UK based telecommunications organisations will need to get their cyber security up to scratch when a new security framework comes into effect this October.

What is the new security framework?

The new framework follows the adoption of the Telecommunications Security Act in November last year which was put together with the assistance of the National Cyber Security Centre (NCSC) and is designed to make the UK telecoms sector one of the most secure in the world.

“We know how damaging cyber-attacks on critical infrastructure can be, and our broadband and mobile networks are central to our way of life.

We are ramping up protections for these vital networks by introducing one of the world’s toughest telecoms security regimes which secure our communications against current and future threats,” said Digital Infrastructure Minister Matt Warman.

What do telecoms providers need to do?

Telecom providers are currently responsible for setting their own security standards but that will all change in October when they will have to follow the legal duties specified in the framework.

The framework’s legal duties include:

  • The identification and assessing of any equipment that is directly or could be directly exposed to potential attackers.
  • Having a good understanding of the risks faced by their networks.
  • Ensure that the organisation is properly supporting security by having security champions and making boards and leadership accountable.
  • Defend against malicious signals coming into a network which could cause disruption to services.
  • Maintain a tight control over who can make network wide changes.

Telecoms providers will be given time to ensure they are following the framework with them being given a deadline of March 2024 to achieve the required outcomes.

If companies fail to meet their obligations, then the regulator Ofcom will have the ability to issue fines of up to 10% of turnover or in the scenario of repeated failures £100,000 fines per day until all duties in the framework are adhered to.

How can MSSPs help you be compliant?

The cyber skills shortage isn’t getting better, in fact the number of companies looking for people with the right skills has only increased in 2022.

Organisations may struggle to find the right people with the right skills something that will likely prove a big stumbling block for some telecoms companies when it comes to meeting the demands of the new framework.

Fortunately, this is where Managed Security Service Providers can help. By utilising an MSSP a telecoms company will have the skills at hand needed to ensure their compliance with the new security framework and be able to demonstrate to Ofcom that they have taken action to meet their cyber security requirements.

Services that Integrity360 provide for example include:

Get in contact with us today to speak with a dedicated account manager and learn more about how we can help you solve your cyber security challenges.  Our team works with yours to ensure that your organisation's cyber security strategy, tools, frameworks, and policies fit your needs.

CTA-MSS-1