Malcolm Taylor, Head of Cyber Security at ITC Secure:
The NCSC has taken a very sensible approach to this issue, which I think stands in stark contrast to some other countries. Why do I say that? Well, firstly Huawei make and sell some of the most technically capable equipment at competitive prices – it’s commercially sensible to use Huawei when appropriate. Second, and this is perhaps key, good cyber security is about managing risks, there are no absolutes.
The UK approach has been, at heart, risk management; simply not using Huawei is risk avoidance. The UK built the cell and conducted an investigation which led to a report with some requirements for improvement by Huawei, which they have said they will address (and we do need them to reciprocate and make these changes). Now the NCSC – and we shouldn’t forget they are a part of GCHQ and have their antecedents in the UK intelligence services – has continued that sensible approach. Again, good cyber security is about risk management – and that’s ongoing; we need to keep doing what we’re doing, assessing the risk, and making decisions in line with that.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.