The United Kingdom announced on Tuesday, 30, new cybersecurity rules that operators in the country will have to follow from October. According to a statement released by the Department for Culture, Media and Sport (TCMS), the aim is to create stricter regulation “against threats of network failures and theft of confidential data”.
Advertising
One of the innovations is the imposition of fines of up to 100 thousand pounds (R$597 thousand) per day in case of non-compliance with the established parameters. Ofcom, the British regulator which drafted the text of the new regulation alongside the country’s National Cyber Security Centre, will carry out the review.
Among other things, the Code provides that operators must:
- Identify and assess the risk of any high-end equipment directly exposed to intruders. This includes telecom towers and internet equipment provided to customers such as Wi-Fi routers and modems that act as entry points.
- tightly control who can make changes to the network;
- Protection against malware or malicious network interference signals that can cause interference.
- Better understanding of the risks your networks face, ensuring the company’s business supports security (eg, with expected accountability).
According to the DCMS, the regulation will be updated from time to time to “ensure it keeps up with evolving cyber threats”.
Code of conduct came into force General advice Also, at this point, further clarifications have been suggested by the government to ensure that security measures are enabled for the software used in the 5G concession, as they are considered “parts of networks that require security”.
Adaptation to cyber security regulations
Until then, telecommunications service providers operating in the UK were responsible for setting their own security standards. However, after reviewing the regulations currently in use, “it was found that providers generally have little incentive to adopt best security practices,” the government said in the memo.
The draft code of conduct is still awaiting consideration by parliament, where it will have 40 days to draft possible changes. After this period, it will be published and then it will come into effect.
While it predicts compliance with the rules in October, “providers are expected to achieve these results by March 2024,” the report said.
Advertising