Department for Digital, Culture, Media and Sport
Foreign Secretary's statement on Huawei
- Also published by:
- Foreign and Commonwealth Office
Foreign Secretary Dominic Raab yesterday gave a statement in the House of Commons on UK telecommunications and the government's position on high risk vendors.
Mr Speaker, with permission I would like to repeat a statement that my noble Friend the Secretary of State for Digital, Culture, Media and Sport in the other place on the security of the telecoms supply chain.
This government is committed to securing nationwide coverage of gigabit-capable broadband by 2025 because we know the benefits that world-class connectivity can bring. From empowering rural businesses, to enabling closer relationships for the socially isolated, to the new possibilities for our manufacturing and transport industries.
We are removing the barriers to faster network deployment and have committed £5 billion of new public funding to ensure no area is left behind.
It is, of course, essential that these new networks are secure and resilient. That is why the government has undertaken a comprehensive review of the supply arrangements for 5G and full fibre networks.
The Telecoms Supply Chain Review, laid before this House in July, underlined the range and nature of the risks facing our critical digital infrastructure – from espionage and sabotage to destructive cyber-attacks.
We have looked at the issue of how to maintain network security and resilience over many months and in great technical detail. We would never take decisions that threaten our national security or the security of our Five Eyes partners.
As a result, the technical and security analysis undertaken by GCHQ’s National Cyber Security Centre is central to the conclusions of the Review. Thanks to their analysis we have the most detailed study of what is needed to protect 5G, anywhere in the world.
And it is also because of the work of the Huawei Cyber Security Evaluation Centre Oversight Board, established by NCSC, that we know more about Huawei, and the risks it poses, than any other country in the world.
We are now taking forward the Review’s recommendations in 3 areas.
First, world leading regulation. We are establishing one of the strongest regimes for telecoms security in the world – a regime that will raise security standards across the all the UK’s telecoms operators and the vendors that supply to them.
At the heart of the new regime, the NCSC’s new Telecoms Security Requirements guidance will provide clarity to industry on what is expected in terms of network security. The TSRs will raise the height of the security bar and set out tough new standards to be met in the design and operation of the UK’s telecoms networks.
The government intends to legislate at the earliest opportunity to introduce a new comprehensive telecoms security regime – to be overseen by the regulator, Ofcom, and government.
Second, the Review also underlined the need for the UK to improve diversity in the supply of equipment to telecoms networks.
Currently, the UK faces a choice of only 3 major players to supply key parts of our telecoms networks. This has implications for the security and resilience of these networks, as well as for future innovation and market capacity. It is a ‘market failure’ that must be addressed.
The government is developing an ambitious strategy to help diversify the supply chain. This will entail the deployment of all the tools at the government’s disposal, including funding.
We will do 3 things simultaneously:
- we will seek to attract established vendors who are not present in the UK, to our country
- we will support the emergence of new, disruptive entrants to the supply chain
- and we will promote the adoption of open, interoperable standards that will reduce barriers to entry
The UK’s operators are leading the world in the adoption of new, innovative approaches to expand the supply chain.
The government will work with industry to seize these opportunities. And we will also partner with like-minded countries to diversify the telecoms market. Because it is essential that we are never again in a position of having such limited choices when deploying such important new technologies.
The third area covered by the Review was how to treat those vendors which pose greater security and resilience risks to UK telecoms. And I know the House has a particular interest in this area, so I will cover this recommendation in detail.
Those risks may arise from technical deficiencies or considerations relating to the ownership and operating location of the vendor.
As honourable members, the government informed this House in July that it was not in a position to announce a decision on this aspect of the Review.
We have now completed our consideration of all the information and analysis – from the National Cyber Security Centre, industry and from our international partners.
And today, I am able to announce the final conclusions of the Telecoms Supply Chain Review in relation to high risk vendors.
In order to assess a vendor as high risk, the Review recommends a set of objective factors are taken into account. These include:
- the strategic position or scale of the vendor in the UK network
- the strategic position or scale of the vendor in other telecoms networks, particularly if the vendor is new to the UK market
- the quality and transparency of the vendor’s engineering practices and cyber security controls
- the vendor’s resilience both in technical terms and in relation to the continuity of supply to UK operators
- the vendor’s domestic security laws in the jurisdiction where the vendor is based and the risk of external direction that conflicts with UK law
- the relationship between the vendor and the vendor’s domestic state apparatus
- and finally, the availability of offensive cyber capability by that domestic state apparatus, or associated actors, that might be used to target UK interests
To ensure the security of 5G and full fibre networks, it is both necessary and proportionate to place tight restrictions on the presence of any companies identified as high risk.
The debate is not just about ‘the core’ and ‘the edge’ of networks. Nor is it just about trusted and untrusted vendors.
The threats to our networks are many and varied, whether from cyber criminals or state sponsored malicious cyber activity. The most serious recent attack on UK telecoms has come from Russia, and there is no Russian equipment in our networks.
The reality is that these are highly complicated networks relying on global supply chains, where some limited measure of vulnerability is almost inevitable.
The critical security question is: how to mitigate such vulnerabilities and stop them damaging the British people and our economy?
For 5G and full fibre networks, the Review concluded that, based on the current position of the UK market, high risk vendors should be:
- first of all, excluded from all safety related and safety critical networks in Critical National Infrastructure
- secondly, excluded from security critical network functions
- and thirdly, limited to a minority presence in other network functions up to a cap of 35%.
And be subjected to tight restrictions, including exclusions from sensitive geographic locations.
These new controls are also contingent on an NCSC-approved risk mitigation strategy for any operator who uses such a vendor.
We will legislate at the earliest opportunity to limit and control the presence of high risk vendors in the UK network, and to allow us to respond as technology changes.
Over time, our intention is for the market share of high risk vendors to reduce as market diversification takes place.
And I want to be clear that nothing in the Review affects this country’s ability to share highly sensitive intelligence data over highly secure networks, both within the UK and with our partners, including the Five Eyes.
GCHQ have categorically confirmed that how we construct our 5G and full fibre public telecoms network has nothing to do with how we share classified data. And the UK’s technical security experts have agreed that the new controls on high risk vendors are completely consistent with the UK’s security needs.
In response to the Review’s conclusions on high risk vendors, the government has asked NCSC to produce guidance for industry. This guidance was published earlier today on their website.
The NCSC has helped operators manage the use of vendors that pose a greater national security risk, such as Huawei and ZTE, for many years.
This new guidance will include how it determines whether a vendor is high risk. The precise restrictions it advises should be applied to high risk vendors in the UK’s 5G and full fibre networks. And what mitigation measures operators should take if using high risk vendors.
As with other advice from the NCSC on cyber security matters, this advice will be in the form of guidance. The UK expects UK telecoms operators to give due consideration to this advice, as they do with all their interactions with the NCSC.
I hope the whole House will agree that if we are to achieve our digital connectivity ambitions, it is absolutely imperative that we trust the safety and security of our telecom networks.
Risk cannot be eliminated in telecoms. But it is the job of government, Ofcom and industry to work together to ensure we reduce our vulnerabilities and mitigate those risks.
This government’s position on high risk vendors marks a major change in the UK’s approach. When taken together with the tough new security standards that will apply to operators, this approach will substantially improve the security and the resilience of the UK’s telecoms networks, which are a critical part of our national infrastructure. It reflects the maturity of the UK’s market and our world-leading cyber security expertise, and it follows a rigorous and evidenced-based review. It is the right decision for the UK’s specific circumstances.
The future of our digital economy depends on having that trust in safety and security. And if we are to encourage the take-up of new technologies that will transform our lives for the better then we need to have the right measures in place. That is what this new framework will deliver and I commend this statement to the House.
Latest News from
Department for Digital, Culture, Media and Sport
PM unveils plans to mark 75 years since VE Day24/02/2020 12:10:00
With 75 days to go to the 75th anniversary of VE Day, Prime Minister Boris Johnson has announced the UK Government’s plans for the commemorations.
Plans for major expansion of dormant assets scheme to benefit good causes24/02/2020 08:10:00
The dormant assets scheme could be expanded to include a range of financial assets, in a move which could unlock hundreds of millions of pounds for good causes across the UK.
Rural Wales set to benefit from slice of £65 million 5G trials package21/02/2020 11:20:00
South east Wales 5G testbed CoCore to receive £5m in UK Government funding to connect rural communities.
New £65 million package for 5G trials20/02/2020 12:10:00
Winners of £35 million funding pot to help Britain unlock potential of 5G announced Comes as new £30 million 5G competition for sectors including creative industries launched Part of Government’s continued commitment to level up infrastructure across the UK.
DCMS ministerial team confirmed18/02/2020 12:10:00
The Department for Digital, Culture, Media and Sport (DCMS) has welcomed a number of new and returning ministers, following appointments made by Prime Minister Boris Johnson.
Jay Hunt, Michael Birshan, and Eleanor Whitley appointed as Governors of the British Film Institute.17/02/2020 16:10:00
The Secretary of State has appointed Jay Hunt, Michael Birshan and Eleanor Whitley as Governors for the BFI from the 17th of February 2020 to the 17th of February 2024
Government minded to appoint Ofcom as online harms regulator13/02/2020 08:10:00
Telecoms and broadcasting regulator to get role ensuring platforms protect users.
Third of FTSE 100 board members now women, but Business Secretary says more needs to be done10/02/2020 11:42:00
33% of all FTSE 100 board members are now women, up from just 12.5% less than a decade ago.