While standards play a critical role in meeting end user and industry needs, the increased use of open interfaces and protocols and the diversity of applications and platforms have all increased opportunities for malicious use of networks. In recent years, there has been a surge in security violations throughout global networks, creating a challenge to shift towards open communication infrastructure without compromising the data exchanged on it. Standards groups are working hard to combat threats in all areas of communications infrastructure, from details in protocol specifications and applications to the management of networks.
Vulnerabilities exist on many levels (hardware, software and human) but the top security concerns typically encompass:
- Data Breaches
- Threats from external forces;
- Internal threats from within; the greatest risk being unintentional acts from employees
- Risk of intrusions through mobile devices; IoT invariably brings more connected devices, creating more entry points for attack. The GDPR PrivSec Report found that 47% of the most vulnerable devices are security cameras installed on home networks, followed by smart hubs (15%), like Google Home and Amazon Alexa, and network-attached storage devices (12%).
- The risk from cloud-based applications
Communication network technologies need to be resilient. Effective security requires consideration of processes, people and technology. Cloud-enabled cybersecurity services, real-time monitoring and threat intelligence tools can all enable organisations to gain the upper hand in security and privacy. Reassuringly, technology security industries across the UK are thriving, from large companies down to SMEs that specialise in services such as penetration testing or risk assessment.
At a local level, the security of the UK’s telecoms networks is of paramount social, economic and political importance. Ensuring we have a security framework that enables the UK’s Critical National Telecoms Infrastructure to remain online and secure both now and in the future is a key priority for the UK government. The DCMS Supply Chain Review (2018) also recommended the establishment of a new, robust security framework for the UK telecoms sector.
Following this, the National Cyber Security Centre (NCSC) performed an extensive and detailed analysis of the security of the sector. Based on that risk analysis, they set out to define the technical recommendations and mitigations that could reduce the identified risks and support the creation of this robust new security framework. The recommendations and mitigations, published in 2020, fall into five categories, which can be found here.
With the introduction of the Telecoms Security Act in October 2022, Ofcom has been responsible for making sure the UK’s telecoms network technologies are safe and secure. The law requires telecom providers to have measures in place to identify and reduce the risk of security compromises.