My Lords, Her Majesty’s Government want the UK to be a science superpower. Two key planks in achieving this are security and digital connectivity. The UK already influences and shapes global cyber standards and we have committed huge investment to counter cyber threats and to meet our digital infrastructure targets. Back in 2016, we invested £1.9 billion to bolster our cybersecurity, setting up the National Cyber Security Centre and investing in economic resilience, innovation and skills. Now we have gone further, with an additional £2.6 billion being invested over the next three years. The National Cyber Security Centre has stopped 2.7 million online scams in the past year alone, and the new National Cyber Force will proactively counter cyber threats that we face.
Our investment in innovation has seen more than 40 tech unicorns—that is, start-up businesses now valued at over $1 billion—grow outside London, with 100 more in the pipeline. We have invested significantly in superfast broadband, bringing it to 97% of premises,
and are now driving investment in gigabit broadband, with over 68% of premises now able to access this technology. But we need to keep investing in emerging technologies to secure ourselves against future threats and realise the opportunities of a digital economy. Monthly broadband use has doubled in four years and continues to rise every year. Cyber threats are proliferating and technology is not always secure by design. That is why we have introduced this Bill.
We want to fulfil our commitment to delivering faster digital connectivity and to ensure that, as we grow, our technology is secure. The Bill will facilitate the extension of futureproofed gigabit-capable broadband and 5G networks, and improve the protection of people, networks and infrastructure from the harms caused by insecure consumer-connectable products. I will start with the telecommunications measures, explaining why they are necessary and what their intended effect is. Following this, I will turn to the product security measures and outline why it is important to consider digital infrastructure and cybersecurity in conjunction.
The Government are committed to delivering digital growth by building a stronger, more connected and more secure UK. This is even more vital as we build back from the pandemic. We have seen rapid growth in the availability of gigabit broadband, from less than 11% of homes and businesses at the end of 2019 to more than 68% today, but, to deliver much-needed connectivity, we must have a legal framework which encourages and enables the deployment of digital networks.
To that end, we are making good progress through a package of measures. Last year we passed the Telecommunications Infrastructure (Leasehold Property) Act to address one of the key barriers to the deployment of gigabit-capable broadband in blocks of flats. We have also committed to legislate to mandate gigabit connectivity in new-build homes. These regulations will be laid as soon as parliamentary time allows. We continue to work closely with the Department for Transport to ensure that street works support deployment of broadband while protecting the road network.
We are working with industry to support its investment and have committed £5 billion of public funding to ensure that no part of the United Kingdom is left behind. We aim to reach a minimum of 85% gigabit-capable broadband coverage by 2025 and to get as close to 100% as soon as possible. We have also agreed a £1 billion deal with the industry to deliver the shared rural network, which is already delivering improved 4G coverage across the UK. The operators and the rest of the industry remain confident that their combined coverage is expected to be delivered to 95% by the end of 2025. We also aim for the majority of the population to have 5G coverage by 2027.
To improve connectivity, in 2017 we implemented reforms to the Electronic Communications Code, which regulates installation agreements between landowners and telecommunications operators. Some noble Lords here today will have been involved in the scrutiny of that legislation. The aim was to make it easier and more cost effective for digital networks to be installed, maintained and upgraded. However, there is still more
to be done. We need to go further to realise the Government’s ambitions for digital connectivity and levelling up.
The Bill before us will update the Electronic Communications Code, among other pieces of connected legislation, to deliver these ambitions. Specifically, the Bill aims to optimise the use of existing infrastructure. It encourages collaborative relationships between telecommunications operators and site providers. It gives operators the ability to obtain new rights, which will enable them to take advantage of new technologies and pass the benefits on to customers. It builds on previous measures to tackle the issue of unresponsive landowners and ensures that the price paid to host telecoms apparatus is calculated in a consistent way across the country, preventing a digital divide.
Making optimum use of existing cable and fibre networks has a key role to play in upgrading services and increasing competition. The Bill introduces a new automatic right for operators to upgrade or share apparatus installed before the 2017 reforms. This will be subject to specific conditions to ensure that it will not adversely affect landowners. The measures have been considered carefully to deliver significant benefits to the public while ensuring that there will be little impact on landowners.
Furthermore, the Bill rationalises the way in which expired code agreements are renewed. Currently, an operator has to use one of three different statutory renewal routes. The Bill ensures that, whichever route an operator uses, the terms of the renewed agreement will more closely align with the code as it was reformed in 2017. As a result, there will be greater consistency in how agreements are renewed across the UK.
Making better use of existing infrastructure through upgrading and sharing, and a more consistent and efficient renewal process, will not only improve digital services but reduce the need for new installations. This means less disruption from street works and fewer mast installations in both rural and urban settings, which I am sure will be welcomed in all parts of your Lordships’ House.
We are also introducing measures to facilitate greater use of alternative dispute resolution when parties are negotiating the terms of an agreement to install telecommunications apparatus. This is to ensure that disputes are resolved more quickly and cost-effectively, and that litigation is used only where absolutely necessary. We anticipate that this will encourage constructive dialogue between network operators and potential and existing site providers. It will address situations where landowners may feel compelled to accept terms offered by operators by giving them alternative means of resolving disputes without the need for lengthy and costly litigation.
Finally, in situations where landowners are not responsive, we are creating a new court process. This process will provide a quick and inexpensive route for operators to gain time-limited rights to access certain types of land. Again, these measures have been developed to strike the balance between protecting landowners and ensuring that everyone across the UK has access to reliable and quick digital infrastructure.
I turn now to the product security provisions in the Bill, since the demand for faster broadband is driven by the increasing number of devices we are all installing in our homes. Increasingly, we are streaming more programmes on smart televisions and using telephones and tablets for video calling; half of all homes have a smart speaker, smart watches continue to rise in popularity and smart doorbells and cameras are appearing on every street. The average UK household now has nine internet-connected devices, and over 50% of all UK households purchased an additional consumer connectable product during the pandemic.
With this increased ownership and use of consumer connectable products, there comes a heightened risk of cyberattacks. Cybercriminals have taken advantage of consumer vulnerability during the pandemic, and increasingly target consumer connectable products. In the first half of last year alone, we saw 1.5 billion attacks on connectable products—double the figure of the year before. Thousands of people in the UK have been victims of cyberattacks, leaving many with significant losses of money or private data. As we have seen recently, cybercriminals can now use compromised connectable products to attack large infrastructure. In 2016, the Mirai attack disabled internet access across much of the east coast of the United States of America; we still see variants of Mirai-using botnets attacking businesses and infrastructure today. We have made significant progress to develop the UK’s cybersecurity to tackle threats such as these. In 2018, the Government published a code of practice for manufacturers to improve the security of consumer devices. The UK is a world leader in this area, and our code has since been used by Australia and India, among other countries.
Of course, this progress needs to keep up with the ever-evolving cyber landscape—hence the need to legislate now to ensure that our people and networks are better protected. Taken together, the telecoms and product security measures in the Bill work to create a reliable fast broadband network, and to support the growth of more secure consumer connectable products. The Bill will enable the Government to specify mandatory security requirements to ensure that manufacturers, importers and distributors of smart devices work harder to protect consumers from cyber risks. These requirements will be set out in regulations and are supported by experts, industry and our international partners, with whom we continue to work closely to ensure that everyone is well aware of the initial three requirements.
The first is a ban on universal default passwords. Too often, consumer connectable products come with an easy-to-guess password; this makes them vulnerable and risks compromising a user’s privacy and security. The second is that a manufacturer of consumer connectable products must have and maintain an accessible vulnerability policy, obliging them, as a minimum, to receive and respond to reports of security issues in their products. This is important to ensure that manufacturers can be made aware of, and quickly address, any shortcomings in their products, and to foster good practice to protect society as a whole. Finally, manufacturers will be required to be transparent about the minimum length of time for which a product will receive security updates. This should enhance consumers’ awareness, enabling them to consider the
security of products before they purchase them and, in so doing, foster market competition towards enhanced security update periods. Where those three security requirements have not been complied with, businesses will not be allowed to make these products available in the UK. We will be able to monitor, investigate and take enforcement action where necessary.
These are the first steps towards a change in the security landscape for consumer connectable products. We have created this Bill to reflect the need for resilient and adaptive measures to protect consumers and our vital infrastructure. Both the product security and telecoms infrastructure measures in the Bill will be of benefit to the public. We have brought the Bill forward to ensure that, as our digital infrastructure evolves and as we become more connected to the internet, we protect consumers from the dangers which come with this. I hope that noble Lords from across your Lordships’ House will support the Bill, and I look forward to discussing it in detail as we scrutinise it.
3.29 pm