UK Telecom Bill
In an attempt to improve the UK’s network security, the government has introduced the Telecommunications Security Bill. According to Digital Secretary, Oliver Dowden, it will give the UK “one of the toughest telecoms security regimes in the world”. The Telecoms Supply Chain review concluded in 2019 that providers often have little incentive to adopt the best security practices, thus contributing to the decision to introduce the new bill in an effort to improve security by exerting more control. Specifically, the bill seeks to protect the UK from hostile cyber activity by state actors and state-sponsored criminals based on previous attacks attributed to China, Russia, North Korea, and Iran. Additionally, the UK government claims that the telecoms supply chain relies on too few vendors and wants to increase competition, something which this bill will assist in achieving.
Security Requirements for Telecom Bill
The bill increases security requirements for 5G wireless and fiber optic networks, including electronic equipment and software at phone mast sites and in telephone exchanges which handle internet traffic and telephone calls. Providers now must implement a minimum-security standard for their networks and services; the government’s attempt at remediating the insufficient security practices currently in place at some telecom providers. Failure to comply with the bill’s rules results in fines up to either 10% of sales or £100,000 per day.
With the bill in place, the government has greater powers including the ability to issue directions to public telecoms providers in an effort to manage the risk of high-risk vendors. Additionally, the government can impose controls on telecoms providers’ use of goods, services of facilities supplied by high-risk vendors. Specifically, the government has instructed wireless carriers to remove any existing Huawei 5G equipment from their networks by 2027 based on security concerns regarding the Chinese company. Moreover, the bill carefully controls who has permission to access sensitive core network equipment on site in addition to the software that manages networks.
Ofcom, the telecom’s watchdog, will have stronger monitoring powers to assess operators’ security as well as enforcement powers. As such, Ofcom will carry out technical testing, staff interviews, and enter operators’ premises to view equipment and documents as ways to ensure compliance with the bill.
Hardware Access Control (HAC-1) Solution
Sepio System’s Hardware Access Control (HAC-1) solution can assist telecom providers in complying with the new bill, and prevent any intrusions, by providing full visibility into an organization’s assets. The SaaS detects devices operating over network and USB interfaces and using Physical Layer fingerprinting technology and Machine Learning, calculates a digital fingerprint of all devices and compares them against known fingerprints. With this knowledge, the presence of any malicious device will be detected and blocked, thus reducing the chances of a successful hardware attack – including those that enter through the supply chain.