The Act, which became law in November 2021, gives the government powers to boost the security standards of Britain’s mobile and broadband networks. This includes the option to demand improvements to electronic equipment and software at phone mast sites and in telephone exchanges.
At present, providers are responsible for setting their own network security standards. However, the government’s 2019 Telecoms Supply Chain Review found providers often have “little incentive” to adopt the best security practices.
Concerns over telecoms security were heightened due to the Huawei controversy, which saw the government impose a ban on the future sale of the Chinese firm’s equipment in 2020.
Digital Infrastructure Minister Matt Warman said the latest move will help to improve national cyber resilience and protect networks that are “central to our way of life”.
“We are ramping up protections for these vital networks by introducing one of the world’s toughest telecoms security regimes which secure our communications against current and future threats,” he said.
So what will the new regulations mean for UK telecoms security?
Stringent Security Measures
Developed with the NCSC and Ofcom, the government says the new regulations will improve the UK’s cyber resilience by “embedding good security practices” in the day-to-day running of providers’ networks.
This will require telecoms companies to “protect data processed by their networks and services” and “secure the critical functions which allow them to be operated”.
Providers will also be required to protect software or equipment which monitors and analyses networks.
Telcos will also be required to:
– Have a “deep understanding” of their security risks and the ability to identify when anomalous activity is taking place
– Take account of supply chain risks, and understand and control who has the ability to access and make changes to the operation of their networks and services
The new regulations will be enforced by Ofcom, with the communications regulator granted powers to carry out inspections of telecoms firms’ premises and ensure they’re meeting their obligations”.
Companies that fail to comply with the new regulations could be landed with fines of up to 10% of turnover or £100,000 per day.
From October, providers will be subject to the new rules and Ofcom will be able to use its new powers. Additionally, the government said telecoms providers will be expected to be compliant by March 2024.
Mature Approach to Security
Michael Bishaey, a senior security consultant at Adarma, welcomed the announcement as a positive step in bolstering UK security standards.
“This is certainly a move in the right direction. Having these regulations introduced now will ensure we are more futureproof against cyber-attacks,” he said.
“Although telecom providers already have stringent security measures in place, having these hefty new fines assigned to these measures will help ensure they are strictly followed and that any outstanding security issues are resolved much faster to avoid huge fines.”
Amit Sharma from Synopsys Software Integrity Group echoed Bishaey’s comments, adding that the introduction of new standards will help develop a more mature approach to national security.
“It has become more crucial than ever to define security policies and measures, and drive them via regulations which can be used effectively by the telecom firms to manufacture and implement more secure products,” he said.
“Enabling various telecom manufacturers to test their equipment against defined security policies and measures, setting up of standards will not only help individual vendors build robust and secure products, but also ensure that the supply chain is intact,” Sharma added.
An error has occurred, please try again later.An error has occurred, please try again later.