UK to take steps to improve telecoms security

The UK’s Digital Secretary, Jeremy Wright, has announced plans to “improve security standards and practices across the UK’s telecoms sector, including in new 5G and full fibre broadband networks”.

Those plans include tabling new legislation to “enforce stronger security requirements in the telecoms sector and protect the UK from threats”.

The move came on the same day as the Telecoms Supply Chain Review report was published, 22 July.

The Review sets out a series of new telecoms security requirements, overseen by Ofcom (the UK’s telecoms regulator) and government, with telecoms operators required to design and manage their networks in accordance with the new standards.

Operators will be subject to “rigorous oversight” of their procurement and contract management processes and will be required to “work much more closely with suppliers to ensure that there is proper assurance testing for equipment, systems and software”.

“With the growth of our digital sector and transformative new services over 5G and full fibre broadband in the coming years, this is not something to compromise on,” said Digital Secretary Wright.

“People expect the telecoms sector to be a beacon of safety and this review will make sure that safety and security is at the forefront of future networks.

Under the new security framework, operators will have to:

• build and operate secure and resilient networks;
• manage their supply chains with security in mind;
• assess any risks posed by vendors to network security and resilience, and manage those risks appropriately.
   

The Review identified a lack of diversity in the supply chain. It also recommends that regulations must be strengthened to enforce telecommunications cybersecurity.

The government will develop legislation and provide Ofcom with stronger powers, and in the meantime will work together with industry to develop “new security requirements”.

Commenting on the development, Ciaran Martin, CEO of the UK’s National Cyber Security Centre, said, “As the UK’s lead technical authority, we have worked closely with DCMS on this review, providing comprehensive analysis and cybersecurity advice.

“These new measures represent a tougher security regime for our telecoms infrastructure, and will lead to higher standards, much greater resilience and incentives for the sector to take cybersecurity seriously.

“This is a significant overhaul of how we do telecoms security, helping to keep the UK the safest place to live and work online by ensuring that cybersecurity is embedded into future networks from inception,” Martin added.

Dealing with high risk vendors

In a statement released 22 July, the UK Government said that it “continues to consider its position relating to high risk vendors”.

“Following action by the US Department of Commerce and uncertainty around the implications for the telecoms market as a whole from the entity listing, the government is further considering its position relating to high risk vendors. Decisions in this area will be made in due course.”

This is a clear reference, of course, to concerns about the security implications of including Huawei products in telecommunications networks.

The Telecoms Supply Chain Review’s report states that both the “2018 and 2019 Huawei Cyber Security Evaluation Centre (HCSEC) Oversight Board reports have highlighted major quality and security issues with Huawei’s engineering, leading to the Board only being able to provide ‘limited assurance’ that risks to UK national security from Huawei’s involvement in the UK critical networks have been sufficiently mitigated”.

Image credit: ©stock.adobe.com/au/Iakov Kalinin

Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and bimonthly magazine.