Is new law being tough on the victims of crime?
Mobile network operators (MNOs) in the UK could face severe sanctions under a new security regime being imposed on the telecoms industry. The rules can be enforced in October and MNOs must demonstrate their compliance by March 2024. The good news is there could be boom in opportunities for quick fix security service providers.
The powers invested in government regulator Ofcom, by the passing of the Telecommunications Security Act in November 2021, allow it to fine MNOs £100,000 a day or 10% of their turnover for infringements of new security rules. Ofcom will oversee, monitor and enforce the new legal duties and has the power to inspect a telco’s premises and systems to ensure they’re meeting their obligations.
The new regulations were developed by the National Cyber Security Centre and some feel the bill presented in November has been acted upon with uncharacteristic haste. Digital Infrastructure Minister Matt Warman explained why they needed to be expedited. Broadband and mobile networks are central to our way of life and it’s widely understood how damaging cyber-attacks on critical infrastructure can be, according to the minister. “We are ramping up protections for these vital networks by introducing one of the world’s toughest telecoms security regimes which secure our communications against current and future threats,” said Warman.
The implication is that MNOs can’t be trusted with their own security and that Ofcom must force the issue on behalf of the government, said Scott Bicheno in Telecoms.com. The government’s Telecoms Supply Chain Review seems to have found that MNOs often have little incentive to adopt the best security practices. “It would be interesting to know whether the security chiefs at those companies agree,” said Bicheno.
The analyst offered practical suggestions, such as protecting data processed by the networks and services run by MNOs. Securing the critical functions which allow them to be operated and managed would be another priority, said Bicheno. Software and equipment which monitor and analyse networks and services must be protected too. There needs to be a wider and deeper understanding of the MNO’s security risks and their instinct for spotting nefarious activity. The risks created by the various disruptions to the supply chain, Open RAN among them, need to be thoroughly examined too, said Bicheno.
“If, as the new rules imply, those things aren’t already being done, then that is a major cause for concern but it is more likely that operators are already doing a solid job of securing their networks,” said Bicheno.