UK telecoms companies ordered to follow new security rules

UK telecoms firms could be fined up to £100,000 a day if they fail to follow new security measures set out by the UK government.

In a press release, the government said that the new security measures will protect the country’s telecoms networks against cyber-attacks that could cause network failure or the theft of sensitive data.

The Telecommunications Security Act became law in November last year and gives the government the authority to investigate the security standards of mobile and broadband networks in the UK.

This includes the electronic equipment and software at phone mast sites and in telephone exchanges that handle internet traffic and telephone calls.

Usually, telecoms providers set up their own security standards for their networks, but the government said in its press release that its ‘Telecoms Supply Chain Review’ discovered providers often had little incentive to adopt the best security practices.

The act, developed with the National Cyber Security Centre and Ofcom, instructs UK public telecoms providers to follow specific actions in order to comply with the regulations which must be followed from October.

The rules include identifying and assessing the risk of any edge equipment that is directly exposed to potential attackers (including radio masts and internet equipment), keeping tight control of who can make network-wide changes, protecting against certain malicious signalling coming into the network, and making sure business processes are supporting security.

The government said that by following these rules, the actions taken by providers will improve the UK’s cyber resilience by embedding good security practices in their long term investment decisions and day-to-day running of their networks and services.

It will also make sure providers data processed by their networks and services are protected, as well as the software and recruitment which monitor their networks and services.

Ofcom will oversee, monitor and enforce the new legal duties and will have the power to carry out inspections of telecoms firms’ premises and system to ensure they’re meeting the legislations of the Act.

IT security firm OwlGaze iterates that to keep on top of identifying anomalous activity, firms should invest in artificial intelligence.

“Cyber-attacks and threats come from all angles: internal, external, and national. Which is why [telecoms firms] need to improve their monitoring and detections capability by using advanced analytics software,” says OwlGaze CEO Ralph Chammah.

“It’s all about continuous monitoring and being able to identify changes in behaviours. And the use of advanced artificial intelligence and machine learning…can help [firms] to detect abnormal activities and lateral movements by suspicious users or malware,” he added.

If Ofcom fails a company, the regulator will be issued fines of up to 10 percent of the turnover or, in the case of a continuing contravention, £100,000 per day.

Telecoms firms will be expected to have achieved these outcomes by March 2024.