adarma_logo_twgt-black[11615449]
adarma_logo_twgt-black[11615449]
Assessments
All Cybersecurity Assessments

Improve security maturity and capability while reducing risk
Cyber Maturity Assessment

Define, measure and improve your security posture
SOC Maturity Assessment

Understand and improve the capability and maturity of your SOC
SIEM Assessment

Your roadmap to increase the performance and value of your SIEM
Crisis Simulation Assessment

Stress-test your organisation’s cyber response capability

Latest Insights

Cyber Insiders is a cybersecurity podcast by Adarma.
Podcast
Nov 2

Cyber Insiders Podcast: Liz Banbury on Safeguarding Critical National Infrastructure
Threat Intelligence Exposure Management
Detection & Response
Managed SOC

Delivering today’s capability, while staying adaptable for tomorrow’s threat
Microsoft MDR Solution

Maximise the potential of your Microsoft E5 License
SOC Engineering

We help design, build, and integrate the security operations capability you need
Incident Response

Intelligence-led preparation, practice and real-world cyber incident response
Socket Platform
About Us
We Are Adarma

Your partner for effective cyber threat management
ESG

Protecting the promise of cyber resilience
Partners

Working in partnership to make the world a safer place
Careers

Become a Cyber Defender
Contact Us

Get in touch today
Insights
Cyber Hub
Cyber Insiders
News & Blog
SIEM Transformation
Future-Ready SOC Report
SecOps Excellence
Events
Share:
August 31, 2022

New UK Telecoms Security Rules to be Among ‘Strongest in the World’

Michael Bishaey, senior security consultant at Adarma, shares his view on the Digit article around the new government plans for telco firms

 

UK telecoms providers will be required to implement stronger security measures to protect networks from cyber-attacks under new regulations announced by the government.

Plans published on Tuesday will require telecoms providers to follow a new code of practice to ensure compliance with the Telecommunications (Security) Act.

The Act, which became law in November 2021, gives the government powers to boost the security standards of Britain’s mobile and broadband networks. This includes the option to demand improvements to electronic equipment and software at phone mast sites and in telephone exchanges.

At present, providers are responsible for setting their own network security standards. However, the government’s 2019 Telecoms Supply Chain Review found providers often have “little incentive” to adopt the best security practices.

Concerns over telecoms security were heightened due to the Huawei controversy, which saw the government impose a ban on the future sale of the Chinese firm’s equipment in 2020.

Digital Infrastructure Minister Matt Warman said the latest move will help to improve national cyber resilience and protect networks that are “central to our way of life”.

“We are ramping up protections for these vital networks by introducing one of the world’s toughest telecoms security regimes which secure our communications against current and future threats,” he said.

So what will the new regulations mean for UK telecoms security?

Stringent Security Measures

Developed with the NCSC and Ofcom, the government says the new regulations will improve the UK’s cyber resilience by “embedding good security practices” in the day-to-day running of providers’ networks.

This will require telecoms companies to “protect data processed by their networks and services” and “secure the critical functions which allow them to be operated”.

Providers will also be required to protect software or equipment which monitors and analyses networks.

Telcos will also be required to:

– Have a “deep understanding” of their security risks and the ability to identify when anomalous activity is taking place

– Take account of supply chain risks, and understand and control who has the ability to access and make changes to the operation of their networks and services

The new regulations will be enforced by Ofcom, with the communications regulator granted powers to carry out inspections of telecoms firms’ premises and ensure they’re meeting their obligations”.

Companies that fail to comply with the new regulations could be landed with fines of up to 10% of turnover or £100,000 per day.

From October, providers will be subject to the new rules and Ofcom will be able to use its new powers. Additionally, the government said telecoms providers will be expected to be compliant by March 2024.

Mature Approach to Security

Michael Bishaey, a senior security consultant at Adarma, welcomed the announcement as a positive step in bolstering UK security standards.

“This is certainly a move in the right direction. Having these regulations introduced now will ensure we are more futureproof against cyber-attacks,” he said.

“Although telecom providers already have stringent security measures in place, having these hefty new fines assigned to these measures will help ensure they are strictly followed and that any outstanding security issues are resolved much faster to avoid huge fines.”

Amit Sharma from Synopsys Software Integrity Group echoed Bishaey’s comments, adding that the introduction of new standards will help develop a more mature approach to national security.

“It has become more crucial than ever to define security policies and measures, and drive them via regulations which can be used effectively by the telecom firms to manufacture and implement more secure products,” he said.

“Enabling various telecom manufacturers to test their equipment against defined security policies and measures, setting up of standards will not only help individual vendors build robust and secure products, but also ensure that the supply chain is intact,” Sharma added.

Contact Us