the non-exhaustive set of objective factors that were taken account of to assess a vendor as high risk. This set of factors has been further elaborated on in the National Cyber Security Centre’s advice on the use of equipment from high risk vendors in UK telecoms networks that was also published on 28 January and can be found on their website.
The NCSC also published a summary of the security analysis for the UK telecoms sector that informed the conclusions of the Government’s Telecoms Supply Chain Review. The summary notes that sensitive networks either route or have access to sensitive information, and include those directly relating to the operation of government or any safety-related systems and in wider critical national infrastructure. The summary of NCSC’s analysis can be found at: https://www.ncsc.gov.uk/report/summary-of-ncsc-security-analysis-for-the-uk-telecoms-sector.
Asked by: Bob Seely (Conservative - Isle of Wight)
Question to the Department for Digital, Culture, Media & Sport:
To ask the Minister of State, Department for Digital, Culture, Media and Sport, if he will make an assessment of the implications for his policies of the evidence reported to have been obtained by US authorities on the involvement of Huawei in sanctions fraud.
Answered by Matt Warman
The Government does not comment on other countries’ ongoing legal processes.
Asked by: Bob Seely (Conservative - Isle of Wight)
Question to the Department for Digital, Culture, Media & Sport:
To ask the Minister of State, Department for Digital, Culture, Media and Sport, with reference to the oral statement of the Secretary of State for Foreign and Commonwealth Affairs, of 28 January 2020, Official Report, column 709, on UK Telecommunications, what his Department's definition is of a high-risk vendor.
Answered by Matt Warman
As set out in the oral statement of 28 January by the Secretary of State for the Foreign and Commonwealth Office, a high risk vendor is a vendor that poses greater security and resilience risks to UK telecoms. That statement also provided details of the non-exhaustive set of objective factors that were taken account of to assess a vendor as high risk. This set of factors has been further elaborated on in the National Cyber Security Centre’s advice on the use of equipment from high risk vendors in UK telecoms networks that was also published on 28 January and can be found on their website.
The NCSC also published a summary of the security analysis for the UK telecoms sector that informed the conclusions of the Government’s Telecoms Supply Chain Review. The summary notes that sensitive networks either route or have access to sensitive information, and include those directly relating to the operation of government or any safety-related systems and in wider critical national infrastructure. The summary of NCSC’s analysis can be found at: https://www.ncsc.gov.uk/report/summary-of-ncsc-security-analysis-for-the-uk-telecoms-sector.
Asked by: Bob Seely (Conservative - Isle of Wight)
Question to the Department for Digital, Culture, Media & Sport:
To ask the Minister of State, Department for Digital, Culture, Media and Sport, with reference to the Foreign Secretary's oral statement to the House of 27 January 2020 on Huawei, Official Report, coulum 533, for what reason the Government decided to give different permissions to high risk vendors for critical and non-critical cyber infrastructure.
Answered by Matt Warman
The Government has complete confidence in the independent technical assessment of the UK’s security experts. The security analysis conducted by the National Cyber Security Centre underpinned the final conclusions of the Government’s Telecoms Supply Chain Review.
NCSC published a summary of its security analysis which informed the conclusions of the Review. This analysis includes a summary of NCSC’s assessment of the distinction between the ‘core’ and ‘edge’ of the network under section 8.3.1. The analysis states that:
“In 5G networks, core functions can be relocated nearer the ‘edge’ of the network. This has been described as blurring the line between core and edge. This is technically inaccurate as the ‘core’ is defined by a set of functions, standardised within [5], rather than a location. Consequently, the distinction between the two remains clear, as does the advice above. Our advice remains that HRVs are excluded from performing core functions, and this applies whether these functions are deployed centrally or towards the ‘edge’. Our understanding is that this clarification is unlikely to be consequential in the UK, as we are informed that core functions may run near the edge, but not actually on edge access equipment (such as base stations).”
The summary of NCSC’s security analysis can be found at: https://www.ncsc.gov.uk/report/summary-of-ncsc-security-analysis-for-the-uk-telecoms-sector.
In reaching the final decision on high risk vendors, the UK Government took into consideration the full range of risks, including in relation to malicious code or programming errors.
Huawei’s presence in the UK has been subject to detailed, formal oversight through the Huawei Cyber Security Evaluation Centre (HCSEC), and we remain confident in these arrangements. However the Government recognises that HCSEC alone cannot mitigate all the risks, and that is why the final conclusions of the Telecoms Supply Chain Review - as announced on 28 January - set out the additional controls that should be applied to high risk vendors.
Asked by: Bob Seely (Conservative - Isle of Wight)
Question to the Department for Digital, Culture, Media & Sport:
To ask the Minister of State, Department for Digital, Culture, Media and Sport, what assessment he has made of the implications for his policies of the findings of the report by the Henry Jackson Society, entitled Defending our Data: Huawei, 5G and the Five Eyes, published on 16 May 2019.
Answered by Matt Warman
The Telecoms Supply Chain Review included an international workstream to take account of the range of international positions so that they could be factored into UK decision-making.
In reaching the final decision on high risk vendors, the Government took into consideration the full range of threats and risks informed by the technical and security expertise of the UK’s intelligence community, led by the National Cyber Security Centre, together with all relevant information, both public and classified, including that from partners.