In addition to content, the other area attracting increased Government scrutiny is security. In July 2019, the UK Government published the findings from its UK Telecoms Supply Chain Review, which identified a range of security risks and threats, and announced its intention to establish a new security framework for telecoms operators.
Telecoms Security Requirements
The core of this framework is a set of new Telecoms Security Requirements (TSRs), drafted by the National Cyber Security Centre (NCSC). The TSRs will be put on statutory footing and will require telecoms operators, overseen by Ofcom and Government, to design and manage their networks to meet these new requirements. The new legislation will also provide Ofcom with stronger powers for enforcement of the new requirements and will establish stronger national security backstop powers for the Government.
The TSRs have been built around mitigating five main risk areas:
- management plane
- signalling plane
- virtualisation plane
- supply chain
- loss of national capability to operate UK networks
Each risk area is then broken down into a series of security principles, requirements and tests. The result is a comprehensive set of security controls and procedures that telecoms operators will be expected to implement over the next few years and to be able to demonstrate to Ofcom that they have done so.
NCSC and Government have stated that the framework will be subject to regular periodic review to both evaluate its success and to enhance it. The framework will likely also need to evolve, to reflect advancing best practice, and to respond to new attack vectors and new technologies.
The Government is still working on drafting the new legislation but is expected to hold a public consultation on it when it is ready.