Submitted via IRC for AnonymousLuser
UK to toughen telecoms security controls to shrink 5G risks – TechCrunch
Amid ongoing concerns about security risks posed by the involvement of Chinese tech giant Huawei in 5G supply, the U.K. government has published a review of the telecoms supply chain, which concludes that policy and regulation in enforcing network security needs to be significantly strengthened to address concerns.
However, it continues to hold off on setting an official position on whether to allow or ban Huawei from supplying the country’s next-gen networks — as the U.S. has been pressurizing its allies to do.
Giving a statement in parliament this afternoon, the U.K.’s digital minister, Jeremy Wright, said the government is releasing the conclusions of the report ahead of a decision on Huawei so that domestic carriers can prepare for the tougher standards it plans to bring in to apply to all their vendors.
“The Review has concluded that the current level of protections put in place by industry are unlikely to be adequate to address the identified security risks and deliver the desired security outcomes,” he said. “So, to improve cyber security risk management, policy and enforcement, the Review recommends the establishment of a new security framework for the UK telecoms sector. This will be a much stronger, security based regime than at present.
“The foundation for the framework will be a new set of Telecoms Security Requirements for telecoms operators, overseen by Ofcom and government. These new requirements will be underpinned by a robust legislative framework.”
Wright said the government plans to legislate “at the earliest opportunity” — to provide the regulator with stronger powers to to enforcement the incoming Telecoms Security Requirements, and to establish “stronger national security backstop powers for government.”
The review suggests the government is considering introducing GDPR-level penalties for carriers that fail to meet the strict security standards it will also be bringing in.
First policy response will be 'soft', common cybersecurity standards. Then regulations, with strict standards and #GDPR like fines. New powers allowing to compel telecoms to do something. And work to increase diversity. pic.twitter.com/nBLWneFUDK
— Lukasz Olejnik (@lukOlejnik) July 22, 2019
Related Stories
UK reportedly planning to phase out Huawei equipment from its 5G networks
After resisting pressure from the US for months, Prime Minister Boris Johnson is apparently preparing to phase out the use of Huawei equipment from the UK's 5G networks, the Financial Times reported. Citing national security concerns, members of the UK's Conservative party have pushed for Huawei technology to be removed from the UK's 5G infrastructure and the rest of its telecom network by 2023.
[...] Trump reportedly called Johnson earlier this year to discuss the matter, and at least one member of Congress said the US was reconsidering its intelligence partnership with the UK.
Johnson had limited how much Huawei equipment could be used for 5G networks in the UK, banning the use of the company's technology in the most sensitive parts of the network. He said in January that there were not a lot of other options available for the UK's 5G infrastructure, and telecom Vodafone said removing Huawei equipment from its networks would be extremely costly.
See also: Reports: UK to cut Huawei's involvement in 5G network
Boris Johnson forced to reduce Huawei's role in UK's 5G networks
Previously:
U.S. Intelligence Agency Heads Warn Against Using Huawei and ZTE Products
Huawei's Equipment Removed from UK Telecom BT's Network for Emergency Services
EU to Drop Threat of Huawei Ban but Wants 5G Risks Monitored
UK to Toughen Telecoms Security Controls to Shrink 5G Risks
How China Is Building A World-Beating Phone Network
Using Huawei in UK 5G Network 'Madness', Says US
Getting Huawei Out of US Networks Requires Gov't Funding, Senators Say
Huawei Fires Back, Points To US' History Of Spying On Phone Networks
TSMC Dumps Huawei
(Score: 0) by Anonymous Coward on Wednesday July 24 2019, @09:14AM (4 children)
The only really, actually secure system is inside a safe (no cables, no wireless, no external power, nothing at all), in a nuclear waste container, encased in a 10m sphere of heavily rebarred concrete.
On the moon.
You want a secure phone system? Better spend your psychological energy on not having powerful, mortal enemies (Hint: the Iran situation ...)
(Score: 0) by Anonymous Coward on Wednesday July 24 2019, @11:15AM (1 child)
Moon is definitely not safe. The core of Jupiter however...
(Score: 1, Touché) by Anonymous Coward on Wednesday July 24 2019, @11:41AM
Way to close to Europa.
(Score: 2) by DannyB on Wednesday July 24 2019, @01:03PM (1 child)
Your secure system could still threaten our national security as well as the aliens, by exfiltrating important classified tweets. It would do this by manipulating how much power the machine draws. This would be done slowly. A very low bitrate 'signal' then exists on the power draw, which can be detected from outside the secure insane asylum. It could go unnoticed by the institution's staff.
Fact: We get heavier as we age due to more information in our heads. When no more will fit it accumulates as fat.
(Score: 0) by Anonymous Coward on Wednesday July 24 2019, @04:33PM
Nobody said that the system had to be switched on at all. *I* say it is, so go and prove me wrong! (good luck)
But from a purely theoretical viewpoint you are corrsct, so lets look closer.
Even if the system were active, to exfiltrate data at all would mean a very delicate balancing act between on the one hand heating the sphere's outside fast enough to be observable by a reasonably short-lived observer (lets say, a typical human with a normal lifespan, much less attention span), and on the other hand doing the heating with an inside energy differential compatible with continued functioning of telecoms equipment over said timespan.
The faster you try to communicate, the more fried your components are going to be.
I'm not bored enough to actually calculate the attainable bandwidth, but consider this:
In temperate european latitudes (say Britain, France, Germany, Poland), "two feet deep" is considered to be safe from freezing your-round. Three feet deep, and the soil temperature will hardly vary, staying at the long-term yearly average instead (i.e.: bandwidth 1 sine wave per year). You could extrapolate that linearly and arrive at a very small bandwidth already ... but we're talking about a sphere, so your energy requirements go up roughly with radius cubed (because you gotta heat the volume).
On the other hand, normal telecoms equipment is usually specified to operate from -20 to +65 degrees (the sensible ones, lest you ask). So the maxmimum temperature swing you are allowed to create your heat pulse is 85degrees, rather sharply limiting your energy output available for heating.
Re-cooling would be a of roughly similar speed, most likely. Several factors are coming into play here, among them the efficiency of thermal machines and the second law of thermodynamics, making it even more difficult to calculate, IMVHO, than the heating.
If anybody at all is still reading, I'd be rather fascinated (after having written this, though still too lazy) at seeing somone try to tackle even part of the required calculations :-)
But do keep it reasonable: standard COTS materials (especially the concrete and rebar! No nanotubes!), standard humans and no immortal aliens. Yes, I do realize that the parent poster specifically mentioned aliens, but I'm excluding them until he presents a live, non-contrived specimen :-P
(Score: 2) by Snotnose on Wednesday July 24 2019, @01:25PM (1 child)
Ok, so some Chinese company can sniff your 5G data. You know, that stuff that has a range measured in feet, not miles. How about companies that make routers and modems? How about ISPs that already slurp all your data? How about all these trackers that slurp up where you go and what you do? How about rogue cops with stingrays?
IMHO, 5G is the least of our privacy problems.
Is anyone surprised ChatGPT got replaced by an A.I.?
(Score: 0) by Anonymous Coward on Wednesday July 24 2019, @04:44PM
Nobody cares about your privacy, except you and (perhaps) me.
They want to be able to listen in on and switch off the chinese/russian/iranian phone network. They do not want the chinese/russian/iranian to be able to do the same to them.
Do you remember Kant? Categorical Imperative, anyone?
They are grossly acting against that, acting selfish (at one level or another), thereby effectively comitting a crime against humanity as a whole.
Planetary thinking, people, not nation-state aggression and double-crossing, are the key to survival of the species on this very limited planet!
(Score: 1) by jmichaelhudsondotnet on Wednesday July 24 2019, @06:28PM
Does this entity, the UK government have a history of good cybersecurity and rational administration?
When you are done laughing....I just want to say also that wifi is literally inherently insecure.
It's like if you asked a roman how secure catapulting a thousand copies of their message over the city, what would they say?
And then you let chinese and israeli people operate the catapults because they give you a super great deal and bribe the living shit out of your government.
AND NOW (!) it is time to establish a New Governance Body, to Re-Establish Trust that will now be lead by a right wing populist with a questionable history.
I would say go look up trust again but why don't I just post it here in the clearnet, a lot of people who think their sh*t don't stink seem to have forgotten the meaning of words of late.
Definition of trust
(Entry 1 of 2)
1a : assured reliance on the character, ability, strength, or truth of someone or something
b : one in which confidence is placed
In this light we are in bad shape and need to assume the worst and prepare for a decades long difficult set of maneuvers to get to the point where the people making decisions are not literally the worst, least knowledgable and most incapable people in the world.
With some exceptions but that is what we have to flip around before basically machines will not be attacking us 24 hours a day, and in this pursuit the rational approach to wireless technology is when you literally must be more than 20 feet away from wired jacks, and basically if it needs a password or has to do with money it has no business in the middle of the air.