The proposed measures and guidance, developed with the National Cyber Security Centre, aim to embed good security practices in providers’ long term investment decisions and the day-to-day running of their networks and services.
Under the draft regulations telecoms providers will be legally required to:
- Protect data stored by their networks and services, and secure the critical functions which allow them to be operated and managed.
- Protect tools which monitor and analyse their networks and services against access from hostile state actors.
- Monitor public networks to identify potentially dangerous activity and have a deep understanding of their security risks, reporting regularly to internal boards.
- Take account of supply chain risks, and understand and control who has the ability to access and make changes to the operation of their networks and services.
Julia Lopez, the minister for digital infrastructure, said, “Broadband and mobile networks are crucial to life in Britain and that makes them a prime target for cyber criminals. Our proposals will embed the highest security standards in our telecoms industry with heavy fines for any companies failing in their duties.”
The Telecommunications (Security) Act became law in November last year and compels public telecoms providers to defend their networks from cyber threats which could cause network failure or the theft of sensitive data.
Dr Ian Levy, technical director, National Cyber Security Centre, added, “Modern telecoms networks are no longer just critical national infrastructure, they are central to our lives and our economy. As our dependence on them grows, we need confidence in their security and reliability which is why I welcome these proposed regulations to fundamentally change the baseline of telecoms security.”
Details on how to respond to the consultation can be found here.