Asked by: Bob Seely (Conservative - Isle of Wight)
Question to the Department for Digital, Culture, Media & Sport:
To ask the Minister of State, Department for Digital, Culture, Media and Sport, what representations the Government has received from the (a) French Government, (b) Australian Government, (c) US Administration and (d) Czech Government on the safety of Huawei systems.
Answered by Matt Warman
The Telecoms Supply Chain Review included an international workstream to take account of the range of international positions so that they could be factored into UK decision-making.
In reaching the final decision on high risk vendors, the Government took into consideration the full range of threats and risks informed by the technical and security expertise of the UK’s intelligence community, led by the National Cyber Security Centre, together with all relevant information, both public and classified, including that from partners.
Asked by: Bob Seely (Conservative - Isle of Wight)
Question to the Department for Digital, Culture, Media & Sport:
To ask the Minister of State, Department for Digital, Culture, Media and Sport, for what reasons the Government's assessment of the safety of Huawei systems is different to the assessments of those systems made by the (a) French Government, (b) Australian Government, (c) US Administration and (d) Czech Government.
Answered by Matt Warman
The Telecoms Supply Chain Review included an international workstream to take account of the range of international positions so that they could be factored into UK decision-making.
In reaching the final decision on high risk vendors, the Government took into consideration the full range of threats and risks informed by the technical and security expertise of the UK’s intelligence community, led by the National Cyber Security Centre, together with all relevant information, both public and classified, including that from partners.
Asked by: Bob Seely (Conservative - Isle of Wight)
Question to the Department for Digital, Culture, Media & Sport:
To ask the Minister of State, Department for Digital, Culture, Media and Sport, what assessment his Department has made of the adequacy of the model provided by the UK Huawei Cyber Security Evaluation Centre on mitigating the risks to UK national security of Huawei's involvement in the UK's critical networks.
Answered by Matt Warman
The Government has complete confidence in the independent technical assessment of the UK’s security experts. The security analysis conducted by the National Cyber Security Centre underpinned the final conclusions of the Government’s Telecoms Supply Chain Review.
NCSC published a summary of its security analysis which informed the conclusions of the Review. This analysis includes a summary of NCSC’s assessment of the distinction between the ‘core’ and ‘edge’ of the network under section 8.3.1. The analysis states that:
“In 5G networks, core functions can be relocated nearer the ‘edge’ of the network. This has been described as blurring the line between core and edge. This is technically inaccurate as the ‘core’ is defined by a set of functions, standardised within [5], rather than a location. Consequently, the distinction between the two remains clear, as does the advice above. Our advice remains that HRVs are excluded from performing core functions, and this applies whether these functions are deployed centrally or towards the ‘edge’. Our understanding is that this clarification is unlikely to be consequential in the UK, as we are informed that core functions may run near the edge, but not actually on edge access equipment (such as base stations).”
The summary of NCSC’s security analysis can be found at: https://www.ncsc.gov.uk/report/summary-of-ncsc-security-analysis-for-the-uk-telecoms-sector.
In reaching the final decision on high risk vendors, the UK Government took into consideration the full range of risks, including in relation to malicious code or programming errors.
Huawei’s presence in the UK has been subject to detailed, formal oversight through the Huawei Cyber Security Evaluation Centre (HCSEC), and we remain confident in these arrangements. However the Government recognises that HCSEC alone cannot mitigate all the risks, and that is why the final conclusions of the Telecoms Supply Chain Review - as announced on 28 January - set out the additional controls that should be applied to high risk vendors.
Asked by: Bob Seely (Conservative - Isle of Wight)
Question to the Department for Digital, Culture, Media & Sport:
To ask the Minister of State, Department for Digital, Culture, Media and Sport, what assessment his Department has made of the comments by former Chief of MI6, Sir Richard Dearlove in respect of the Government's UK Telecommunications strategy.
Answered by Matt Warman
The Telecoms Supply Chain Review included an international workstream to take account of the range of international positions so that they could be factored into UK decision-making.
In reaching the final decision on high risk vendors, the Government took into consideration the full range of threats and risks informed by the technical and security expertise of the UK’s intelligence community, led by the National Cyber Security Centre, together with all relevant information, both public and classified, including that from partners.
Asked by: Bob Seely (Conservative - Isle of Wight)
Question to the Department for Digital, Culture, Media & Sport:
To ask the Minister of State, Department for Digital, Culture, Media and Sport, what assessment his Department has made of the adequacy of the UK Cyber experts' review of security risks in respect of the Government's proposed 5G solution.
Answered by Matt Warman
The Government has complete confidence in the independent technical assessment of the UK’s security experts. The security analysis conducted by the National Cyber Security Centre underpinned the final conclusions of the Government’s Telecoms Supply Chain Review.
NCSC published a summary of its security analysis which informed the conclusions of the Review. This analysis includes a summary of NCSC’s assessment of the distinction between the ‘core’ and ‘edge’ of the network under section 8.3.1. The analysis states that:
“In 5G networks, core functions can be relocated nearer the ‘edge’ of the network. This has been described as blurring the line between core and edge. This is technically inaccurate as the ‘core’ is defined by a set of functions, standardised within [5], rather than a location. Consequently, the distinction between the two remains clear, as does the advice above. Our advice remains that HRVs are excluded from performing core functions, and this applies whether these functions are deployed centrally or towards the ‘edge’. Our understanding is that this clarification is unlikely to be consequential in the UK, as we are informed that core functions may run near the edge, but not actually on edge access equipment (such as base stations).”
The summary of NCSC’s security analysis can be found at: https://www.ncsc.gov.uk/report/summary-of-ncsc-security-analysis-for-the-uk-telecoms-sector.
In reaching the final decision on high risk vendors, the UK Government took into consideration the full range of risks, including in relation to malicious code or programming errors.
Huawei’s presence in the UK has been subject to detailed, formal oversight through the Huawei Cyber Security Evaluation Centre (HCSEC), and we remain confident in these arrangements. However the Government recognises that HCSEC alone cannot mitigate all the risks, and that is why the final conclusions of the Telecoms Supply Chain Review - as announced on 28 January - set out the additional controls that should be applied to high risk vendors.
Asked by: Bob Seely (Conservative - Isle of Wight)
Question to the Department for Digital, Culture, Media & Sport:
To ask the Minister of State, Department for Digital, Culture, Media and Sport, what assessment he has made of whether Huawei has the ability to remove malicious code introduced by third-parties.
Answered by Matt Warman
The Government has complete confidence in the independent technical assessment of the UK’s security experts. The security analysis conducted by the National Cyber Security Centre underpinned the final conclusions of the Government’s Telecoms Supply Chain Review.
NCSC published a summary of its security analysis which informed the conclusions of the Review. This analysis includes a summary of NCSC’s assessment of the distinction between the ‘core’ and ‘edge’ of the network under section 8.3.1. The analysis states that:
“In 5G networks, core functions can be relocated nearer the ‘edge’ of the network. This has been described as blurring the line between core and edge. This is technically inaccurate as the ‘core’ is defined by a set of functions, standardised within [5], rather than a location. Consequently, the distinction between the two remains clear, as does the advice above. Our advice remains that HRVs are excluded from performing core functions, and this applies whether these functions are deployed centrally or towards the ‘edge’. Our understanding is that this clarification is unlikely to be consequential in the UK, as we are informed that core functions may run near the edge, but not actually on edge access equipment (such as base stations).”
The summary of NCSC’s security analysis can be found at: https://www.ncsc.gov.uk/report/summary-of-ncsc-security-analysis-for-the-uk-telecoms-sector.
In reaching the final decision on high risk vendors, the UK Government took into consideration the full range of risks, including in relation to malicious code or programming errors.
Huawei’s presence in the UK has been subject to detailed, formal oversight through the Huawei Cyber Security Evaluation Centre (HCSEC), and we remain confident in these arrangements. However the Government recognises that HCSEC alone cannot mitigate all the risks, and that is why the final conclusions of the Telecoms Supply Chain Review - as announced on 28 January - set out the additional controls that should be applied to high risk vendors.
Asked by: Bob Seely (Conservative - Isle of Wight)
Question to the Department for Digital, Culture, Media & Sport:
To ask the Minister of State, Department for Digital, Culture, Media and Sport, what assessment he has made of the durability of the distinction between core and periphery in the 5G network in respect of the Government's decision to limit Huawei's involvement to core aspects of that network.
Answered by Matt Warman
The Government has complete confidence in the independent technical assessment of the UK’s security experts. The security analysis conducted by the National Cyber Security Centre underpinned the final conclusions of the Government’s Telecoms Supply Chain Review.
NCSC published a summary of its security analysis which informed the conclusions of the Review. This analysis includes a summary of NCSC’s assessment of the distinction between the ‘core’ and ‘edge’ of the network under section 8.3.1. The analysis states that:
“In 5G networks, core functions can be relocated nearer the ‘edge’ of the network. This has been described as blurring the line between core and edge. This is technically inaccurate as the ‘core’ is defined by a set of functions, standardised within [5], rather than a location. Consequently, the distinction between the two remains clear, as does the advice above. Our advice remains that HRVs are excluded from performing core functions, and this applies whether these functions are deployed centrally or towards the ‘edge’. Our understanding is that this clarification is unlikely to be consequential in the UK, as we are informed that core functions may run near the edge, but not actually on edge access equipment (such as base stations).”
The summary of NCSC’s security analysis can be found at: https://www.ncsc.gov.uk/report/summary-of-ncsc-security-analysis-for-the-uk-telecoms-sector.
In reaching the final decision on high risk vendors, the UK Government took into consideration the full range of risks, including in relation to malicious code or programming errors.
Huawei’s presence in the UK has been subject to detailed, formal oversight through the Huawei Cyber Security Evaluation Centre (HCSEC), and we remain confident in these arrangements. However the Government recognises that HCSEC alone cannot mitigate all the risks, and that is why the final conclusions of the Telecoms Supply Chain Review - as announced on 28 January - set out the additional controls that should be applied to high risk vendors.