NCSC: Chinese Telecoms Firm ZTE is National Security Risk

Written by

The UK’s National Cyber Security Centre (NCSC) has warned that one of China’s biggest telecoms infrastructure and smartphone firms is a national security risk.

The GCHQ body released a short statement on Monday penned by technical director, Ian Levy, and relating to the use of ZTE “equipment and services” in UK telecoms infrastructure.

“It is entirely appropriate and part of NCSC’s duty to highlight potential risks to the UK’s national security and provide advice based on our technical expertise,” it stated.

“NCSC assess that the national security risks arising from the use of ZTE equipment or services within the context of the existing UK telecommunications infrastructure cannot be mitigated."

Unlike the US, which de facto banned Huawei and ZTE from competing to provide telco infrastructure back in 2012, UK firms have embraced partnerships with the former, with the blessing of government.

It appears as if GCHQ does not have the resources to monitor the equipment of two Chinese firms in its critical infrastructure.

"The UK telecommunications network already contains a significant amount of equipment supplied by Huawei, also a Chinese equipment manufacturer," Levy wrote in a letter to the telecoms sector, according to the FT.

"Adding in new equipment and services from another Chinese supplier would render our existing mitigations ineffective."

The warning from the NCSC coincides with new US sanctions levied against ZTE which will prevent US firms like chipmaker Qualcomm from selling to the company for the next seven years. That’s because it’s said to have broken the agreement signed with Washington after pleading guilty to breaking different sanctions by selling equipment to North Korea and Iran.

It’s believed that BT has an R&D partnership with the Chinese firm, and has distributed routers made by the company, but is playing down its relationship.

A spokeswoman told the BBC that BT has a “robust testing regime in place” to keep its network secure.

“Such [R&D] projects focus on the future uses of networks and technologies and do not necessarily result in the commercial deployment of the research partner's kit in our network,” she added.

What’s hot on Infosecurity Magazine?