Search

Comment from Netacea – UK Govt Legislation

blog-cyril-noel-tagoe

The UK Government put forward legislation that would require those that work in the telecoms industry, MSPs included to enhance their security operations. Now that the legislation is active telecoms professionals and those that service these businesses will need to act now to remain compliant.

A comment below from Cyril Noel-Tagoe, Principle Security Researcher at Netacea, outlines what the legislation means and how businesses can remain compliant.

“The new Telecoms Security Framework will greatly enhance the security capabilities of the UK telecoms industry by mandating proactive management and remediation of security risks. It sets out security duties and requirements across a wide range of key disciplines including governance, access management, third party risk, and security operations. Whilst the framework calls for appropriate and proportional security measures to be taken, it sets high expectations for what may considered appropriate. For example, telecoms providers must ensure that new and existing networks are securely designed and constructed, which may require some telecoms providers to redesign legacy network infrastructure or accelerate plans to replace it. The penalty for non-compliance with these requirements is up to 10% of global turnover, more than double the maximum penalty under GDPR. This not only creates a very strong incentive for telecoms providers to comply but signals the Government’s intention for this framework to be amongst the strongest in the world. 

“Telecoms providers will need to embark on significant, multi-year security transformation programs to comply with these security requirements. The compliance burden will not be limited to just telecoms providers, as the heightened requirements for third party risk management will result in a knock-on effect on their supply chain. Telecoms providers and affected third parties should conduct a gap analysis of their current security measures against the framework’s requirements and develop a remediation programme. Compliance deadlines for specific security measures are set out in the framework, ranging from March 2024 to March 2028. Telecoms providers may determine that some requirements have already been implemented, for example, the TBEST scheme covers many of the testing requirements. They may also have or plan to implement alternative technical measures to meet their security requirements – these should be assessed and documented as they may need to justify them to Ofcom.”

To read more news and exclusive features see our latest issue here.

Never miss a story… Follow us on:
LinkedIn Security Buyer UK
Twitter logo@SecurityBuyerUK
Facebook@SecbuyerUK

Media Contact
Rebecca Morpeth Spayne,
Editor, Security Portfolio
Tel: +44 (0) 1622 823 922
Email: editor@securitybuyer.com

Recent Posts

Subscribe to our newsletter

Don't miss new updates on your email
Click here

Copyright notice This website and its content is copyright of Security Buyer – © Hand Media International LTD 2021. All rights reserved. Any redistribution or reproduction of part or all of the contents in any form is prohibited other than the following: you may print or download to a local hard disk extracts for your personal and non-commercial use only you may copy the content to individual third parties for their personal use, but only if you acknowledge the website as the source of the material You may not, except with our express written permission, distribute or commercially exploit the content. Nor may you transmit it or store it in any other website or other form of electronic retrieval system.

Scroll to Top