What does the UK government’s Telecoms Security Bill mean for the future of the industry? – Telecoms.com


Telecoms.com periodically invites expert third parties to share their views on the industry’s most pressing issues. In this piece Matias Madou, Co-Founder & CTO of Secure Code Warrior, looks at the implications of a new piece of UK, telecoms-specific legislation.

The Telecoms Security Bill, which seeks to introduce a new security framework for the UK telecoms sector, is currently being passed through the UK parliament. The bill aims to ensure that public telecommunications providers operate secure and resilient networks and services, and manage their supply chains appropriately.

Telecoms, like many other industries, have relied on a reactive approach to security for far too long, and while the new rules introduced by the bill don’t prioritise a grass-roots approach to security led by secure coding, it does introduce a series of tests to ensure providers are meeting government standards. So, what exactly does the bill mean, and how are these new rules going to ensure that security risks and compromises are minimised in the sector?

Raising security standards, across the board

To put it simply, the Telecoms Security Bill aims to empower the government to boost the security standards of the UK’s telecoms networks, whilst removing the threat of high-risk vendors. These measures include new controls on the use of Huawei 5G equipment, for example, including a ban on the purchase of new Huawei equipment from the end of this year, and a pledge to remove all Huawei equipment from 5G networks altogether by 2027.

Another key change is around penetration testing, or “pen-testing” – under the new regulations, telecom providers will be required to pen-test their networks annually. Although many providers already test their networks regularly, the new security framework will make the practice compulsory. In order to the understand the potential impact of the bill, we need to drill down into what pen-testing actually and why it’s so essential for the industry.

Compulsory annual pen-testing

Pen-testing is a security technique designed to identify, test and flag vulnerabilities in IT systems. This is done by allowing “ethical hackers” to simulate cyberattacks to test the…

Source…