Operators could be fined £100,000 per day for failing to comply with Huawei ban
Image credit: REUTERS/Dado Ruvic/File Photo
The Telecommunications (Security) Bill is being laid before Parliament, proposing to give the Government greater powers to cut 'high-risk' vendors such as Shenzhen-based Huawei from the UK’s telecommunications infrastructure.
In July, the Government announced that – despite previously permitting Huawei a limited role in providing equipment for the non-core parts of the UK’s 5G network – it would be entirely shut out of the networks, along with other vendors considered to be "high-risk". Mobile operators will have until 2027 to remove all Huawei equipment from their 5G infrastructure.
The government’s decision to formally exclude Huawei will be enshrined in law by the new bill.
The bill proposes creating new national security powers for imposing controls on when a telecommunications company could use equipment supplied by high-risk vendors. Companies that fail to comply with these rules could face fines of 10 per cent of turnover or £100,000 a day.
Ofcom will be given the responsibility to monitor and assess operators’ security protocols. The regulator will carry out technical testing, staff interviews and on-site visits to view equipment and documents.
“We are investing billions to roll out 5G and gigabit broadband across the country but the benefits can only be realised if we have full confidence in the security and resilience of our networks,” said the Digital Secretary, Oliver Dowden. “This groundbreaking bill will give the UK one of the toughest telecoms security regimes in the world and allow us to take the action necessary to protect our networks.”
According to the Government’s Telecoms Supply Chain Review, self-regulation has not resulted in operators adhering to the best security practices. The new bill will set minimum standards for operators to reach, and lay out new codes of practice to help them comply with their legal obligations regarding high-risk vendors.
A Government statement said that requirements would be likely to include: securely designing, building, and maintaining sensitive core equipment; reducing risks that third-party equipment is unreliable or vulnerable to attack; controlling access to core network equipment on site and to software used to manage networks; carrying out security audits to understand ongoing risks to their networks; and protecting customer data when it is transmitted to different parts of the network. These requirements will be published once the bill is approved.
“The rollout of 5G and gigabit broadband presents great opportunities for the UK but as we benefit from these we need to improve security in our national networks and operators need to know what is expected of them,” said Dr Ian Levy, technical director at the National Cyber Security Centre. “We are committed to driving up standards and this bill imposes new telecoms security requirements which will help operators make better risk management decisions.”
Huawei VP Victor Zhang commented: “It’s disappointing that the Government is looking to exclude Huawei from the 5G roll out. This decision is politically motivated and not based on a fair evaluation of the risks. It does not serve anyone’s best interests as it would move Britain into the digital slow lane and put at risk the government’s levelling up agenda.”
Sign up to the E&T News e-mail to get great stories like this delivered to your inbox every day.