New telecoms security regulations will come into force in October to ensure broadband and mobile companies provide tougher protections for the UK from cyber-attacks which could cause data theft and network failure.
In November 2021 the Telecommunications (Security) Act became law and gives the government powers to boost the security standards of the UK’s mobile and broadband networks, including the electronic equipment and software at phone mast sites and in telephone exchanges which handle internet traffic and telephone calls.
Following this the government, alongside the National Cyber Security Centre and Ofcom, then went on to hold a public consultation and develop new regulations and a code of practice to set out specific actions for UK telecoms network providers to fulfil their legal duties in the Act.
In August of this year the Department for Digital, Culture, Media & Sport published the consultation outcome, along with these new expectations.
The then Digital Infrastructure Minister at that time, Matt Warman said: “we know that today the security and resilience of our communications networks and services is more important than ever. From heightened geopolitical threats through to malicious cyber criminals exploiting network vulnerabilities, global events have shown the importance of providing world-leading security for our networks and services.”
The regulations are to make sure providers:
- protect data processed by their networks and services, and secure the critical functions which allow them to be operated and managed
- protect software and equipment which monitor and analyse their networks and services
- have a deep understanding of their security risks and the ability to identify when anomalous activity is taking place with regular reporting to internal boards
- take account of supply chain risks, and understand and control who has the ability to access and make changes to the operation of their networks and services to enhance security
National Cyber Security Centre Technical Director Dr Ian Levy said: “We increasingly rely on our telecoms networks for our daily lives, our economy and the essential services we all use. These new regulations will ensure that the security and resilience of those networks, and the equipment that underpins them, is appropriate for the future.”
From October these regulations will then be enforced. The UK’s communications regulator, Ofcom will then be able to issue fines of up to 10 per cent of turnover if companies do not meet their duties, and a further £100,000 per day in fines if the offences continue. All telecoms network providers are expected to achieve these outcomes by March 2024. The code of practice will be reviewed and updated to keep pace with evolving cyber threats.