Telecoms Security Bill – What’s Missing?

BACKGROUND:

The new Telecoms Security Bill has received now Royal Assent and passed into law legislation. The aim of the bill is to boost the security of the UK’s public telecoms networks and services and protect against the threat of high-risk equipment suppliers.

Experts Comments

November 22, 2021
Matias Madou
Co-founder and CTO
Secure Code Warrior

After successfully making it through both the House of Commons and Lords earlier this year, the Telecoms Security Bill returned to the Commons for consideration of Lords amendments last week and is set to become law. The bill aims to ensure that public telecommunications providers operate secure and resilient networks and services, and manage their supply chains appropriately. Telecoms, like many other industries, has relied on a reactive approach to security for far too long, and while the

.....Read More

After successfully making it through both the House of Commons and Lords earlier this year, the Telecoms Security Bill returned to the Commons for consideration of Lords amendments last week and is set to become law. The bill aims to ensure that public telecommunications providers operate secure and resilient networks and services, and manage their supply chains appropriately. Telecoms, like many other industries, has relied on a reactive approach to security for far too long, and while the new rules introduced by the bill don’t prioritise a grass-roots approach to security led by secure coding, it does introduce a series of tests to ensure providers are meeting government standards. 

One of the key changes is around penetration testing, or “pen-testing” – under the new regulations, telecom providers will be required to pen-test their networks annually. It’s an important exercise for businesses to put their security infrastructure through its paces see vulnerabilities before hackers exploit them. While pen-testing forms an integral part of securing telecoms networks, it is important to note that it’s not an instant fix for any organisation’s security offering.  

A more efficient way to maximise telecoms security which doesn’t feature in the government bill is secure coding. If the developers responsible for the code creation behind telecoms networks were properly trained and more security-aware, a lot of issues would be nipped in the bud. Investing in security-conscious developers in the first instance saves businesses the headache of dealing with security lapses retrospectively, as vulnerabilities are eliminated from the beginning of the software development journey.  

Overall, the new regulations forming the Telecoms Security Bill are a positive move for the industry. With pen-testing becoming compulsory, more vulnerabilities will be highlighted and telecoms networks will become more secure by default. However, it is important to use pen-testing in conjunction with other security methods, such as upskilling developers in security from the start, in order to ensure better security outcomes.

  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.