Telecommunications

Telecommunications (Security) Act

  • The UK Government has drawn up a set of new cybersecurity rules and a code of practice for Communications Service Providers (CSPs) to comply with their new legal obligations under the Telecommunications (Security) Act, which is coming into force in November 2021.
  • The law, which the government describes as one of the toughest telecommunications security laws in the world, aims to improve security measures on all of the UK’s crucial mobile and internet networks.
  • From October 2022, Ofcom will oversee compliance with the regulations and have the power to charge offenders up to 10% of their annual earnings or £100,000 a day for repeated breaches.
  • They will soon be presented to Parliament as secondary legislation and the proposed code of practice to guide CSPs towards compliance.
  • The government has said communications service providers will be held accountable for full compliance by March 2024 and promised to update the code as conditions change periodically..

The UK government has finalized several new cybersecurity regulations and a Code of Conduct for Communications Service Providers (CSPs) to fulfill their new legal requirements under the Telecommunications (Security) Act, which came into effect. effective November 2021.

The Telecommunications (Security) Act is a “tough” measure

The Telecommunications (Security) Act, which the government calls one of the strictest telecommunications security laws in the world, aims to strengthen security standards across all of the Kingdom’s vital mobile and internet networks. -United.

It all started with the security controversy surrounding China’s Huawei, in which the vendor was accused of engaging in state-sponsored espionage. This controversy led to Westminster’s decision in 2020 to ban the company from selling equipment to CSPs in the future and to remove it from the UK’s network infrastructure by 2027.

The Telecommunications (Security) Act aims to strengthen security standards on all of the UK’s vital mobile and internet networks.

The Telecommunications (Security) Act regulates, among other things, the origin of hardware and software used on cell towers and telephone exchanges. It imposes a stricter obligation on CSPs to protect their networks against attacks that could either render them inoperative or lead to the loss of sensitive data.

Although communications service providers are now responsible for setting their own security standards, a 2019 assessment found that they may not have much incentive to do so.

Telecommunications Act (Security) Cybersecurity
“We know how damaging cyberattacks on critical infrastructure can be, and our broadband and mobile networks are central to our way of life”

Accordingly, the new regulations and code of practice, created with input from the National Cyber ​​Security Center (NCSC) and communications regulator Ofcom and subject to public consultation, outline the precise actions that CSPs must take to fulfill their legal obligations. It is hoped that integrating strong security procedures into the day-to-day operations of these FSCs and into future investment decisions will improve the resilience of the network.


Twitter’s alleged cybersecurity issues are causing the company a headache


“We know how damaging cyberattacks on critical infrastructure can be, and our broadband and mobile networks are central to our way of life. We are strengthening the protection of these vital networks by introducing one of the strongest telecommunications security regimes in the world, which protects our communications against current and future threats,” said Minister of Digital Infrastructure Matt Warman.

“We increasingly depend on our telecommunications networks for our daily lives, our economy and the essential services we all use. These new regulations will ensure that the security and resilience of these networks, and the equipment that underpins them, are appropriate for the future,” added NCSC Technical Director Dr. Ian Levy.

Telecommunications Act (Security) Cybersecurity
“We increasingly depend on our telecom networks for our daily lives, our economy and the essential services we all use”

Communications service provider regulations require the following actions:

  • To protect the information that their networks and services process and to secure the vital processes that allow them to manage and operate their networks and services.
  • To protect the hardware and software that their networks and services rely on for monitoring and analysis.
  • Develop a “deep understanding” of the dangers they face, the ability to spot unusual behavior and regular reporting to their boards.
  • To account for supply chain risks, understand and manage who has access to their networks and services, and change how they are managed.
The Telecommunications (Security) Act is a "hard"  Measure
The government has said CSPs should be fully compliant by March 2024 and has pledged to update the code periodically as circumstances change.

The Telecommunications (Security) Act will be overseen, monitored and enforced by Ofcom, which will have the power to impose fines of up to 10% of turnover, or £100,000 a day for persistent breaches , from October 2022. Together with the draft code of practice to guide CSPs towards compliance, they will soon be introduced as secondary legislation in Parliament.


Industrial operations will get a boost with 5G emergency services


The government has said CSPs should be fully compliant by March 2024 and has pledged to update the code periodically as circumstances change.