New security bill promises to fine big British telecom firms over £100,000 a day, if they continue using Huawei equipment
The government is readying legislation that threatens telecom firms with stiff financial penalties if they fail to meet deadlines for tougher security measures.
The new Telecommunications (Security) Bill proposed on Tuesday is designed to boost the security standards of the entire UK telecoms network, as well as remove the threat of high-risk vendors, the government announced.
It comes after Oxford Economics last week revealed the scale of Huawei’s contribution to the United Kingdom economy. It found that Huawei contributed £3.3bn to UK GDP in 2019 alone, and helped support 51,000 British jobs through its economic activity last year.
Prime Minister Boris Johnson in July had ordered all Huawei equipment to be purged from Britain’s 5G network by 2027 over national security concerns.
Now the government’s Telecommunications (Security) bill will place new legal duties on telecoms firms to increase the security of entire UK network.
It will also provide new powers for government to remove high risk vendors such as Huawei; coupled with giving Ofcom new responsibilities to monitor telecoms operators’ security.
“The Bill will strengthen the security framework for technology used in 5G and full fibre networks including the electronic equipment and software at phone mast sites and in telephone exchanges which handle internet traffic and telephone calls,” said the government.
“This will be a significant step to protect the UK from hostile cyber activity by state actors or criminals,” it added. “Over the past two years the Government has attributed a range of cyber attacks to Russia and China, as well as North Korea and Iranian actors.”
Another major thrust of the bill is to equip the Government with new national security powers to issue directions to public telecoms providers in order to manage the risk of high risk vendors.
“While they are already banned from the most sensitive ‘core’ parts of the network, the Bill will allow the Government to impose controls on telecoms providers’ use of goods, services or facilities supplied by high risk vendors,” it said.
And failure to follow these new rules on high risk vendors will result in stiff financial penalties, with carriers possibly “facing heavy fines of up to ten percent of turnover or, in the case of a continuing contravention, £100,000 per day,” said the government.
“Ofcom will be given the duty of monitoring and assessing the security of telecoms providers,” it added.
The government for example revealed that the communications watchdog will be empowered to carry out technical testing, interviewing staff, and entering operators’ premises to view equipment and documents.
At the end of this year, UK carriers have been banned from purchasing new Huawei equipment, and must remove all Huawei equipment from 5G networks by 2027.
The Bill creates the powers that will allow the government to enshrine those decisions in law and manage risks from other high risk vendors in the future.
“We are investing billions to roll out 5G and gigabit broadband across the country, but the benefits can only be realised if we have full confidence in the security and resilience of our networks,” said Digital Secretary Oliver Dowden
“This groundbreaking bill will give the UK one of the toughest telecoms security regimes in the world and allow us to take the action necessary to protect our networks,” said Dowden.
At the moment under the current law, UK telecom providers can set their own security standards in their networks.
But now the government wants to issue specific security requirements that providers will need to follow to meet toughened security requirements.
This includes telcos acting to:
- securely design, build and maintain sensitive equipment in the core of providers’ networks which controls how they are managed;
- reduce the risks that equipment supplied by third parties in the telecoms supply chain is unreliable or could be used to facilitate cyber attacks;
- carefully control who has permission to access sensitive core network equipment on site as well as the software that manages networks;
- make sure they are able to carry out security audits and put governance in place to understand the risks facing their public networks and services; and
- keep networks running for customers and free from interference, while ensuring confidential customer data is protected when it is sent between different parts of the network.
Huawei for its part has always denied it presents a national security risk.