Skip links

National Grid latest UK org to zap Chinese kit from critical infrastructure

The National Grid is reportedly the latest organization in the UK to begin pulling China-manufactured equipment from its network over cybersecurity fears.

The contract with the UK subsidiary of China’s state-owned Nari Technology, NR Electric UK, was terminated after seeking advice from the National Cyber Security Centre (NCSC), according to sources who spoke to the Financial Times.

The organizations involved have remained largely tight-lipped over the revelation. The NCSC declined to comment, as did the Department for Energy Security and Net Zero, NR Electric UK did not respond to a request for a statement.

High voltage power grid, in the sunset. Photo by SHutterstock

China caught – again – with its malware in another nation’s power grid

READ MORE

A National Grid spokesperson told The Register: “We do not comment on confidential contractual matters. We take the security of our infrastructure very seriously, and have effective controls in place to protect our employees and critical assets to ensure we can continue to reliably, safely, and securely transmit electricity.”

The components being removed from the UK’s electricity transmission network are those tasked with managing the communication between energy projects and the grid, the newspaper’s sources said. They’re also involved in balancing the grid to minimize the risk of blackouts.

It’s understood that NR Electric UK wasn’t given a reason for the termination of the contract, the decision for which was made in April, and its staff can no longer access the sites where the components are installed.

Cybersecurity concerns were not raised in previous conversations held between NR Electric UK and National Grid, an employee for the Nanjing-based company said. Tests had been carried out by engineers to scrutinize security standards of the network but these had yielded no issues, they added.

Nari Technology, with annual revenues exceeding $6 billion, is owned by Nari Group Corporation – the biggest power infrastructure group in the world. National Grid was its largest customer.

This is the latest example of a Chinese company being ousted from the UK’s critical infrastructure network over cybersecurity concerns.

The UK’s decision to outlaw Huawei equipment from its 5G network was made in 2020, with telcos formally ordered to remove its technology by 2027.

Some have already begun this process, but in the case of Sky Mobile, it may have previously led to temporary service disruption, although some telco consultants deny this.

Pressures from the US are thought to have kickstarted the movement to oust Huawei from the UK’s 5G network, and these have now spread to the EU, which earlier this year branded it a “high-risk supplier.” 

While an EU-wide ban is being considered, Germany, which initially refused to rip Huawei’s kit out of its 5G networks, has now said it will remove Huawei equipment regardless of the cost involved, and that “the risks have been known for a long time.”

Last year, the UK also took steps to remove China’s involvement in the Sizewell nuclear project, taking a joint stake in the project that essentially bought out China General Nuclear.

Prime Minister Rishi Sunak said at the time that Britain’s “golden era” of China relations is over.

Hard evidence that China has abused its position as an infrastructure provider has never been made public. In Huawei’s case, the decision to remove its kit was made largely out of fears that Beijing can legally compel companies to share data with it, which could in theory include data collected from operations in other countries.

It’s a hypothetical argument but it’s one that’s had a significant impact on Huawei’s business, with recent financials indicating a 25.3 percent yearly decline in turnover, down nearly £1 billion ($1.27 billion) compared to pre-ban 2018. 

China has, however, supposedly been caught deploying malware in foreign nations’ electricity grids on two prior occasions – once in India and most recently in another unnamed Asian country, Symantec said in September. ®

Source