The new proposed regulations and code of practice set out specific actions for UK public telecoms providers to follow to bolster their security as required under the Telecommunications (Security) Act.
The rules, developed with the NCSC and Ofcom, are to make sure that providers:
- protect data processed by their networks and services, and secure the critical functions which allow them to be operated and managed
- protect software and equipment which monitor and analyse their networks and services
- have a deep understanding of their security risks and the ability to identify when anomalous activity is taking place with regular reporting to internal boards
- take account of supply chain risks, and understand and control who has the ability to access and make changes to the operation of their networks and services to enhance security
The regulations are to be laid in Parliament as secondary legislation shortly and from October providers will be subject to the new rules.