Government prepares tougher security obligations for UK telcos

Hands typing on a keyboard surrounded by security icons
(Image credit: Shutterstock)

The UK government is consulting on enhanced security obligations for mobile and broadband operators to protect against network failure and data theft.

Specifically, the consultation concerns the specific measures that telecoms providers will need to take under the Telecommunications (Security) Act which became law last year.

The government believes the new rules are necessary for the UK to benefit from the full potential of full fibre and 5G networks as society and the economy becomes increasingly digitised.

DCMS telco rules

“Broadband and mobile networks are crucial to life in Britain and that makes them a prime target for cyber criminals,” said Julia Lopez, digital infrastructure minister. “Our proposals will embed the highest security standards in our telecoms industry with heavy fines for any companies failing in their duties.”

The draft regulations require operators to protect all data stored by their networks and services, secure critical functions that protect this infrastructure, and safeguard tools that monitor and analyse networks against access from hostile state actors.

Operators will also be required to identify potentially dangerous activity, have a deep understanding of the security risks involved in their business, and report regularly to internal boards. Telcos will also be expected to review their supply chains and ensure there are no weak links.

Previously, operators were able to set their own security standards, but the government believed that this meant there was not enough incentive to improve practices. Failure to comply with the new regulations could led to fines of up to 10% of annual turnover or fines of £100,000 per day for ongoing violations and will be enforced by communications regulator Ofcom.

“Modern telecoms networks are no longer just critical national infrastructure, they are central to our lives and our economy,” added Dr Ian Levy, technical director at the National Cyber Security Centre (NCSC), which has assisted the government in drafting the rules.

“As our dependence on them grows, we need confidence in their security and reliability which is why I welcome these proposed regulations to fundamentally change the baseline of telecoms security.

“The NCSC has worked closely with DCMS and industry to propose and advise on the most effective measures that telecoms operators can take to ensure the resilience of UK broadband and mobile networks, now and into the future.”

  • Want to take advantage of the most advanced connectivity? Here are the best 5G phones you can currently buy

Steve McCaskill is TechRadar Pro's resident mobile industry expert, covering all aspects of the UK and global news, from operators to service providers and everything in between. He is a former editor of Silicon UK and journalist with over a decade's experience in the technology industry, writing about technology, in particular, telecoms, mobile and sports tech, sports, video games and media.