To ask the Secretary of State for Digital, Culture, Media and Sport, pursuant to the Answer of 20 July to Question 74572, and with reference to the National Cyber Security Centre's guidance entitled, Huawei advice: what you need to know, if he will make an assessment of the risk to (a) national security and (b) individual privacy of the use of (i) consumer devices manufactured by high risk vendors and (ii) Chinese applications and platforms.
1 September 2020
High Risk Vendor (HRV) is a term applied to vendors in the UK telecoms network whose presence may increase security risks for operators – at the present time only Huawei and ZTE have been assessed as HRVs for this purpose.
Following further changes to the US sanctions on Huawei, announced in August 2020, the National Cyber Security Centre (NCSC) is assessing the impact to owners of Huawei and Honor-branded devices in the UK. The change in sanctions may mean that services used by Huawei devices and software updates may, for some products, cease. Devices which can no longer be supported with updates, or access services and app stores, are at increased risk of becoming compromised by criminals if a security vulnerability is discovered. Owners of these devices are encouraged to follow advice which can be found on the NCSC website: Huawei advice: what you need to know, and organisations where employees use personal Huawei devices to access business data and applications, such as email, instant messaging, and office applications, should refer to the NCSC guidance on BYOD.
The NCSC regularly updates its advice and guidance for individuals, families and businesses on a range of cyber security related topics. DCMS and NCSC have, in partnership, worked to protect consumers and the wider economy from the range of harms that can arise from vulnerable consumer connected devices. A proposal to mandate basic security principles via regulation is currently open for a Call for Views, with the ambition to introduce legislation as soon as parliamentary time becomes available.