Subscribe For Free

UK government announces security rules for UK telecoms against cyber attacks

Megan Robinson
August 31, 2022

The regulations will be laid out alongside a draft code of practice providing guidance on how providers can comply with them

The government is bringing in new security rules for broadband and mobile companies to follow to protect UK networks from cyber attacks.

The new telecoms security regulations will provide tougher protections for the UK from cyber attacks which could cause data theft and network failure.

The Telecommunications (Security) Act became law in November and gives the government power to enhance the security standards of UK networks.

Telecoms providers are currently responsible for setting their own security standards, but the government’s Telecoms Supply Chain Review found providers have little encouragement to endorse the best security practices.

The new regulations and code of practice has been developed with the National Cyber Security Centre and Ofcom which outline legal duties for UK telecom providers to carry out. 

The regulations are to make sure providers: protect data processed by their networks and services, and secure the critical functions which allow them to be operated and managed; protect software and equipment which monitor their networks; understand security risks and identify anomalous activity; take account of supply chain risks and understand who has the ability to access the operation of networks to enhance security.

Ramping up security

Digital Infrastructure Minister Matt Warman said: “We know how damaging cyber attacks on critical infrastructure can be, and our broadband and mobile networks are central to our way of life.

“We are ramping up protections for these vital networks by introducing one of the world’s toughest telecoms security regimes which secure our communications against current and future threats.”

From October, Ofcom will enforce the new legal duties and can carry out inspections of telecoms firms premises and systems to check they are meeting responsibilities.

Ofcom can issue fines of up to 10 per cent of turnover if companies do not meet their duties, or face £100,000 per day in fines if the offence continues.

Providers are expected to achieve these outcomes by March 2024 and the code of practice will be updated to keep pace with evolving cyber threats.

Share this article