Question to the Department for Digital, Culture, Media & Sport:
To ask the Minister of State, Department for Digital, Culture, Media and Sport, what criteria the Government is using to define the safety critical infrastructure that will be excluded from high risk telecommunications vendors.
As set out in the oral statement of 28 January by the Secretary of State for the Foreign and Commonwealth Office, a high risk vendor is a vendor that poses greater security and resilience risks to UK telecoms. That statement also provided details of the non-exhaustive set of objective factors that were taken account of to assess a vendor as high risk. This set of factors has been further elaborated on in the National Cyber Security Centre’s advice on the use of equipment from high risk vendors in UK telecoms networks that was also published on 28 January and can be found on their website.
The NCSC also published a summary of the security analysis for the UK telecoms sector that informed the conclusions of the Government’s Telecoms Supply Chain Review. The summary notes that sensitive networks either route or have access to sensitive information, and include those directly relating to the operation of government or any safety-related systems and in wider critical national infrastructure. The summary of NCSC’s analysis can be found at: https://www.ncsc.gov.uk/report/summary-of-ncsc-security-analysis-for-the-uk-telecoms-sector.