Government gears up to introduce tougher telecoms security to defend UK against cyber attacks
Mobile and broadband networks may be forced to provide better protection from cyber attacks under stronger security rules for telecoms firms proposed by the government.
In a new public consultation on draft regulations, the government have outlined the specific measures telecoms providers would need to take to fulfil their legal duties under the new Telecommunications (Security) Act, and a draft code of practice on how providers can comply with these regulations.
The new law came into force in November last year and puts much stronger legal duties on public telecoms providers to defend their networks from cyber threats which could cause network failure or the theft of sensitive data.
The proposed measures and guidance, developed with the National Cyber Security Centre, aim to embed good security practices in providers’ long term investment decisions and the day-to-day running of their networks and services.
The new legal requirements include protecting data stored by networks and services, monitoring public networks to identify potentially dangerous activity and reporting regularly to internal boards.
Digital Infrastructure Minister Julia Lopez said: “Broadband and mobile networks are crucial to life in Britain and that makes them a prime target for cyber criminals. Our proposals will embed the highest security standards in our telecoms industry with heavy fines for any companies failing in their duties.”
The consultation seeks views on plans to place telecoms providers into three ‘tiers’ via a new code of practice according to size and importance to UK connectivity.
This will ensure steps to be taken under the code are applied proportionately and do not put an undue burden on smaller companies.
Currently, telecoms providers are responsible by law for setting their own security standards in their networks. But the Telecoms Supply Chain Review carried out by the government found providers often have little incentive to adopt the best security practices.
Companies which fail to comply could face fines of up to ten per cent of turnover or, in the case of a continuing contravention, £100,000 per day. Ofcom will monitor and assess the security of telecoms providers.
NCSC Technical Director Dr Ian Levy said: “Modern telecoms networks are no longer just critical national infrastructure, they are central to our lives and our economy.”
The news comes against the backdrop of rising cyber attacks following Russia’s invasion of Ukraine.