The UK Telecommunications (Security) Act has received Royal Assent, giving the government more control over the use of ‘high risk’ providers in networks, as well as fines of up to £100,000 a day for operators telecommunications that do not respect the line.
In case readers were in any doubt as to the identity of any of these “high-risk” vendors, the department’s statement was titled “Government enshrines power to strip Huawei in law.”
The banhammer was dropped from Huawei’s 5G kit last year. The Shenzhen-based company’s hardware is to be eradicated from UK mobile networks by 2027.
After getting the green light from His Majesty, the 2021 Telecommunications Act is speeding things up somewhat. Businesses that fail to follow instructions from these pesky high-risk suppliers could be fined up to 10% of their turnover or £100,000 a day. The rules were passed last year and putting the law into statute means the government can make regulations through secondary legislation.
While the Department for Digital, Culture, Media and Sport (DCMS) didn’t shy away from naming Huawei in its statement, the law itself doesn’t specify the companies by name. Instead, it’s about making telecommunications networks more secure rather than just leaving it up to carriers to set their own standards.
However, articles such as the “Designated Supplier Instructions” give the Secretary of State a range of powers to prohibit the use of specific suppliers for a number of reasons, including “the interest of national security”.
The regulator Ofcom is responsible for monitoring and evaluating the security of telecommunications providers. It may also visit operators’ premises in person to carry out on-site inspections.
An Ofcom spokesperson said The register“We depend on the internet and our phones for much of our lives now. It is therefore vital that the networks that provide these services are secure and resilient. These new powers will help us hold telecommunications companies to account – making sure they do everything they can to protect their networks and the people who use them.”
As to what the law actually means, Julia Lopez, Minister of Media, Data and Digital Infrastructure, called it a “great step forward”, adding: “Risks to our telecommunications networks can never completely avoided, but we have raised safety standards at all levels.”
The DCMS, also known and loved by some as “the Department of Entertainment” (because it is the Department of Culture, Media and Sport), has listed some of the possible requirements for telecommunications providers in the government :
- Safely design, build and maintain sensitive equipment at the heart of their networks that control their management
- Reduce the risk that equipment provided by third parties in the telecommunications supply chain is unreliable or can be used to facilitate cyberattacks
- Carefully control who has permission to access sensitive onsite core network equipment as well as the software that manages the networks
- Ensure they are able to conduct security audits and implement governance to understand the risks facing their public networks and services
- Keep networks operational for customers and free from interference, while ensuring confidential customer data is protected when sent between different parts of the network
For its part, Huawei has always unsurprisingly denied being a stooge of the Chinese Communist Party; worked annually with the Huawei Cyber Security Evaluation Center (HCSEC), an offshoot of the UK’s National Cyber Security Center, which repeatedly found crappy coding practices, but no security backdoors ; and operated in Britain for years before the British government was forcefully armed by American politicians.
The register has reached out to Huawei for its thoughts and will update when the company responds. ®