answer text |
<p>High risk vendors are not in our most sensitive networks. On telecoms CNI, the
Communications Act 2003 places an obligation on Telecoms operators to ensure that
they have 'appropriate measures' in place to manage the security and resilience of
the network. Ofcom are responsible for ensuring that operators meet their obligations
under the Communications Act. In addition, the Huawei Cyber Security Evaluation Centre
(HCSEC) was established in 2010 as part of a wide mitigation strategy to minimise
risk to the UK telecoms critical national infrastructure.</p><p> </p><p>The HCSEC
Oversight Board’s reports are publicly available and all telecommunications operators
have access to its information. The latest Oversight Board report states that in 2018,
several hundred vulnerabilities and issues were reported by HCSEC to UK operators.
This information is expected to be fed into the operator’s corporate risk management
processes. As I said in my Answer of 14 May, it is the responsibility of operators
to ensure the security and resilience of their networks.</p>
|
|