New telecoms security legislation to be introduced and cyber security risks to be prioritised across the sector following publication of report
The Department for Digital, Media, Culture and Sport has published plans to improve security standards and practices across the UK’s telecoms sector, including in new 5G and full fibre broadband networks. The proposals include new legislation with the aim of enforcing stronger security requirements in the telecoms sector and protecting the UK from threats.
The Telecoms Supply Chain Review report has been published and outlines the UK government’s ambition to create a sustainable and diverse telecoms supply chain with the aim of safeguarding the UK’s national security interests and building on the UK’s existing capabilities.
A series of new telecoms security requirements will be introduced, marking a significant shift from the current model, which will be overseen by Ofcom and the UK government. Telecoms operators will be required to design and manage their networks to meet the new standards. Operators will also be subject to oversight as part of their procurement and contract management processes and will also need to work more closely with suppliers to ensure that there is proper assurance testing for equipment, systems and software.
The aim of the new framework will be to ensure operators build and operate secure and resilient networks and manage their supply chains accordingly. They will have to assess the risks posed by vendors to network security and resilience, and ensure they manage those risks appropriately.
The Review also identified a lack of diversity in the supply chain and recommends that regulations enforcing telecoms cyber security must be strengthened.
The Government will now develop legislation and look to provide Ofcom with stronger powers. Until then, the government will work with industry to develop new security requirements.
The review also looked at how to mitigate the risks from high risk vendors. The UK government continues to consider its position relating to high risk vendors. Following action by the US Department of Commerce and uncertainty around the implications for the telecoms market as a whole, the government is further considering its position. The DCMS says that decisions in this area will be made in due course.