The head of the UK’s signals intelligence agency, GCHQ, has warned that the rollout of 5G could raise the risk of digital terrorism by extending the reach of critical infrastructure and increasing potential points of vulnerability.
Jeremy Fleming, Director of GCHQ, outlined his concerns in the Sunday Times about the next generation of mobile networks and their growing role beyond mobile broadband.
5G is expected to connect a vast range of devices in the Internet of Things (IoT), transforming sectors from utilities and healthcare to smart cities and autonomous vehicles. That broader connectivity promises major benefits—but it also creates more avenues for attack, with potentially serious consequences.
Fleming wrote:
“These changes will bring huge benefits to us all. They will transform healthcare, create smart, energy-efficient cities, make work lives more productive, and revolutionise the relationship between business and the consumer.
But they also bring risks that – if unchecked – could make us more vulnerable to terrorists, hostile states, and serious criminals.”
A central worry for security agencies is the presence of equipment manufactured abroad that a hostile actor could exploit to disrupt essential services. Much public debate has focused on telecommunications hardware from Chinese firms such as Huawei and ZTE, and whether vendors with ties to foreign governments should be allowed in national 5G networks.
Some countries, notably Australia and the United States, have already considered or implemented restrictions on the participation of certain firms in their 5G infrastructure. At the same time, concerns have been raised that even some Western suppliers maintain close commercial connections with Chinese interests.
In the UK, GCHQ works with Huawei through a joint review centre that inspects the company’s equipment before it is used in critical systems. The Huawei Cyber Security Evaluation Centre (HCSEC) has historically reported mostly minor issues, but in a recent assessment it expressed only limited assurance that the risks to national security had been fully mitigated.
HCSEC’s worries included the provenance and supply chain of components used in products, which can introduce risks if parts originate from suppliers beyond trusted oversight.
Beyond hardware, Fleming also highlighted a longstanding debate about how authorities access online services used to plan and promote terrorism. Former Home Secretary Amber Rudd had earlier urged technology companies to build capabilities to permit government access to private communications on request—a move critics said would require deliberately weakening security for all users.
Fleming suggested that a principled approach allowing industry and governments to demonstrate responsible access while protecting privacy is achievable, though he did not provide detailed technical solutions. He emphasised that any workable path will demand close cooperation between government and industry, supported by appropriate laws and independent oversight to maintain public trust.
Finding the right balance between protecting public safety and preserving individual privacy remains the core challenge: solutions must secure critical infrastructure and enable lawful investigations without introducing systemic weaknesses or eroding civil liberties.
Do you agree with Fleming’s assessment? Share your thoughts in the comments.
Interested in hearing industry leaders discuss these topics and share practical use cases? Attend events such as the IoT Tech Expo, Blockchain Expo, AI & Big Data Expo, and Cyber Security & Cloud Expo to explore the future of enterprise technology.