Wij willen met u aan tafel zitten en in een openhartig gesprek uitvinden welke uitdagingen en vragen er bij u spelen om zo, gezamelijk, tot een beste oplossing te komen. Oftewel, hoe kan de techniek u ondersteunen in plaats van dat u de techniek moet ondersteunen.

The UK’s next prime minister must prioritize a decision on whether or not to allow Chinese tech giant Huawei to be a 5G supplier, a parliamentary committee has urged — warning that the country’s international relations are being “seriously damaged” by ongoing delay.

In a statement on 5G suppliers, the Intelligence and Security committee (ISC) writes that the government must take a decision “as a matter of urgency”.

Earlier this week another parliamentary committee, which focuses on science and technology, concluded there is no technical reason to exclude Huawei as a 5G supplier, despite security concerns attached to the company’s ties to the Chinese state, though it did recommend it be excluded from core 5G supply.

The delay in the UK settling on a 5G supplier policy can be linked not only to the complexities of trying to weight and balance security considers with geopolitical pressures but also ongoing turmoil in domestic politics, following the 2016 EU referendum Brexit vote — which continues to suck most of the political oxygen out of Westminster. (And will very soon have despatched two UK prime ministers in three years.)

Outgoing PM Theresa May, whose successor is due to be selected by a vote by Conservative Party members next week, appeared to be leaning towards giving Huawei an amber light earlier this year.

A leak to the press from a National Security Council meeting back in April suggested Huawei would be allowed to provide kit but only for non-core parts of 5G networks — raising questions about how core and non-core are delineated in the next-gen networks.

The leak led to the sacking by May of the then defense minister, Gavin Williamson, after an investigation into confidential information being passed to the media in which she said she had lost confidence in him.

The publication of a government Telecoms Supply Chain Review, whose terms of reference were published last fall, has also been delayed — leading to carriers to press the government for greater clarity last month.

But with May herself now on the way out, having agreed to step down as PM back in May, the decision on 5G supply is on hold.

It will be down to either Boris Johnson or Jeremy Hunt, the two remaining contenders to take over as PM, to choose whether or not to let the Chinese tech giant supply UK 5G networks.

Whichever of the men wins the vote they will arrive in the top job needing to give their full attention to finding a way out of the Brexit morass — with a mere three months til a October 31 Brexit extension deadline looming. So there’s a risk 5G may not seem as urgent an issue and a decision again be kicked back.

In its statement on 5G supply, the ISC backs the view expressed by the public-facing branch of the UK’s intelligence service that network security is not dependent on any one supplier being excluded from building it — writing that: “The National Cyber Security Centre… has been clear that the security of the UK’s telecommunications network is not about one company or one country: the ‘flag of origin’ for telecommunications equipment is not the critical element in determining cyber security.”

The committee argues that “some parts of the network will require greater protection” — writing that “critical functions cannot be put at risk” but also that there are “less sensitive functions where more risk can be carried”, albeit without specifying what those latter functions might be.

“It is this distinction — between the sensitivity of the functions — that must determine security, rather than where in the network those functions are located: notions of ‘core’ and ‘edge’ ate therefore misleading in this context,” it adds. “We should therefore be thinking of different levels of security, rather than a one size fits all approach, within a network that has been built to be resilient to attack, such that no single action could disable the system.”

The committee’s statement also backs the view that the best way to achieve network resilience is to support diversity in the supply chain — i.e. by supporting more competition.

But at the same time it emphasizes that the 5G supply decision “cannot be viewed solely through a technical lens — because it is not simply a decision about telecommunications equipment”.

“This is a geostrategic decision, the ramifications of which may be felt for decades to come,” it warns, raising concerns about the perceptions of UK intelligence sharing partners by emphasizing the need for those allies to trust the decisions the government makes.

It also couches a UK decision to give Huawei access a risk by suggesting it could be viewed externally as an endorsement of the company, thereby encouraging other countries to follow suit — without paying the full (and it asserts vitally) necessary attention to the security piece.

“The UK is a world leader in cyber security: therefore if we allow Huawei into our 5G network we must be careful that that is not seen as an endorsement for others to follow. Such a decision can only happen where the network itself will be constructed securely and with stringent regulation,” it writes.

The committee’s statement goes on to raise as a matter of concern the UK’s general reliance on China as a technology supplier.

“One of the lessons the UK Government must learn from the current debate over 5G is that with the technology sector now monopolised by such a few key players, we are over-reliant on Chinese technology — and we are not alone in this, this is a global issue. We need to consider how we can create greater diversity in the market. This will require us to take a long term view — but we need to start now,” it warns.

It ends by reiterating that the debate about 5G supply has been “unnecessarily protracted” — pressing the next UK prime minister to get on and take a decision “so that all concerned can move forward”.


TechCrunch

The UK’s Information Commissioner is starting off the week with a GDPR bang: this morning, it announced that it has fined British Airways and its parent International Airlines Group (IAG) £183.39 million ($ 230 million) in connection with a data breach that took place last year that affected a whopping 500,000 customers browsing and booking tickets online. In an investigation, the ICO said that it found “that a variety of information was compromised by poor security arrangements at [BA], including log in, payment card, and travel booking details as well name and address information.”

The fine — 1.5% of BA’s total revenues for the year that ended December 31, 2018 — is the highest-ever that the ICO has levelled at a company over a data breach (previous “record holder” Facebook was fined a mere £500,000 last year by comparison).

And it is significant for another reason: it shows that data breaches can be not just just a public relations liability, destroying consumer trust in the organization, but a financial liability, too. IAG is currently seeing volatile trading in London, with shares down 1.5% at the moment.

In a statement to the market, the two leaders of IAG defended the company and said that its own investigations found that no evidence of fraudulent activity was found on accounts linked to the theft (although as you may know, data from breaches may not always be used in the place where it’s been stolen).

“We are surprised and disappointed in this initial finding from the ICO,” said Alex Cruz, British Airways chairman and chief executive. “British Airways responded quickly to a criminal act to steal customers’ data. We have found no evidence of fraud/fraudulent activity on accounts linked to the theft. We apologise to our customers for any inconvenience this event caused.”

Willie Walsh, International Airlines Group chief executive, added in his own comment that “British Airways will be making representations to the ICO in relation to the proposed fine. We intend to take all appropriate steps to defend the airline’s position vigorously, including making any necessary appeals.”

The degree to which companies are going to be held accountable for these kinds of breaches is going to be a lot more transparent going forward: the ICO’s announcement is part of a new directive to disclose the details of its fines and investigations to the public.

“People’s personal data is just that – personal,” said Information Commissioner Elizabeth Denham in a statement. “When an organisation fails to protect it from loss, damage or theft it is more than an inconvenience. That’s why the law is clear – when you are entrusted with personal data you must look after it. Those that don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights.”

The ICO said in a statement this morning that the fine is related to infringements of the General Data Protection Regulation (GDPR), which went into effect last year prior to the breach. More specifically, the incident involved malware on BA.com that diverted user traffic to a fraudulent site, where customer details were subsequently harvested by the malicious hackers.

BA notified the ICO of the incident in September, but the breach was believed to have first started in June. Since then, the ICO said that British Airways “has cooperated with the ICO investigation and has made improvements to its security arrangements since these events came to light.” But it should be pointed out that even before this breach, there were other examples of the company treating data protection lightly. (Now, it seems BA has learned its lesson the hard way.)

From the statement issued by IAG today, it sounds like BA will choose to try to appeal the fine and overall ruling.

While there are a lot of question marks over how the UK will interface with the rest of Europe over regulatory cases such as this one after it leaves the EU, for now it’s working in concert with the bigger group.

The ICO says it has been “lead supervisory authority on behalf of other EU Member State data protection authorities” in this case, liaising with other regulators in the process. This also means that these authorities where its residents were also affected by the breach will also have a chance to provide input on the ruling before it is completely final.


TechCrunch

Created by R the Company. Powered by SiteMuze.