The Telecommunications Security Bill bans the involvement of Chinese firm Huawei in the UK’s 5G mobile network. But it also says that companies which fail to meet deadlines for higher security requirements could face enormous fines. Some of these could be 10% of turnover, or more than £100,000 a day.
As well as ‘removing the threat of high-risk vendors’, the bill is expected to tighten the security framework for technology used in 5G and full-fibre networks including the electronic equipment and software at phone mast sites and in telephone exchanges which handle internet traffic and telephone calls.
This will be a significant step to protect the UK from hostile cyber activity by state actors or criminals, claims the UK government. Over the past two years, the Government has attributed a range of cyber attacks to Russia and China, as well as North Korea and Iranian actors.
In July, following advice from the National Cyber Security Centre (NCSC), the government announced new controls on the use of Huawei 5G equipment – including a ban on the purchase of new Huawei equipment from the end of this year and a commitment to remove all Huawei equipment from 5G networks by 2027.
The Bill creates the powers that will allow the government to enshrine those decisions in law and manage risks from other high-risk vendors in the future.
Says Digital Secretary Oliver Dowden:
“We are investing billions to roll out 5G and gigabit broadband across the country, but the benefits can only be realised if we have full confidence in the security and resilience of our networks.
“This groundbreaking bill will give the UK one of the toughest telecoms security regimes in the world and allow us to take the action necessary to protect our networks.”
Adds NCSC Technical Director Dr Ian Levy:
“The roll-out of 5G and gigabit broadband presents great opportunities for the UK, but as we benefit from these we need to improve security in our national networks and operators need to know what is expected of them.
“We are committed to driving up standards and this bill imposes new telecoms security requirements, which will help operators make better risk management decisions.”
Attempts to ban Huawei from the 5G network have been continuing for more than a year. But the new bill is the first step in enshrining such bans in law and offers details of exactly how it will work – assuming Parliament passes it.
The bill provides the government with national security powers, allowing it to give instructions to the big telecoms companies such as BT about how they use “high risk” vendors including Huawei.
But a new measure contained within the draft law is that any companies which do not live up to expectations will face heavy fines for failure. The threatened sum of £100,000 a day would only be used in the case of “continuing contravention”, the government said. Ofcom, the communications regulator, will be given the job of policing the rules – along with new powers it may need to do so.
Currently, telecoms providers are responsible by law for setting their own security standards in their networks. However, the Telecoms Supply Chain Review concluded by the government last year found providers often have little incentive to adopt the best security practices.