Amid ongoing concerns about security risks posed by the involvement of Chinese tech giant Huawei in 5G supply, the U.K. government has published a review of the telecoms supply chain, which concludes that policy and regulation in enforcing network security needs to be significantly strengthened to address concerns.
However, it continues to hold off on setting an official position on whether to allow or ban Huawei from supplying the country’s next-gen networks — as the U.S. has been pressurizing its allies to do.
Giving a statement in parliament this afternoon, the U.K.’s digital minister, Jeremy Wright, said the government is releasing the conclusions of the report ahead of a decision on Huawei so that domestic carriers can prepare for the tougher standards it plans to bring in to apply to all their vendors.
“The Review has concluded that the current level of protections put in place by industry are unlikely to be adequate to address the identified security risks and deliver the desired security outcomes,” he said. “So, to improve cyber security risk management, policy and enforcement, the Review recommends the establishment of a new security framework for the UK telecoms sector. This will be a much stronger, security based regime than at present.
“The foundation for the framework will be a new set of Telecoms Security Requirements for telecoms operators, overseen by Ofcom and government. These new requirements will be underpinned by a robust legislative framework.”
Wright said the government plans to legislate “at the earliest opportunity” — to provide the regulator with stronger powers to to enforcement the incoming Telecoms Security Requirements, and to establish “stronger national security backstop powers for government.”
The review suggests the government is considering introducing GDPR-level penalties for carriers that fail to meet the strict security standards it will also be bringing in.