The UK government finalised a new set of rules designed to provide stronger protection for the country against cyber-attacks, with operators on the hook for hefty fines for not complying with the updated regulations.

In a statement, the Department for Digital, Culture, Media and Sport (DCMS) said the new rules will come into force from October 2022, with the security regulations claimed to be among the strongest in the world.

DCMS explained it wants operators to provide protections from cyber threats which could cause network failure or theft of sensitive data.

Among the requirements operators must: protect data processed by their networks and services, protect software and equipment which is used for monitoring, have a deep understand of security risks, identify anomalous activity taking place and take account of supply chain risks.

Providers will be expected to achieve a range of security practices on their networks by March 2024, and a code of practice will be released to set out further requirements.

Little incentive
The government has been able to exercise its power on the standards of the country’s mobile and broadband networks after a new Telecommunications Security Act become law in November 2021.

A probe dubbed Telecoms Supply Chain Review found operators “often have little incentive to adopt the best security practices”.

Currently, operators are responsible for setting their own security standards, but as a result of the new rules, regulator Ofcom will be able to “issue substantial fines for non-compliance of up to 10 per cent of turnover”, or £100,000 a day for continuing contravention.