Government imposes strict telecom regulations to enhance network security

Ofcom will have the power to fine telecoms providers £100,000 a day for poor network security under new government regulations.

New elements of the Telecommunications Security Act, which came into force in November 2021, will be tabled today as secondary legislation in Parliament, with the aim of requiring providers to strengthen the security of broadband networks and mobiles from the UK. These will be presented alongside a draft code of practice which will provide guidance on how suppliers can comply.

Related Resource

Cyber ​​resilience and end user performance

Reduce risk and improve business success with cyber resilience capabilities

Free download

The new regulations and code of practice have been jointly developed by the National Cybersecurity Center and Ofcom and set out specific actions that public telecommunications providers must take as legally binding obligations. The aim is to improve cyber resilience in the UK by requiring suppliers to embed strong security practices into all of their long-term investment decisions as well as into their general day-to-day operations.

As the relevant industry regulator, Ofcom will have the power to enforce new legal obligations and carry out inspections of a provider’s premises and systems to assess whether it has complied with the new obligations. The regulator will also be able to impose fines of up to 10% of turnover or £100,000 per day if it is a continuing breach.

A final draft of the regulations has been confirmed by the Department for Culture, Media and Sport (DCMS) and follows a public consultation. The regulations will require providers to protect the data processed by their networks and services and to secure the critical functions that enable their operation and management. It will also require them to protect the software and equipment that monitors and analyzes their networks and services. Suppliers will also need to consider supply chain risks and understand and control who can access and make changes to their networks and services to enhance security.

The new rules will come into force in October and providers are expected to have achieved all the necessary results by March 2024. The code of practice will set new deadlines for completing other measures and will be updated periodically, according to the government, to ensure it keeps pace with evolving cyber threats.

Featured Resources

Retail cybersecurity

Retailers must ensure that their business operations and internal data are not hacked

Free download

Three Key Steps to Modernize Legacy Applications in the Cloud

Challenges and ways to achieve application modernization success

Free download

The time for cloud MDM has arrived

Know the differences between cloud native and cloud MDM

Free download

Magic Quadrant for Data Quality Solutions

Amplify analytics for better insights and to make reliable, data-driven decisions

Free download

Kevin M. Risinger