Chi Onwurah (Newcastle upon Tyne Central) (Lab) Q Emily, what other
security threats are not fully addressed by the Bill? How can we
ensure that our networks are resilient to future security threats?
I am thinking of the consolidation in cloud services, for example.
As we move to more software-based networks, more and more of the
value is in the cloud services. Say, for example, Amazon Web
Services was bought by a Chinese company. Would you consider that a
threat to the security of our...Request free trial
(Newcastle upon Tyne Central) (Lab)
Q Emily, what other security threats are not fully addressed by the
Bill? How can we ensure that our networks are resilient to future
security threats? I am thinking of the consolidation in cloud
services, for example. As we move to more software-based networks,
more and more of the value is in the cloud services. Say, for
example, Amazon Web Services
was bought by a Chinese company. Would you consider that a threat
to the security of our networks?
Emily Taylor, Chief Executive, Oxford Information
Labs: Thank you very much for those questions. As a general
point about the cyber-security of critical national infrastructure,
I feel a little like we have been fetishising 5G and a single
company for the last two years, perhaps at the expense of a more
holistic awareness of systemic cyber-security risks. spoke eloquently
yesterday about the need for flexibility in what critical national
infrastructure is. The last year has shown us that what is critical
very much depends on what you are going through at the time.
Healthcare systems probably would not have been top of the list two
years ago, but now they are. The SolarWinds attack shows that the
identity of the vendor is not always the key risk point. SolarWinds
is a very trusted vendor from a like-minded, close ally country,
and yet it turns out to be a critical single point of failure
across key, very sensitive Government Departments, both in the US
and the UK.
Thank you for talking about consolidation across cloud services,
Chi. One of my reflections on open RAN is that, although, of
course, I am excited at the idea of open, interoperable standards,
which would prevent vendor blocking, most of my experience has been
in the internet environment rather than the mobile environment, and
we are replete with open, interoperable standards, but we have a
major competition problem. That in itself is not going to be enough
of a lever to secure diversification.
On the point about acquisitions, particularly where you have
cutting-edge technologies coming through, this country is really
good at R&D—we have wonderful universities full of very brainy
people who are creating things—but there does not seem to be the
follow-through to create world-beating companies that can compete
across the world stage. Why is that? It is because they either get
sold to the US or to China. Of course, the foreign investment
security strategies are all part of this as well, but you make a
key point. If Amazon Web Services
was sold to a frenemy country, that would potentially introduce the
same kind of, at least theoretical, security risks that we have
been troubled by over Huawei and 5G.
(Parliamentary Under-Secretary of State for Digital, Culture,
Media and Sport):
Q Thank you for what you have said thus far. Some of it has
touched on the National Security and Investment Bill, which I think
is a complementary part of this. A lot of what you talked about
regarding any reservations you might have was around, essentially,
the resources for Ofcom—something that I think we will be talking
about quite a lot in Committee. I am looking forward to saying that
Ofcom will have all of the resources that it needs. I wonder how
you think the Government could best demonstrate, beyond that short
statement, that Ofcom is getting the resources that it
needs.
Dr Alexi Drew, Research Associate at the Centre for
Science and Security Studies, Kings College, London: I think
what needs to be considered in that question is the type of
resources that will be the hardest for Ofcom to acquire. I frankly
believe it is not necessarily technology; I believe it is actually
personnel. The edge that is given to companies that have already
been mentioned in your hearings today—Google, Microsoft, Facebook
et al—is not necessarily in the technology, but in those who design
the technology. Those people are hard to come by at the level that
we require them at. They are also very hard to keep, because once
they reach that level of acumen and they have Google, Facebook
or Amazon on their CV, they can
pretty much choose where they go and, often, how much they ask for
in the process.
To read all the exchanges, CLICK
HERE
|
