Digital Secretary Jeremy Wright has set out plans to improve security standards and practices across the UK’s telecoms sector, including in new 5G and full-fibre broadband networks. The Government’s proposals include new legislation to enforce stronger security requirements in the telecoms sector and protect the UK from threats.
The Telecoms Supply Chain Review outlines the Government’s ambition to create a sustainable and diverse telecoms supply chain that safeguards the UK’s national security interests and builds on existing capabilities.
At the Supply Chain Review’s foundation will be a series of new telecoms security requirements. Overseen by Ofcom and central Government, the telecoms operators will need to design and manage their networks to meet these new standards. They will also be subject to rigorous oversight as part of their procurement and contract management processes.
In addition, operators will need to work much more closely with suppliers to ensure that there’s proper assurance testing for equipment, systems and software.
Wright said: “The UK’s telecoms sector must prioritise secure and safe networks for consumers and business. With the growth of our digital sector and transformative new services over 5G and full-fibre broadband in the coming years, this isn’t something where compromise is an option. People expect the telecoms sector to be a beacon of safety and this review will make sure that safety and security is at the forefront of future networks.”
Robust security framework
In response to the Telecoms Supply Chain Review’s findings, the Government will establish a new, robust security framework for the UK telecoms sector marking a significant shift from the current model. This new framework will ensure operators build and operate secure and resilient networks and manage their supply chains accordingly. They will have to assess the risks posed by vendors to network security and resilience and also ensure they manage those risks appropriately.
The Telecoms Supply Chain Review has also identified a lack of diversity in the supply chain and recommends that regulations enforcing telecoms cyber security must be strengthened.
The Government will now develop legislation and look to provide Ofcom with stronger powers. Until then, the Government will work with industry to develop new security requirements.
Ciaran Martin, CEO at the National Cyber Security Centre, observed: “As the UK’s lead technical authority, we’ve worked closely with the Department for Digital, Culture, Media and Sport on this review process, providing comprehensive analysis and cyber security advice. These new measures represent a tougher security regime for our telecoms infrastructure and will lead to higher standards, much greater resilience and incentives for the sector to take cyber security seriously. This is a significant overhaul of how we do telecoms security, helping to keep the UK the safest place in which to live and work online by ensuring that cyber security’s embedded into future networks from inception.”
Following action by the US Department of Commerce and uncertainty around the implications for the telecoms market as a whole from the entity listing, the Government is further considering its position relating to high risk vendors. Decisions in this area will be made in due course.