UK Government Lays Out Plans To Protect Telecoms Networks Against Cyber Attacks

Following the news that:

UK Government lays out plans to protect telecoms networks against cyber attacks

Government lays out plans to protect telecoms networks against cyber attacks | Evening Standard

Subscribe
Notify of
guest

2 Expert Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Avishai Avivi
Avishai Avivi , CISO
InfoSec Expert
August 31, 2022 2:14 pm

We generally welcome this initiative. As demonstrated by both GDPR and CCPA for privacy in the EU and US, respectively, government regulations with the ability to levy fines make a real difference in how seriously companies address what is, up to that point, a self-regulating industry. As with the aforementioned regulations, the devil is in the details. Rather than tick-the-box compliance with generic guidelines, specific recommendations and requirements will require organisations to remediate any deficiencies they may currently have. While there are several important aspects to the legislation, we particularly welcome how the legislation requires that penetration testing includes regularly simulating real techniques that might be used in an attack on the network. Continuous security control validation is the only way to truly ensure the organisation’s resilience to malicious attacks. Of course, other parts of the legislation are just as important; notably, the safety-by-design, similar to privacy-by-design, will require organisations to reconsider how some of their legacy networks and systems need to be redeployed. Shorter patching cycles and incorporating signals from threat intelligence feeds are a welcomed requirement – to reduce the gap from when a new vulnerability is discovered – to when the organisation addresses it. All of these ultimately help protect the consumers.

Last edited 2 months ago by Avishai Avivi
Michael Tanaka
Michael Tanaka , Chief Commercial Operator
Industry Leader
August 31, 2022 2:13 pm

In a world that can often be dominated by short term commercial objectives, it’s reassuring to see both industry and government bodies working together to prioritise security in recognition of the critical role that IT infrastructure and services play in our daily lives. The EU’s GDPR, Banking’s PSD2, USA’s FIPS and New Jersey’s DGE to name a few, now the UK’s NSCS and Ofcom have recognised that security has a baseline and cannot, will not, be left to chance. 

Whilst we know it will not be smooth sailing at first, we note the positive impact other security regulations have had and applaud any effort to secure our critical infrastructure from both inside and outside attack.

Last edited 2 months ago by Michael Tanaka
Information Security Buzz
2
0
Would love your thoughts, please comment.x
()
x