Telecoms providers must beef up their cybersecurity for the 5G age
With Apple recently releasing the first 5G iPhone and some of the UK’s biggest mobile networks rolling out 5G in hundreds of locations across the country, it won’t be long before millions of people are enjoying its ultrafast download speeds.
5G will not only transform the devices in our hands but it will also underpin smart traffic technology cutting pollution, help ingenious robotics improve healthcare, and revolutionise entertainment and culture. And as this digital revolution gathers pace we must prepare the communications networks on which this technology depends so they are secure and resilient.
This is especially true as we have seen an increase in hostile activity by state actors. Over the past two years the National Cyber Security Centre has attributed a range of malicious cyber activity to Russia and China, as well as North Korea and Iranian actors. There is also the threat from organised and well-resourced criminal groups.
While the security of our individual phones, tablets or laptops is important, we must protect the electronic equipment at phone mast sites and telephone exchanges which handle our internet and phone traffic. Access to this kit — whether routers, antennas, or the software which manages them — would open a treasure trove for any hacker.
The telecoms industry is responsible by law for the security of these networks, but commercial business models are failing to incentivise best practice — particularly where there is an impact on cost or investment decisions. This is unacceptable and it now falls on this government to raise the security bar. The exploitation of network vulnerabilities could cause huge damage in the future as we become more reliant on full fibre broadband and 5G.
We must strengthen the way public telecoms providers design, build and manage the architecture beneath the millions of calls, messages, emails and files we share every day. There is simply too much at stake to entrust the market to come up with a solution to this global issue.
This summer we took the decision to ban Huawei kit from our 5G networks. Its technology must be removed completely by 2027. Today is the next step to enforce that decision as we introduce the Telecommunications (Security) Bill in Parliament.
This will bring in one of the strongest telecoms security regimes in the world, a rise in standards across the board, set by the government rather than the industry. It will help to guard against major cyber attacks such as the one which affected Norwegian telecoms provider Telenor in 2016, causing an outage which impacted up to three million customers for a day and a half.
New duties will be placed on companies such as BT, Vodafone and O2 so they protect the technology our mobile and broadband connections depend on and limit the impact of cyber breaches if they occur.
Our plan is to place legally-binding requirements on these companies and set out things we expect them to do to drive up their standards. The telecoms watchdog Ofcom will get new powers and responsibilities to enforce the measures.
We need to know where the vulnerabilities are to best defend against them, so Ofcom will be given the ability to enter operators’ premises to view and test equipment, perform on-site interviews and ask for documents.
The Bill will also give the government the power to ‘designate’ vendors in the telecoms supply chain, such as Huawei, as risks to our national security and direct telecoms providers to control their use of goods, services or facilities from such vendors.
We are going wider than just one business, one country or one threat. The law is designed to increase the security of the entire telecoms system, regardless of whose products are used in it. It creates a flexible framework that will change if and when new security threats arise or technologies evolve and creates a new minimum bar all telecoms providers need to meet.
There will be tough penalties for those failing to comply, including fines of up to ten per cent of turnover and up to £100,000 a day if action isn’t taken.
Risks to our networks can never be completely prevented. But we must act now to make sure the infrastructure underpinning everything from the new iPhone to the transport networks of tomorrow’s cities is fit for the future.
Matt Warman is Minister for Digital Infrastructure