Could the use of ZTE’s equipment and services pose a significant enough threat to blacklist them? Well, according to the National Cyber Security Centre (NCSC), it can. The governmental organisation has written to UK telecoms providers warning them not to use ZTE equipment, and has even gone so far as to blacklist the company altogether.
But is this move actually that surprising? Well not really, and actually it coincides with the US government’s decision to ban American businesses from selling components to the Chinese state-owned firm.
ZTE has yet to respond to this revelation, however. Speaking about their duty, Dr Ian Levy, technical director at NCSC says, “It is entirely appropriate and part of NCSC’s duty to highlight potential risks to the UK’s national security and provide advice based on our technical expertise.”
“NCSC assess that the national security risks arising from the use of ZTE equipment or services within the context of the existing UK telecommunications infrastructure cannot be mitigated.”
ZTE is a major player in the networking market around the world, and as recently as 2011 the firm formed a research and development partnership with BT here in the UK. Not only did it work together to further the networking industry, BT also distributed modems manufactured by ZTE to consumers across the UK.
A spokeswoman for BT says, “Such projects focus on the future uses of networks. Technologies and do not necessarily result in the commercial deployment of the research partner’s kit in our network.”
She adds that BT had ‘a robust testing regime in place’ to ensure its network remained secure.
Are we opening ourselves up to ‘unacceptable risk’?
Back in 2012, the US House Intelligence Committee warned that both ZTE and another Chinese firm, Huawei, posed a security threat. According to the Financial Times, Dr Levy referenced that previous guidance in the letter sent to the UK telecoms sector.
The letter reads, “The UK telecommunications network already contains a significant amount of equipment supplied by Huawei, also a Chinese equipment manufacturer. Adding in new equipment and services from another Chinese supplier would render our existing mitigations ineffective.”
Parent organisation of NCSC, GCHQ, is known to already carry out checks on Huawei equipment. Former consultant to GCHQ, Alan Woodward says, “What you’re seeing here is that the UK government has finite resources. We could end up in a situation where the checks and balances needed to protect our security are insufficient, and effectively overwhelmed.
“Using yet more equipment sourced from China could mean that we open ourselves up to an unacceptable risk.”
The US’s action against ZTE stems from the fact the firm sold on US hardware and software to an Iranian telecoms carrier, in breach of sanctions imposed by Washington. ZTE pled guilty to the offence and paid a £621m penalty.
This action will be far more prolific than a simple fine, however. It could risk ZTE’s relationship with Google, as the search engine may be prevented from selling its Android licenses to the firm, while Qualcomm will also be stopped from providing ZTE with Snapdragon processors for its range of smartphones.