The Department for Culture, Media and Sport (DCMS) yesterday announced new, tougher regulations that aim to protect UK telecoms networks from cyberattacks.
The new regulations and code of practice, developed with the National Cyber Security Centre and Ofcom, set out specific actions for UK public telecoms providers to fulfil their legal duties in the Act. This will improve the UK’s cyber resilience by embedding good security practices in providers’ long term investment decisions and the day-to-day running of their networks and services.
The regulations are to make sure providers:
- protect data processed by their networks and services, and secure the critical functions which allow them to be operated and managed
- protect software and equipment which monitor and analyse their networks and services
- have a deep understanding of their security risks and the ability to identify when anomalous activity is taking place with regular reporting to internal boards
- take account of supply chain risks, and understand and control who has the ability to access and make changes to the operation of their networks and services to enhance security
Commenting on the new regulations, Matt Warman, Digital Infrastructure Minister of the UK said, "We know how damaging cyber attacks on critical infrastructure can be, and our broadband and mobile networks are central to our way of life. We are ramping up protections for these vital networks by introducing one of the world’s toughest telecoms security regimes which secure our communications against current and future threats."
Industry comments
Dan Middleton, VP UK & Ireland at Veeam, an expert in backup, recovery and data management solutions, shares his thoughts on the vital need to protect sensitive data in the telecoms space. He talks about how this can be achieved and how the importance of cybersecurity and data protection has now increased as telcos face hefty fines for failing to comply.
Dan comments, "The telecoms industry holds hugely sensitive data and is responsible for the, often critical, communication of our economy. This is why it’s a welcome move for the DCMS to announce new cybersecurity regulations for the sector, especially as research recently found that 76% of UKI (UK and Ireland) businesses suffered at least one ransomware attack in the past year. While previously telcos were responsible for their own security standards, these new regulations draw attention to the need for more investment into cybersecurity by telco companies, and gives Ofcom the right to fine those that fail to comply."
"In particular, the DCMS has highlighted the need for better data protection within the industry, stating that it will make sure communications service providers ‘protect data processed by their networks and services.’ One way this can be achieved is by having a full business continuity strategy, which will include resilience measures and backup and disaster recovery plans, to give telcos the ability to recover data and continue their operations as usual in the event that data is breached or encrypted, such as in the event of a ransomware attack. Secure, immutable backups are the last line of defence against ransomware, and so are increasingly vital as these attacks continue to rise."
"Not only will better protecting their data benefit the customers of telco organisations but, under these new regulations, it will prevent the risk of having to pay hefty fines - 10% of annual revenue or £100,000 per day - for failing to comply. If data is the lifeblood of an organisation, the networks that telcos provide may be considered its circulatory system. It is vital that it remains healthy. As ever, prevention is better than cure. But, should the worst happen to corrupt, stem or cut off a company's data flow, modern data protection that backs up, recovers and manages vital data, will help them carry on business as usual - and service their customers - even in the event of a cyberattack. As such it needs to be prioritised."
The views expressed in this commentary belong solely to the author and do not represent The Fast Mode. While information provided in this post is obtained from sources believed by The Fast Mode to be reliable, The Fast Mode is not liable for any losses or damages arising from any information limitations, changes, inaccuracies, misrepresentations, omissions or errors contained therein. The heading is for ease of reference and shall not be deemed to influence the information presented.
