DCMS opens public consultation on telecoms cyber standards

Mobile networks may have to provide better protection from cyber attacks under stronger security rules for telecoms firms proposed by the government

Following the introduction of the Telecommunications (Security) Act in November last year, the Department for Digital, Culture, Media and Sport (DCMS) has launched a public consultation on draft regulations for cyber security rules outlining the specific measures telecoms providers would need to take to fulfil their legal duties under the Act.

The proposed measures and guidance, developed with the National Cyber Security Centre, aim to embed good security practices in providers’ long term investment decisions and the day-to-day running of their networks and services.

Digital Infrastructure Minister Julia Lopez said: “Broadband and mobile networks are crucial to life in Britain and that makes them a prime target for cyber criminals. Our proposals will embed the highest security standards in our telecoms industry with heavy fines for any companies failing in their duties.”

Draft cyber regulations for telecoms 

Under the draft regulations telecoms providers will be legally required to: protect data stored by their networks and services, and secure the critical functions which allow them to be operated and managed; protect tools that monitor and analyse their networks and services against access from hostile state actors; monitor public networks to identify potentially dangerous activity and have a deep understanding of their security risks, reporting regularly to internal boards; and take account of supply chain risks, and understand and control who has the ability to access and make changes to the operation of their networks and services.

NCSC Technical Director Dr Ian Levy said: “Modern telecoms networks are no longer just critical national infrastructure, they are central to our lives and our economy.

“As our dependence on them grows, we need confidence in their security and reliability which is why I welcome these proposed regulations to fundamentally change the baseline of telecoms security.

“The NCSC has worked closely with DCMS and industry to propose and advise on the most effective measures that telecoms operators can take to ensure the resilience of UK broadband and mobile networks, now and into the future.”

Ensuring the security and day-to-day runnings of telecoms 

The consultation seeks views on plans to place telecoms providers into three ‘tiers’ via a new code of practice according to size and importance to UK connectivity. This will ensure steps to be taken under the code are applied proportionately and do not put an undue burden on smaller companies.

To deliver the revolutionary economic and social benefits of 5G and gigabit-capable broadband connections, the government created the Telecommunications (Security) Act to strengthen the overarching legal duties on providers of UK public telecoms networks and services as a way of incentivising better security practices.

Companies that fail to comply could face fines of up to 10% of turnover or, in the case of a continuing contravention, £100,000 per day. Ofcom will monitor and assess the security of telecoms providers.

The consultation will be open until 10 May 2022, then, following review and amendments, a final set of regulations and the code of practice will be laid in Parliament as required by the 2003 Communications Act (amended by the Telecommunications (Security) Act), to be introduced later in the year.

 

Share

Featured Articles

Founder Shield MD on Navigating Multi-Cloud Complexities

Founder Shield Managing Director Jonathan Selby talks strategies to navigating the complexities of multi-cloud set ups

Qodea CISO Explains How Cyber Threats Could Outrun Cost

Qodea CISO Business Manager Ed Russell explains how growth in sophistication and volume of attacks means current investment in defences falls short

Nokia and NL-ix Deploy Europe’s Largest IXP-Based Anti-DDoS

This collaboration between Nokia and NL-ix is unprecedented both being Largest IXP-Based Anti-DDoS, but the first anti-DDoS solution deployed by an IXP

Bridging the Gap: Examining the UK-US Data Bridge

Data Breaches

Hiddenlayer CSO Tells Why It Made an AI Security Council

Technology & AI

Cooperation Key Theme at Microsoft Endpoint Security Summit

Cyber Security