Yesterday Ministers determined that UK operators should put in place additional safeguards and exclude high risk vendors from parts of the telecoms network that are critical to security.
High risk vendors are those who pose greater security and resilience risks to UK telecoms networks.
The Prime Minister chaired a meeting of the National Security Council (NSC), where it was agreed that the National Cyber Security Centre (NCSC) should issue guidance to UK Telecoms operators on high risk vendors following the conclusions of the Telecoms Supply Chain Review.
This advice is that high risk vendors should be:
- Excluded from all safety related and safety critical networks in Critical National Infrastructure
- Excluded from security critical ‘core’ functions, the sensitive part of the network
- Excluded from sensitive geographic locations, such as nuclear sites and military bases
- Limited to a minority presence of no more than 35% in the periphery of the network, known as the access network, which connect devices and equipment to mobile phone masts
As part of the Review, the NCSC carried out a technical and security analysis that offers the most detailed assessment in the world of what is needed to protect the UK’s digital infrastructure.
The guidance sets out the practical steps operators should take to implement the government’s decision on how to best mitigate the risks of high risk vendors in 5G and gigabit-capable networks.
The government will now seek to legislate at the earliest opportunity to put in place the powers necessary to implement this tough new telecoms security framework.
The government is certain that these measures, taken together, will allow us to mitigate the potential risk posed by the supply chain and to combat the range of threats, whether cyber criminals, or state sponsored attacks.
The Review also highlighted the need for the UK to improve the diversity in the supply of equipment to telecoms networks.
The government is now developing an ambitious strategy to help diversify the supply chain. This will seek to attract established vendors who are not present in the UK, supporting the emergence of new, disruptive entrants to the supply chain, and promoting the adoption of open, interoperable standards that will reduce barriers to entry.
For more security news visit here.