New Telecommunications (Security) Bill
DCMS Secretary Oliver Dowden introduced the Telecommunications (Security) Bill into Parliament today, giving government new powers to protect the UK’s telecoms infrastructure from cyber threats.
The Bill will strengthen the security framework for technology used in 5G and full fibre networks, including the electronic equipment and software at phone mast sites and in telephone exchanges handling internet traffic and phone calls. It imposes new legal duties on telecoms operators to increase the security of their UK networks, limit the damage of any breaches, and it hands new responsibilities to Ofcom to monitor them and their security practices. Ofcom will also have powers to carry out technical testing, interview staff, and enter premises to view equipment and documents. Fines worth up to 10% of turnover or £100,000 a day could be imposed if operators fail to comply.
The Bill will also give government new national security powers to issue directions to public telecoms operators. Currently, high risk vendors are banned from the most sensitive core parts of the network, the Bill allows the government to impose controls on telcos’ use of goods, services or facilities supplied by any vendor considered high risk. Meanwhile, the new Telecoms Diversification Task Force hopes to encourage new suppliers to enter the market.
Specific requirements will be set out in secondary legislation but will likely include requirements on telcos to reduce the risk that third party-supplied equipment in the supply chain is unreliable or could be used to facilitate cyber attacks, as well as controlling who has permission to access sensitive core network equipment on-site as well as the software that manages networks. Audits will need to be carried out and strict governance must be put in place to understand the risks facing their networks and services. Operators will need to keep networks running which are free from interference while ensuring confidential customer data is protected when it is sent between different parts of the network.
Next steps: The government will consult with industry on the new framework before secondary legislation is laid in Parliament. A public consultation on the codes of practice will be launched after the Bill’s passage through Parliament to hear views on which companies should be subject to new technical requirements and the speed at which the work should be carried out.