New law unveiled to make UK 5G network safer

A bill that would give the government greater powers to shut out high-risk vendors from the UK’s telecoms infrastructure will be put before parliament on Tuesday.

At the beginning of the year, ministers determined that additional safeguards should be put into place to protect the UK’s 5G and gigabit-capable networks and exclude ‘high risk’ vendors from areas of it that are critical to security.

High risk vendors are those who pose greater security and resilience risks to UK telecoms.

The new Telecommunications (Security) Bill aims to create national security powers capable of imposing controls on when – if at all – a telecoms firm can use material supplied by companies like Huawei.
In the summer the government announced a ban on the purchase of any new 5G equipment from the Chinese firm from the end of the year.
It also unveiled plans to rip out all Huawei equipment from 5G networks by 2027.

These moves will be enshrined in law by the new bill.
Also under the proposals, security protocols around UK networks will be strengthened with fines – of 10% of turnover or £100,000 a day – for those who do not meet the new standards.

Communications regulator Ofcom is to be tasked with the monitoring and assessing of security protocols among telecoms providers.

Digital Secretary Oliver Dowden said: “We are investing billions to roll-out 5G and gigabit broadband across the country but the benefits can only be realised if we have full confidence in the security and resilience of our networks.

“This groundbreaking bill will give the UK one of the toughest telecoms security regimes in the world and allow us to take the action necessary to protect our networks.”

The Department for Digital, Culture, Media and Sport (DCMS) said current-self governance laws in which telecoms providers were responsible for setting their own security standards, did not work.

The government’s Telecoms Supply Chain Review found that with self-regulation, they often had little incentive to adopt the best security practices.

It said the new rules laid out in the bill would set minimum security standards for firms to reach, while new codes of practice will be introduced to help providers comply with their legal obligations around high-risk vendors.

Dr Ian Levy, technical director at the National Cyber Security Centre (NCSC), said: “The roll-out of 5G and gigabit broadband presents great opportunities for the UK but as we benefit from these we need to improve security in our national networks and operators need to know what is expected of them.”