Telecoms Security Bill

Telecoms Security Bill

The UK government is bringing in new regulations, The  Telecommunications (Security) Bill, that will require UK telecommunications providers to improve their security posture. With these new security standards, monitoring networks has never been more important, both across the IP and the signalling environments. It’s time to fully protect your network, your users, and their all-important data.

Telecommunications Laws & Regulations FAQs

What is the Telecoms (Security) Bill?

The Telecommunications (Security) Bill (TSB) has progressed the government’s commitments within the Telecoms Supply Chain Review Report to establish an enhanced legislative framework for the security of telecoms.

The aim of the Telecoms Supply Chain Review is to address 3 key questions:

  1. How should the government incentivise telecoms providers to improve security standards and practices in 5G and full fibre networks?
  2. How should the government address the security challenges posed by vendors?
  3. How can the government create sustainable diversity in the telecoms supply chain?

The new, robust security framework in the form of the TSB will help to safeguard the availability, integrity and confidentiality of the UK’s Telecom networks.

Tier 1 and Tier 2 Telecoms companies are impacted by the Bill and must meet tougher rules and codes of practice to increase the security of their networks and meet detailed technical requirements for controlling access to sensitive areas of the network.

Telecoms (Security) Bill Breakdown – what are the requirements?

The TSB has two parts:

The first section of the Bill will introduce a stronger telecoms security framework. The Bill will enable more specific security requirements to be set out in secondary legislation, underpinned by codes of practice providing guidance on the security measures to be taken to meet those requirements.

The second section of the Bill will introduce new national security powers for the government to manage risks posed by high-risk vendors. The Bill creates new powers for the Secretary of State to designate vendors for the purpose of issuing directions to public communications providers imposing controls on their use of those designated vendors’ goods, services, and facilities.

Who will regulate the telecommunications industry in the UK?

The Bill gives the telecoms regulator, Ofcom, powers to monitor and enforce industry compliance with the duties and specific security requirements. Ofcom provides guidance to the UK communications industry, including providers of electronic communications networks or services (PECN / PECS) to ensure that they can maintain compliance with ever-evolving security guidelines in accordance with government legislation, including the Communications Act 2003.

At a more granular level, Ofcom also provides advice and security tips for the general public on how to stay safe and protect their family when operating in the digital world, from advice on social media forums to explaining how to make the most benefit of parental controls for mobile phones.

Financial penalties for non-compliance

The Bill introduces financial penalties for non-compliance with the new duties and requirements placed on public telecoms providers.

Failing to meet these new regulatory requirements can leave Telecommunication providers exposed to:

  • Operational disruption through Ofcom contravention notices
  • Regulatory fines up to ten percent of turnover for failing to meet standards or for continuing contraventions, £100,000 a day

What Must Telecom Operators Do To Comply With The New Regulations?

Telecom providers must take appropriate and proportionate measures to identify and reduce the risks of security compromises occurring.

They must:

  • Monitor and analyse signals entering, transiting, or leaving the electronic communications network for the purpose of identifying anomalous activity
  • Have in place means and procedures for producing immediate alerts
  • Ensure that all data monitored is held securely for at least 13 months
  • Design, construct and maintain the network in a manner that appropriately reduces the risks of security compromises
  • Be able to promptly analyse activity relating to security critical functions of the network for anomalous activity

How Can Telesoft Help Accelerate Compliance To Help With The Telecoms (Security) Requirements?

Telesoft’s’ purpose-built technology, engineered and manufactured in the UK utilising open standards, provides network operators with cost-effective network monitoring probes across 2G/3G/4G/5G and IP networks, including BGP. It offers data retention in the form of a  multi petabyte (PB) scale secure data lake and anomaly detection to aid with automated threat hunting according to GSMA standards like FS.11, FS.19 etc and a user-defined framework to hunt more sophisticated threats.

Designed and built with efficiency and the environment in mind, our platform is delivered to minimise deployment footprint and reduce operational expenditure.

Supported by our Platinum package designed specifically for network operators, Telesoft offers best-in-class support and consultancy, including installation, commissioning, and 24-hour UK support desk.

Get in touch with our experts today

 



To read our Privacy Policy, click here