The National Cyber Security Centre (NCSC) in the United Kingdom has issued new advice warning the telecom industry against using equipment and services from ZTE. The statement was released April 15, the same day the United States Department of Commerce banned American companies from selling components to the company. While this event was not mentioned in the NCSC’s statement, it did mention the $1.2 billion fine ZTE received from the U.S. in March after violating sanctions.
A letter from Ian Levy, the NCSC’s technical director, that was circulated to network operators in the U.K. says: “Use of ZTE equipment or services within existing telecommunications infrastructure would present risk to U.K. national security that could not be mitigated effectively or practicably,” according to the Financial Times, which saw a copy of the letter. A brief statement published on the NCSC’s website adds that it’s the watchdog’s “duty to highlight potential risks to the U.K.’s national security and provide advice based on our technical expertise.”
The NCSC’s wording indicates it’s specifically targeting ZTE’s infrastructure equipment, rather than its smartphones. ZTE is the world’s fourth-largest supplier of telecom equipment, according to IHS Markit, with competitor Huawei way out in front, with more than double ZTE’s market share. Huawei is a major supplier of infrastructure equipment in the U.K., which is what seems to be causing the NCSC a headache.
A special department of the Government Communications Headquarters — the Huawei Cyber Security Evaluation Centre (HCSEC) — was set up in 2010 specifically to monitor Huawei’s equipment destined for use in the United Kingdom. Levy says adding another equipment supplier to the HCSEC’s workload would be “an unacceptable national security risk,” and could “render our existing mitigation ineffective.” It’s not only concerns about overworking the HCSEC that have prompted the NCSC to issue the warning. It also mentions new Chinese laws where national intelligence agencies can establish relationships with relevant companies, and potentially commission work.
Over the past months, ZTE and Huawei have been singled out by U.S. security advisers as being potential threats to security. A deal between Huawei, AT&T, and Verizon was an apparent casualty of these statements.
- Data stolen from HealthCare.gov includes partial SSNs and immigration status
- 5 ways Norton products can help protect against cybercrime this holiday season
- Amazon, Apple and government agencies deny Bloomberg’s hacking story
- Personal info of 30,000-plus Pentagon employees compromised in contractor breach
- Critical MacOS Mojave vulnerability bypasses system security