Department for Digital, Culture, Media and Sport
Tougher telecoms security rules to defend UK from cyber attacks
New regulations and code proposed to raise telecoms security standards.
- New regulations and code proposed to raise telecoms security standards
- Will set out what telecoms providers must do to protect their networks and services
- Public consultation launched yesterday on the proposals
Mobile and broadband networks will be better protected from cyber attacks under stronger security rules for telecoms companies proposed by the government.
The Telecommunications (Security) Act became law in November last year and puts much stronger legal duties on public telecoms providers to defend their networks from cyber threats which could cause network failure or the theft of sensitive data.
The government yesterday launched a public consultation on draft regulations, which outline the specific measures telecoms providers would need to take to fulfil their legal duties under the Act, and a draft code of practice on how providers can comply with the regulations.
The proposed measures and guidance, developed with the National Cyber Security Centre, aim to embed good security practices in providers’ long term investment decisions and the day-to-day running of their networks and services.
Under the draft regulations telecoms providers will be legally required to:
- protect data stored by their networks and services, and secure the critical functions which allow them to be operated and managed;
- protect tools which monitor and analyse their networks and services against access from hostile state actors;
- monitor public networks to identify potentially dangerous activity and have a deep understanding of their security risks, reporting regularly to internal boards; and
- take account of supply chain risks, and understand and control who has the ability to access and make changes to the operation of their networks and services.
Digital Infrastructure Minister Julia Lopez yesterday said:
Broadband and mobile networks are crucial to life in Britain and that makes them a prime target for cyber criminals.
Our proposals will embed the highest security standards in our telecoms industry with heavy fines for any companies failing in their duties.
The consultation seeks views on plans to place telecoms providers into three ‘tiers’ via a new code of practice according to size and importance to UK connectivity. This will ensure steps to be taken under the code are applied proportionately and do not put an undue burden on smaller companies.
Currently, telecoms providers are responsible by law for setting their own security standards in their networks. But the Telecoms Supply Chain Review carried out by the government found providers often have little incentive to adopt the best security practices.
To deliver the revolutionary economic and social benefits of 5G and gigabit-capable broadband connections, the government created the Telecommunications (Security) Act to strengthen the overarching legal duties on providers of UK public telecoms networks and services as a way of incentivising better security practices.
Companies which fail to comply could face fines of up to ten per cent of turnover or, in the case of a continuing contravention, £100,000 per day. Ofcom will monitor and assess the security of telecoms providers.
NCSC Technical Director Dr Ian Levy yesterday said:
Modern telecoms networks are no longer just critical national infrastructure, they are central to our lives and our economy.
As our dependence on them grows, we need confidence in their security and reliability which is why I welcome these proposed regulations to fundamentally change the baseline of telecoms security.
The NCSC has worked closely with DCMS and industry to propose and advise on the most effective measures that telecoms operators can take to ensure the resilience of UK broadband and mobile networks, now and into the future.
Notes to editors
As part of the consultation, the government is particularly interested in feedback on:
- the specific measures set out in the draft regulations and draft code of practice;
- the proposed tiering system set out in the draft code of practice, which is intended to ensure it is implemented appropriately and proportionately;
- the proposed timescales to phase-in new measures in the draft code of practice; and
- the ways in which the draft code of practice and the draft regulations account for older, legacy equipment that is due to be phased out.
The consultation on the draft code of practice meets the requirement under section 105F in the Communications Act 2003 (as amended by the Telecommunications (Security) Act 2021) to consult with affected parties on the draft code of practice. The Government has chosen to consult on the draft regulations at the same time. This does not necessarily mean that future decisions to make, or vary, the regulations will be subject to similar consultation.
The Government will consider responses to the consultation to inform final policy decisions on the regulations and code of practice. The final regulations and the final code of practice will be laid in Parliament, as required by the Communications Act 2003 (as amended by the Telecommunications (Security) Act 2021).
The consultation will close on 10 May. The new regulations and code of practice are expected to come into force later this year.
Latest News from
Department for Digital, Culture, Media and Sport
Ancient Egyptian limestone relief of female musicians at risk of leaving UK24/01/2023 09:05:00
Export bar placed on the relief to allow time for a UK institution to acquire the work
Coronation weekend celebrations that will bring communities together announced23/01/2023 12:15:00
Millions of people across the country and the Commonwealth are invited to celebrate the Coronation of His Majesty The King and Her Majesty The Queen Consort over a weekend of special events.
Ancient Egyptian sculpture at risk of leaving UK23/01/2023 09:20:00
An export bar has been placed on the statue to allow time for a UK institution to acquire the work
Barclays Eagle Labs chosen to help turbocharge next generation of UK tech stars20/01/2023 15:25:00
Government funding package awarded to organisation to boost regional growth of tech start-ups and scale-ups
Major broadband rollout for Cornwall with £36 million awarded to Wildanet to connect thousands of rural premises19/01/2023 10:10:00
Thousands of people in rural Cornwall will get access to lightning-fast broadband after local supplier Wildanet was awarded £36 million from the government to roll out new connections.
Birmingham 2022 contributes £870 million to UK economy17/01/2023 11:10:00
A new study reveals the Birmingham 2022 Commonwealth Games contributed at least £870 million to the UK economy.
UK-wide funding confirmed to 2025 for the multi-sport grassroots facilities programme13/01/2023 11:05:00
The Government yesterday confirmed the allocation of a £230 million uplift to England, Scotland, Wales and Northern Ireland for investment in football facilities across the UK.
Millions of homeowners and tenants to get better access to faster broadband06/01/2023 09:20:00
Almost all new homes in England must be built with gigabit broadband connections during construction