UK government reveals new cyber security rules

Share this on social media:

Image credit: Valentyn Volkov/Shutterstock.com

The new regulations and code of practice, developed with the National Cyber Security Centre (NCSC) and Ofcom, detail actions for providers to fulfil legal responsibilities under the Telecommunications (Security) Act, which became law in November.

The security regulations are designed to provide tougher protections from cyber threats which could cause network failure or the theft of sensitive data. The Telecommunications (Security) Act gives the government powers to boost the security standards of the UK’s mobile and broadband networks.

Providers have been responsible for setting their own security standards in their networks but, according to the government’s Telecoms Supply Chain Review, ‘there has been little incentive to adopt the best security practices.’ The latest announcement from the 

Department for Digital, Culture, Media & Sport states that the new regulations and code of practice will improve the UK’s cyber resilience by ‘embedding good security practices in providers’ long term investment decisions and the day-to-day running of their networks and services.’

The regulations are to make sure providers: protect data processed by their networks and services, and secure the critical functions which allow them to be operated and managed;

protect software and equipment which monitor and analyse their networks and services; have a deep understanding of their security risks and the ability to identify when unusual activity is taking place with regular reporting to internal boards; take account of supply chain risks, and understand and control who has the ability to access and make changes to the operation of their networks and services to enhance security.

The regulations will be laid as secondary legislation in Parliament, alongside a draft code of practice providing guidance on compliance. Regulatory body, Ofcom will oversee, monitor and enforce the new legal duties and, from October, will have the power to carry out inspections and issue fines of up to 10 per cent of turnover or, in the case of a continuing contravention, £100,000 per day.

After the regulations come into force in October, providers will be expected to have achieved a list of outcomes by March 2024. These include: identifying and assessing the risk to any ‘edge’ equipment that is directly exposed to potential attackers; keeping tight control of who can make network-wide changes; protecting against certain malicious signalling coming into the network; having a good understanding of risks facing their networks and making sure business processes support security. 

The code of practice will set out further timeframes for completion of other measures and the code will be updated periodically to ensure it keeps pace with any evolving cyber threats.

Digital infrastructure minister Matt Warman says: ‘We know how damaging cyber attacks on critical infrastructure can be, and our broadband and mobile networks are central to our way of life. We are ramping up protections for these vital networks by introducing one of the world’s toughest telecoms security regimes which secure our communications against current and future threats.’

NCSC technical director Ian Levy adds: ‘We increasingly rely on our telecoms networks for our daily lives, our economy and the essential services we all use. These new regulations will ensure that the security and resilience of those networks, and the equipment that underpins them, is appropriate for the future.’

Cap: The pandemic has fuelled demand for the internet due to digital education, remote working, telehealth, and social connectivity (credit: Josep Suria/shutterstock.com)

02 December 2021

Michael Roth, General Manager of Adva Network Security

04 October 2022

Image credit: Nokia

12 September 2022

Image credit: metamorworks/Shutterstock.com

10 August 2022

Image credit: metamorworks/Shutterstock.com

04 October 2022

Recent News

25 January 2023

The market intelligence firm forecasts that the five-year cumulative revenue for optical transport equipment will reach $81bn by 2027

23 January 2023

The new infrastructure is designed to support superior user experiences and sustainable business growth

23 January 2023

Adva will use Poet’s multi-engine transmit and receive chips in a pluggable solution that offers the functionality of four independent 100Gb/s interfaces in a single QSFP-DD housing

18 January 2023

The move will help Telefonica Spain get the network ready for future applications such as the Metaverse