Insights Government announces new telecoms security legislation and cyber security risks to be prioritised across the sector

Contact

On 22 July 2019, the Government published its “UK Telecoms Supply Chain Review Report”. As a result of the Review’s findings, the Digital Secretary, Jeremy Wright MP, has announced plans to improve security standards and practices across the UK’s telecoms sector, including in new 5G and full fibre broadband networks. The proposals include new legislation to enforce stronger security requirements in the telecoms sector and protect the UK from threats.

The Review outlines the Government’s ambition to create “a sustainable and diverse telecoms supply chain – safeguarding the UK’s national security interests and building on our existing capabilities”.

The Government says that at the Review’s foundation is a series of new telecoms security requirements. Overseen by Ofcom and the Government, telecoms operators will need to design and manage their networks to meet these new standards. They will also be subject to rigorous oversight as part of their procurement and contract management processes.

Operators will also need to work much more closely with suppliers to ensure that there is proper assurance testing for equipment, systems and software.

In response to the Review’s findings, the Government will establish a new, robust security framework for the UK telecoms sector, marking what the Government calls “a significant shift from the current model”.

The Government says that the new framework will ensure operators build and operate secure and resilient networks, and manage their supply chains accordingly. They will have to assess the risks posed by vendors to network security and resilience, and ensure they manage those risks appropriately.

The Review also identifies a lack of diversity in the supply chain and recommends that Regulations enforcing telecoms cyber security must be strengthened.

The Government will now develop legislation and look to provide Ofcom with stronger powers. Until then, the Government will work with industry to develop new security requirements.

The Review also looked at how to mitigate the risks from high-risk vendors. Following action by the US Department of Commerce and uncertainty around the implications for the telecoms market as a whole from the entity listing, the Government is further considering its position relating to high-risk vendors. The Government says that decisions in this area will be made in due course. To read the Government’s press release in full and for a link to the Review, click here.