Telecommunications Security Act 2021
TELECOM SECURITY Act
The UK government is bringing in new regulations, the Telecommunications Security Act, that will require UK telecommunications providers to improve their security posture.
TELECOMMUNICATIONS SECURITY ACT
TELECOMMUNICATIONS LAWS & REGULATIONS FAQS
The Telecommunications (Security) Act has progressed the government’s commitments within the Telecoms Supply Chain Review Report to establish an enhanced legislative framework for the security of telecoms.
The aim of the Telecoms Supply Chain Review is to address 3 key questions:
- How should the government incentivise telecoms providers to improve security standards and practices in 5G and full fibre networks?
- How should the government address the security challenges posed by vendors?
- How can the government create sustainable diversity in the telecoms supply chain?
The new, robust security framework will help to safeguard the availability, integrity and confidentiality of the UK’s Telecom networks.
Tier 1 and Tier 2 Telecoms companies are impacted by the Bill and must meet tougher rules and codes of practice to increase the security of their networks and meet detailed technical requirements for controlling access to sensitive areas of the network.
The Telecoms Security Act has two parts:
The first section of the Act will introduce a stronger telecoms security framework. The Act will enable more specific security requirements to be set out in secondary legislation, underpinned by codes of practice providing guidance on the security measures to be taken to meet those requirements.
The second section of the Act will introduce new national security powers for the government to manage risks posed by high-risk vendors. The Act creates new powers for the Secretary of State to designate vendors for the purpose of issuing directions to public communications providers imposing controls on their use of those designated vendors’ goods, services, and facilities.
The Act gives the telecoms regulator, Ofcom, powers to monitor and enforce industry compliance with the duties and specific security requirements. Ofcom provides guidance to the UK communications industry, including providers of electronic communications networks or services (PECN / PECS) to ensure that they can maintain compliance with ever-evolving security guidelines in accordance with government legislation, including the Communications Act 2003.
At a more granular level, Ofcom also provides advice and security tips for the general public on how to stay safe and protect their family when operating in the digital world, from advice on social media forums to explaining how to make the most benefit of parental controls for mobile phones.
The Act introduces financial penalties for non-compliance with the new duties and requirements placed on public telecoms providers.
Failing to meet these new regulatory requirements can leave Telecommunication providers exposed to:
- Operational disruption through Ofcom contravention notices
- Regulatory fines up to ten percent of turnover for failing to meet standards or for continuing contraventions, £100,000 a day
Telecom providers must take appropriate and proportionate measures to identify and reduce the risks of security compromises occurring.
They must:
- Monitor and analyse signals entering, transiting, or leaving the electronic communications network for the purpose of identifying anomalous activity
- Have in place means and procedures for producing immediate alerts
- Ensure that all data monitored is held securely for at least 13 months
- Design, construct and maintain the network in a manner that appropriately reduces the risks of security compromises
- Be able to promptly analyse activity relating to security critical functions of the network for anomalous activity
Telesoft’s’ purpose-built technology, engineered and manufactured in the UK utilising open standards, provides network operators with cost-effective network monitoring probes across 2G/3G/4G/5G and IP networks, including BGP. It offers data retention in the form of a multi-petabyte (PB) scale secure data lake and anomaly detection to aid with automated threat hunting according to GSMA standards like FS.11, FS.19 etc and a user-defined framework to hunt more sophisticated threats.
Designed and built with efficiency and the environment in mind, our platform is delivered to minimise deployment footprint and reduce operational expenditure.
Supported by our Platinum package designed specifically for network operators, Telesoft offers best-in-class support and consultancy, including installation, commissioning, and 24-hour UK support desk.
Securing Mobile Networks
Legacy telecommunications protocols have stood the test of time, underpinning the foundations of our day-to-day communications. Many of the early 2G and 3G protocols still exist within our network having been utilised for many decades, although security for these protocols has long been overlooked.