Ofcom will have the power to fine telecom providers £100,000 per day for poor network security under new government regulations.
New elements of the Telecommunications Security Act, which became law in November 2021, will be laid as secondary legislation in Parliament today, in a bid to force providers to increase the security of the UK's broadband and mobile networks. These will be presented alongside a draft code of practice that will provide a guide for how vendors can comply.
RELATED RESOURCE
Cyber resiliency and end-user performance
Reduce risk and deliver greater business success with cyber-resilience capabilities
The new regulations and code of practice have been developed jointly by the National Cyber Security Centre and Ofcom and they set out the specific actions that public telecom providers must fulfil as legally binding duties. The aim is to improve cyber resilience in the UK by forcing providers to embed strong security practices within all their long-term investment decisions and also their general day-to-day operations.
As the relevant industry regulator, Ofcom will have powers to enforce new legal duties and carry out inspections of a provider's premises and systems to assess whether it has met the new obligations. The regulator will also be able to issue fines of up to 10% of turnover or £100,000 per day if it is a continuing contravention.
A final draft of the regulation has been confirmed by the Department of Culture, Media and Sport (DCMS) and follows a public consultation. The regulations will force providers to protect data processed by their networks and services and secure the critical functions which allow them to be operated and managed. It will also require them to protect software and equipment which monitor and analyse their networks and services. Providers will also need to take account of supply chain risks and understand and control who can access and make changes to the operation of their networks and services to enhance security.
The new rules will come into force in October with providers expected to have achieved all the necessary outcomes by March 2024. The code of practice will set out further time frames for the completion of other measures and will be updated periodically, according to the government, to ensure it keeps pace with any evolving cyber threats.
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
IDC InfoBrief: Sustainability doesn’t need to be all stick and no carrotwhitepaper CIOs are facing two conflicting strategic imperatives
-
Check Point acquires Perimeter 81 in push to meet SASE demandNews The half-billion dollar deal greatly expands Check Point’s service edge offering
-
What is the Network and Information Security 2 (NIS2) Directive?In-depth Everything your business needs to understand about the implications of the new EU regulations and how it differs from the UK's own updated NIS rules
-
The value of secure server infrastructure in the digital-first eraWhitepaper Why is infrastructure security important in the digital-first era?
-
HPE accelerates network security drive with Axis Security acquisitionNews The acquisition builds on the recent purchase of Italian private cellular technology provider, Athonet
-
Information security vs cyber security vs network security: What are the differences?In-depth A guide to the essential differences between information, network, and cyber security and the basic tenets of each
-
Vector Capital acquires majority ownership of WatchGuardNews Global private equity firm gobbles up shares from co-investors as it doubles down on its commitment to the cyber security platform provider
-
How to become a cyber security expertIn-depth With cyber security professionals in high demand, we explore the steps people need to take to pursue a successful career in this industry
