GCHQ boss says UK must be vigilant againt Chinese tech firms
Jeremy Fleming said the UK will not compromise on 5G security
The head of GCHQ has said the UK is a world leader in cyber security but added that it must be alert to the potential dangers of using Chinese technology in its telecommunications infrastructure.
Delivering a keynote speech in Singapore on Monday, GCHQ director Jeremy Fleming said the UK had "the toughest oversight regime in the world" and that it was unwilling to compromise on security for the rollout of technologies such as 5G.
His comments come at a time when Chinese technology companies, most notably Huawei, have come under increased scrutiny from western countries over security fears.
The US, in particular, has aggressively moved to clamp down on the use of Huawei technology, as it believes the company has ties to the Chinese government and is encouraging its allies to boycott the company when considering 5G partners.
Huawei has always maintained that it operates independently of the Chinese state, and points to its existing influence in the 4G industry.
GCHQ director Jeremy Fleming said the UK will not compromise on 5G security
"GCHQ is at the heart of the policy consideration underway and we already have a role managing Huawei's presence in our existing networks," said Fleming.
"We think this is probably the toughest oversight regime in the world. [Huawei has] revealed significant problems with their cyber security practice... which have caused them to commit to a multimillion-pound remedial programme. We've been crystal clear that with Huawei we will not compromise on the improvements we expect."
Fleming also reiterated that the UK has yet to decide on what security policies it will enforce to govern 5G supply chains.
The National Cyber Security Centre, which is part of GCHQ, issued a letter to telecoms companies in November warning that extra care should be taken when selecting 5G suppliers and that security should remain a priority. Analysts believed the letter, which did not specify any companies of concern, was directed against Chinese companies such as Huawei and ZTE.
BT announced in December that it would be removing Huawei equipment from its 4G network in order to fulfil a 2006 pledge that it would distance itself from any technology deemed to be a potential security risk. In that case, BT became concerned that Huawei's engineering process had repeatedly failed to mitigate security risks in its base source code, but added that the company would remain an "important equipment provider and innovation partner".
"We have to understand the opportunities and threats from China's technological offer, understand the global nature of supply chains and service provision irrespective of the flag of the supplier," said Fleming, adding that the UK must "take a clear view on the implications of China's technological acquisition strategy in the west."
The US has launched legal action against the firm that alleges further instances of illegal activity, including bank fraud, obstruction of justice and theft of technology.
Huawei's founder, Ren Zhengfei, told the BBC that US attempts to "crush" his company would be blocked, and suggested that the company continues to be instrumental in the rollout of cutting-edge technology.
Beyond the scope of Huawei and China, Fleming said UK's position as a leading cyber power means it must be prepared to conduct its own cyber attacks to disrupt organisations such as ISIS.
"The UK is a global cyber power with the potential to provide leadership in this debate. GCHQ is at the heart of that and will make sure the opportunities presented by this cyber future are fully realised."
What you need to know about migrating to SAP S/4HANA
Factors to assess how and when to begin migrationDownload now
Your enterprise cloud solutions guide
Infrastructure designed to meet your company's IT needs for next-generation cloud applicationsDownload now
Testing for compliance just became easier
How you can use technology to ensure compliance in your organisationDownload now
Best practices for implementing security awareness training
How to develop a security awareness programme that will actually change behaviourDownload now