The potential benefits of 5G, future wireless generations and full-fibre digital connectivity can only be realised if we have confidence in the resilience of our infrastructure

Given the vital role of connectivity to society and the economy, the security of telecom networks is paramount. Telecom companies are particularly susceptible to security concerns due to their interconnected nature and the use of international operational standards. The core infrastructure and large volumes of personal data held means the sector is particularly vulnerable to malicious attacks.

From reducing network capacity to degrading performance, increasing traffic exchange costs, disrupting service availability and intercepting calls, the impact of an attack can be both significant and extensive.

Telecom Network Security

While standards play a critical role in meeting end user and industry needs, the increased use of open interfaces and protocols and the diversity of applications and platforms have all increased opportunities for malicious use of networks. In recent years, there has been a surge in security violations throughout global networks, creating a challenge to shift towards open communication infrastructure without compromising the data exchanged on it. Standards groups are working hard to combat threats in all areas of communications infrastructure, from details in protocol specifications and applications to the management of networks. 

Vulnerabilities exist on many levels (hardware, software and human) but the top security concerns typically encompass:

  • Data Breaches
  • Threats from external forces;
  • Internal threats from within; the greatest risk being unintentional acts from employees
  • Risk of intrusions through mobile devices; IoT invariably brings more connected devices, creating more entry points for attack. The GDPR PrivSec Report found that 47% of the most vulnerable devices are security cameras installed on home networks, followed by smart hubs (15%), like Google Home and Amazon Alexa, and network-attached storage devices (12%).
  • The risk from cloud-based applications

Communication network technologies need to be resilient. Effective security requires consideration of processes, people and technology. Cloud-enabled cybersecurity services, real-time monitoring and threat intelligence tools can all enable organisations to gain the upper hand in security and privacy. Reassuringly, technology security industries across the UK are thriving, from large companies down to SMEs that specialise in services such as penetration testing or risk assessment. 

At a local level, the security of the UK’s telecoms networks is of paramount social, economic and political importance. Ensuring we have a security framework that enables the UK’s Critical National Telecoms Infrastructure to remain online and secure both now and in the future is a key priority for the UK government. The DCMS Supply Chain Review (2018) also recommended the establishment of a new, robust security framework for the UK telecoms sector.  

Following this, the National Cyber Security Centre (NCSC) performed an extensive and detailed analysis of the security of the sector. Based on that risk analysis, they set out to define the technical recommendations and mitigations that could reduce the identified risks and support the creation of this robust new security framework. The recommendations and mitigations, published in 2020, fall into five categories, which can be found here.

With the introduction of the Telecoms Security Act in October 2022, Ofcom has been responsible for making sure the UK’s telecoms network technologies are safe and secure. The law requires telecom providers to have measures in place to identify and reduce the risk of security compromises. 

As Chair of the Security Expert Working Group I'm committed to enabling government and industry to work more closely together to better understand each other's needs.  Security by design, from inception, must become a default that is understood and acted upon as a core principle in everything done.  The good will is there on all sides, now we must rise to the challenge of joining it all up.”

Dave Happy

Independent Consultant

Read more

Our focus areas
  • Policy and regulatory requirements
  • Implications of emerging trends
  • Artificial intelligence and machine learning
  • The impact of increasingly complex and connected systems