New British Telecoms Security Law

Uploaded on 2020-11-30 in GOVERNMENT-National, FREE TO VIEW, BUSINESS-Services-Law, BUSINESS-Services-IT & Telecoms

The British government has introduced new security rules and duties for telecoms companies in a move to ensure further protection from cyber threats. The Telecommunications (Security) Bill aims to give the government unprecedented new powers to boost the security standards of the UK’s telecoms networks and remove the threat of high-risk vendors.
 
The Bill will strengthen the security framework for technology used in 5G and full fibre networks including the electronic equipment and software at phone mast sites and in telephone exchanges which handle internet traffic and telephone calls.
 
This will be a significant step to protect the UK from hostile cyber activity by state actors or criminals. Over the past two years the Government has attributed a range of cyber attacks to Russia and China, as well as North Korea and Iranian actors.
 
The Bill will also provide the Government with new national security powers to issue directions to public telecoms providers in order to manage the risk of high-risk vendors, principally targeting the leading Chinese telecoms infrastructure company, Huawei. While Huawei are already banned from the most sensitive ‘core’ parts of the network, the Bill will allow the Government to impose controls on telecoms providers’ use of goods, services or facilities supplied by high risk vendors.
 
Companies which fall short of the new duties or do not follow directions on the use of high-risk vendors could face heavy fines of up to ten per cent of turnover or, in the case of a continuing contravention, £100,000 per day. Ofcom will be given the duty of monitoring and assessing the security of telecoms providers.
 
In July, following advice from the National Cyber Security Centre (NCSC), the government announced new controls on the use of Huawei 5G equipment, including a ban on the purchase of new Huawei equipment from the end of this year and a commitment to remove all Huawei equipment from 5G networks by 2027. 
 
The Bill creates the powers that will allow the government to enshrine those decisions in law and manage risks from other high-risk vendors in the future. Digital Secretary Oliver Dowden said: We are investing billions to roll out 5G and gigabit broadband across the country, but the benefits can only be realised if we have full confidence in the security and resilience of our networks.... This groundbreaking bill will give the UK one of the toughest telecoms security regimes in the world and allow us to take the action necessary to protect our networks.”
 
Currently, telecoms providers are responsible by law for setting their own security standards in their networks. However, the Telecoms Supply Chain Review concluded by the government last year found providers often have little incentive to adopt the best security practices. As part of the new bill, fines of up to 10% of turnover, or £100,000 per day, have been planned for failure to meet standards, and the UK communications regulator Ofcom will be responsible for monitoring and assessing the security of telecoms providers.
 
To deliver the revolutionary economic and social benefits of 5G and gigabit-capable broadband connections, the government has decided to strengthen the overarching legal duties on providers of UK public telecoms networks and services as a way of incentivising better security practices.
 
These duties will mean telecoms providers will need to take appropriate action to bring in minimum security standards for their networks and services and to limit the damage of any breaches.
 
The Bill will allow the government to issue specific security requirements that providers will need to follow to meet these duties. These requirements will be set out in secondary legislation, but are likely to involve companies acting to:
 
  • Securely design, build and maintain sensitive equipment in the core of providers’ networks which controls how they are managed.
  • Reduce the risks that equipment supplied by third parties in the telecoms supply chain is unreliable or could be used to facilitate cyber-attacks.
  • Carefully control who has permission to access sensitive core network equipment on site as well as the software that manages networks.
  • Make sure they are able to carry out security audits and put governance in place to understand the risks facing their public networks and services.
  • Keep networks running for customers and free from interference, while ensuring confidential customer data is protected when it is sent between different parts of the network.
New codes of practice will demonstrate how certain providers should comply with their legal obligations. The British 
telecoms regulatory authority, Ofcom, will be given stronger powers to monitor and assess operators’ security, alongside enforcing compliance with the new law.
 
This will include carrying out technical testing, interviewing staff, and entering operators’ premises to view equipment and documents.
 
Markets across the world have become overly reliant on too few vendors due to a lack of competition in the global telecoms supply chain. The government has been engaging extensively with operators, vendors and governments around the world and will soon publish its 5G Diversification Strategy to address this issue. The strategy will outline new measures to boost competition and innovation in the telecoms supply chain and reduce dependence on individual suppliers.
 
GovUK:          GovUK:       Information Age
 
You Might Also Read:
 
British Spies Find Big Software Problems With Huawei:
 
 
 
« NCSC Come Off Bench To Help Manchester United
Diving Into The Dark Web »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Council of European Professional Informatics Societies (CEPIS)

Council of European Professional Informatics Societies (CEPIS)

CEPIS is the representative body of national informatics associations throughout Europe and represent over 450,000 ICT and informatics professionals in 32 countries.

Astra Security

Astra Security

Astra's website security solution provides real-time protection against malware, hackers, SQLi, XSS, DDoS, LFI and RFI.

HireVergence

HireVergence

HireVergence is a full service IT staffing and recruiting firm with a focus on cyber and information security.

ContentKeeper

ContentKeeper

ContentKeeper provides Web Threat Protection solutions to secure today’s Web 2.0 and mobile centric business environments.

ubirch

ubirch

The ubirch platform is designed to ensure that IoT data is trustworthy and secure.

Horiba Mira

Horiba Mira

Horiba Mira is a global provider of automotive engineering, research and test services including services and solutions for automotive cybersecurity.

Marcus Donald People

Marcus Donald People

Marcus Donald People is a UK IT recruitment specialist covering the following sectors: Infrastructure & Cloud, Information Security, Development, Business transformation.

A3Sec

A3Sec

A3Sec provides professional solutions in the areas of Cybersecurity, Device Monitoring, Business Intelligence and Big Data.

Iron Bow Technologies

Iron Bow Technologies

Iron Bow Technologies is a leading IT solution provider dedicated to successfully transforming technology investments into business capabilities for government, commercial and healthcare clients.

Fasken

Fasken

Fasken is one of the largest business law firms in Canada and a recognized leader in privacy and cybersecurity law.

Dataships

Dataships

We help companies automate their privacy compliance while building healthy, transparent data relationships with their customers.

WithSecure

WithSecure

WithSecure (formerly F-Secure Business) is your reliable cyber security partner, providing outcome-based cyber security that protects and enables operations.

CyberconIQ

CyberconIQ

CyberconIQ provide an integrated Human Defense Platform that reduces the probability and/or the cost of a cybersecurity breach by measurably improving our clients risk posture and compliance culture.

Menaya

Menaya

Menaya provide Ethical Hackers for leading companies while also providing cyber security solutions to help major infrastructures protect against cyber crime.

Armolon

Armolon

Armolon provides comprehensive data breach and cybersecurity, as well cybersecurity audits and certifications, and disaster recovery/business continuity services to clients.

Trojan Horse Security

Trojan Horse Security

Trojan Horse Security are specialists in corporate security. Our services include: Comprehensive Cyber Security Analysis, Penetration Testing, Network Security and Security Audits.