Ofcom will have the power to fine telecoms providers £100,000 a day for poor network security under new government regulations.
New elements of the Telecommunications Security Act, which came into force in November 2021, will be tabled today as secondary legislation in Parliament, with the aim of requiring providers to strengthen the security of broadband networks and mobiles from the UK. These will be presented alongside a draft code of practice which will provide guidance on how suppliers can comply.
The new regulations and code of practice have been jointly developed by the National Cybersecurity Center and Ofcom and set out specific actions that public telecommunications providers must take as legally binding obligations. The aim is to improve cyber resilience in the UK by requiring suppliers to embed strong security practices into all of their long-term investment decisions as well as into their general day-to-day operations.
As the relevant industry regulator, Ofcom will have the power to enforce new legal obligations and carry out inspections of a provider’s premises and systems to assess whether it has complied with the new obligations. The regulator will also be able to impose fines of up to 10% of turnover or £100,000 per day if it is a continuing breach.
A final draft of the regulations has been confirmed by the Department for Culture, Media and Sport (DCMS) and follows a public consultation. The regulations will require providers to protect the data processed by their networks and services and to secure the critical functions that enable their operation and management. It will also require them to protect the software and equipment that monitors and analyzes their networks and services. Suppliers will also need to consider supply chain risks and understand and control who can access and make changes to their networks and services to enhance security.
The new rules will come into force in October and providers are expected to have achieved all the necessary results by March 2024. The code of practice will set new deadlines for completing other measures and will be updated periodically, according to the government, to ensure it keeps pace with evolving cyber threats.
Escape the ransomware maze
Conventional endpoint protection tools are no longer the best defense
Add value to Microsoft Teams beyond voice connectivity
How AudioCodes can understand your broader business communication needs and fill in the gaps
Go ahead, dream big: Dell EMC PowerVault ME4 platform
Deliver fast, affordable storage optimized for large projects in growing businesses