- Joined
- Dec 3, 2020
- Messages
- 1,353
Companies can be fined up to £100,000 per day.
British telecommunications companies face fines of up to 10% of their turnover if they do not follow best practices in protecting networks from cyber attacks in accordance with tough new government regulations due in October.
The new rules, part of the Telecommunications (Security) Act, give the government the power to set security standards for mobile and broadband networks. This applies to both hardware and software on masts and telephone exchanges that handle Internet traffic as well as phone calls.
Under current law, telecommunications companies independently regulate security standards in their networks. However, a recent review of the telecoms supply chain found that there is little incentive for providers to adopt cybersecurity best practices.
The innovations include a set of rules developed by the National Cyber Security Center (NCSC) and Ofcom to define specific actions that operators must take to enforce and fulfill their legal obligations under the Act.
In addition to the requirement to protect all data processed on the network, mobile and fixed line operators are expected to protect critical network functions that allow them to be operated and managed, to protect software and hardware that monitor and analyze the network, and to have deep understanding of security risks.
Regarding the last point, the company must also be able to detect and report when unusual activity occurs, as well as consider supply chain risks and make changes to the operation of its networks and services to improve security.
Ofcom will be responsible for overseeing and enforcing the new code of conduct and will have the authority to conduct inspections of facilities and systems to ensure they are in compliance. If a company does not meet the standards, a fine of up to 10% of its turnover can be imposed.
In the event of continued violation of the law, companies can be fined up to £100,000 per day until the issue is resolved.
Operators must identify and assess the risks of any "edge" equipment directly exposed to potential attacks by intruders, including radio towers and Internet equipment supplied to customers, including modems and Wi-Fi routers.
To comply, they will also need to ensure tight control over who can make changes to the network and protection from malicious signals entering the network that can cause outages.
There are also company-wide commitments, including ensuring business process security is supported, including through appropriate accountability at the board level.
While the legislation goes into effect in October, suppliers will have until March 2024 to ensure that all of the above targets are met. Once this is done, there will be additional deadlines for other future measures to protect the network infrastructure.
__________________
British telecommunications companies face fines of up to 10% of their turnover if they do not follow best practices in protecting networks from cyber attacks in accordance with tough new government regulations due in October.
The new rules, part of the Telecommunications (Security) Act, give the government the power to set security standards for mobile and broadband networks. This applies to both hardware and software on masts and telephone exchanges that handle Internet traffic as well as phone calls.
Under current law, telecommunications companies independently regulate security standards in their networks. However, a recent review of the telecoms supply chain found that there is little incentive for providers to adopt cybersecurity best practices.
The innovations include a set of rules developed by the National Cyber Security Center (NCSC) and Ofcom to define specific actions that operators must take to enforce and fulfill their legal obligations under the Act.
In addition to the requirement to protect all data processed on the network, mobile and fixed line operators are expected to protect critical network functions that allow them to be operated and managed, to protect software and hardware that monitor and analyze the network, and to have deep understanding of security risks.
Regarding the last point, the company must also be able to detect and report when unusual activity occurs, as well as consider supply chain risks and make changes to the operation of its networks and services to improve security.
Ofcom will be responsible for overseeing and enforcing the new code of conduct and will have the authority to conduct inspections of facilities and systems to ensure they are in compliance. If a company does not meet the standards, a fine of up to 10% of its turnover can be imposed.
In the event of continued violation of the law, companies can be fined up to £100,000 per day until the issue is resolved.
Operators must identify and assess the risks of any "edge" equipment directly exposed to potential attacks by intruders, including radio towers and Internet equipment supplied to customers, including modems and Wi-Fi routers.
To comply, they will also need to ensure tight control over who can make changes to the network and protection from malicious signals entering the network that can cause outages.
There are also company-wide commitments, including ensuring business process security is supported, including through appropriate accountability at the board level.
While the legislation goes into effect in October, suppliers will have until March 2024 to ensure that all of the above targets are met. Once this is done, there will be additional deadlines for other future measures to protect the network infrastructure.
__________________
