Telecoms companies have been called upon by the government to play a bigger role in securing national 5G and full-fibre networks, and will need to adhere to new codes of practice for security.
While telecoms providers are currently responsible by law for setting their own security standards, the government concluded, following its Telecoms Supply Chain Review, that tougher measures need to be taken to ensure best security practices.
As part of the new bill, fines of up to 10% of turnover, or £100,000 per day, have been planned for failure to meet standards, and the UK communications regulator Ofcom will be responsible for monitoring and assessing the security of telecoms providers.
To be set out in secondary regulation, duties that companies in the telecoms sector will need to carry out are, according to the government press release, are likely to include:
- Securely designing, building and maintaining sensitive equipment at the core;
- Reducing third party risk in the supply chain;
- Controlling access to sensitive core equipment and network software;
- Carrying out security audits and putting governance in place to understand risks;
- Ensuring protection of confidential customer data.
Over the last two years, the government has attributed an array of cyber attacks to state actors, including China and Russia.
Vodafone and HORIBA MIRA bring 5G to driverless cars
“We are investing billions to roll out 5G and gigabit broadband across the country, but the benefits can only be realised if we have full confidence in the security and resilience of our networks,” said Digital Secretary Oliver Dowden.
“This groundbreaking bill will give the UK one of the toughest telecoms security regimes in the world and allow us to take the action necessary to protect our networks.”
Julian David, CEO of techUK, commented: “Gigabit connectivity is an essential driver of a levelled up economic recovery. We support the Government’s drive to strengthen security and maintain trust in our telecoms networks.
“Government has promised an accompanying Diversification Strategy to expand the number of vendors available in the UK. It must deliver on this promise with a strategy that is ambitious, fully funded and maximises opportunities for UK companies in areas such as software, small cells and semiconductors.”
A spokesperson from BT also expressed their support for the new bill, stating: “The security of our networks is paramount. We therefore welcome the UK government’s establishment of clear security standards for the UK telecoms industry.
“We’ll continue to work closely with the NCSC and other government bodies to develop these standards further and provide a framework that sets a world-leading standard for the security of the UK’s networks.
“As we outlined in July, we’re working to the latest government guidelines around the exclusion of Huawei from 5G networks, and we’ve recently signed agreements with Nokia and Ericsson that will allow us to deliver on these commitments.”
Reaction from Huawei
In July, following advice from the National Cyber Security Centre (NCSC), the government introduced new controls on the use of 5G equipment from Huawei from the end of 2020, and committed to removing all Huawei equipment from 5G networks by 2027.
Huawei Vice President, Victor Zhang, commented: ‘’It’s disappointing that the Government is looking to exclude Huawei from the 5G roll out. This decision is politically-motivated and not based on a fair evaluation of the risks.
“It does not serve anyone’s best interests as it would move Britain into the digital slow lane, and put at risk the Government’s levelling up agenda.”