We were interested to read over the weekend that there may be hardware trapdoors or software trojans in Huawei next generation network equipment supplied to BT for its 21CN NGN network, according to a report in The Sunday Times.
At what point does this become a regulatory issue? The Privacy and Electronic Communications (EC Directive) Regulations 2003 impose an obligation on providers of public electronic communications services to:
“take appropriate technical and organisational measures to safeguard the security of that service” (See Reg. 5).
The service provider can require the network provider to comply with its reasonable requests concerning implementation of these appropriate measures. Where a significant security risk remains, then subscribers are supposed to be told.
We look forward to Ofcom investigating whether BT has done the appropriate technical due diligence on Huawei equipment and the statement from BT that it has addressed the security risks to its public electronic communications services!