Proposal for new telecoms security regulations and code of practice
The government is consulting on proposals for new regulations and a code of practice to improve the security and resilience of public telecoms networks and services.
The Telecommunications (Security) Act 2021 provided the government with new powers to make security regulations and issue codes of practice. The government is now proposing to use those powers to help secure the UK’s public telecoms networks and services.
The UK is becoming ever more dependent on such networks and services. The increased reliance of the economy, society and critical national infrastructure (CNI) on public telecoms networks and services means it is important to have confidence in their security. As the value of our connectivity increases, it becomes a more attractive target to cyber attackers. It is important to make sure that our networks and services are secured in this evolving threat landscape.
The government is therefore consulting on proposals for new regulations and a code of practice that are intended to address security risks to public telecoms networks and services. This process meets the statutory requirement for the government to consult with affected parties before issuing a code of practice, under section 105F of the Communications Act 2003 (inserted by the Telecommunications (Security) Act 2021). This consultation seeks informed views from Ofcom, providers of public networks and services, as well as those who may have experience in these matters on the proposals within the draft code of practice, which has been published alongside this document. As the regulations will be the first to be issued under the new telecoms security framework, the government has also decided to consult on the draft regulations. The closing date for responses to the consultation is 11:45pm on 10 May 2022.
Please send responses to the questions contained in the consultation to security.framework.consultation@dcms.gov.uk
The impact assessment accompanying this consultation will be updated for the findings of a cost survey and published alongside the final regulations and code of practice. Details of the cost survey are included in the consultation document, and a plain copy of the full survey is listed below.
The National Cyber Security Centre has recently published its Vendor Security Assessment, which is referenced in the draft code of practice.