To ask the Minister of State, Department for Digital, Culture, Media and Sport, with reference to the oral statement of the Secretary of State for Foreign and Commonwealth Affairs, of 28 January 2020, Official Report, column 709, on UK Telecommunications, what his Department's definition is of a high-risk vendor.
13 February 2020
As set out in the oral statement of 28 January by the Secretary of State for the Foreign and Commonwealth Office, a high risk vendor is a vendor that poses greater security and resilience risks to UK telecoms. That statement also provided details of the non-exhaustive set of objective factors that were taken account of to assess a vendor as high risk. This set of factors has been further elaborated on in the National Cyber Security Centre’s advice on the use of equipment from high risk vendors in UK telecoms networks that was also published on 28 January and can be found on their website.
The NCSC also published a summary of the security analysis for the UK telecoms sector that informed the conclusions of the Government’s Telecoms Supply Chain Review. The summary notes that sensitive networks either route or have access to sensitive information, and include those directly relating to the operation of government or any safety-related systems and in wider critical national infrastructure. The summary of NCSC’s analysis can be found at: https://www.ncsc.gov.uk/report/summary-of-ncsc-security-analysis-for-the-uk-telecoms-sector.