Telecoms (Security) Act
Get ready for big changes
However, you should not see this as an extra burden for your organization and a threat of up to £100.000 per day penalties for non-compliance. This is an opportunity that, besides improving security, can help you implement automated work processes that cut operative costs and improve service quality.
We're here to help
See below the main topics of the Statutory Instruments (SI) and how PacketFront can assist you in addressing many of the requirements. If you want to know more about other benefits, check the rest of our homepage and get into contact with us!
Tier 3 provider?
Providers with less £50m in turnover are currently exempted from TSA requirements, but here are some of the reasons why you should consider compliance:
- Tier 3 providers must continue to take appropriate measures to comply with the new duties under the Act
- If you supply services, like connectivity, to Tier 1 or 2 operators you are part of their supply chain and need to comply
- In merger and acquisition situations compliance means your assets have a higher valuation
- And last but not least: The requirements in TSA are sensible. The security is ultimately for your benefit, so don’t wait until somebody hacks into your network. You can come a long way ‘for free’ as an additional benefit of a cost saving network automation project.
The areas of interest
Click on the read more-buttons to explore our solutions.
We have been assisting carriers in building networks for more than 20 years. We can advise you on best practices of how to build a robust and secure management plane. But desig is just the start of the journey. Maintaining it over time is more challenging - typically leading to deviation from the security rules as well as poor and lacking documentation.
The benefit of using BECS network orchestrator is that you enforce the security rules and record the use of the system-- and thus reduce the risk of security compromises.
BECS has an always up-to-date network map making sure you have full view and control down to firmware versions and configurations used in the network.
By centralizing and automating the network management you limit your exposure, as manual access to the network can be highly restricted, making it easier to control and protect. Besides limiting the access, automation eliminates manually introduced errors reducing the number of unintended security vulnerabilities.
Limiting access to the network control layer is, of course, not the whole answer. For example, network or end-customer devices may have software vulnerabilities. BECS provides full control of the used default configuration and enables swift rollout of any security updates via secure management protocols.
Using our BECS network orchestrator means that you have full control and traceability of your network, who has accessed it, and what they have changed. As the changes are executed, the system automatically becomes your documentation, meaning that you have a real-time picture of your network down to details.
If an internal or external actor would manage to bypass BECS and do changes in the network directly, the network orchestrator’s audit tools will detect these anomalies and report them for further analysis. If deemed appropriate, it can also automatically rollback the changes.
One key security aspect is the access to BECS itself. It can be installed in on-prem or hosted environment. Regardless of which option you choose, the system will be securely located in UK making it easier to monitor and restrict access to.
With BECS network orchestrator you have full control of what 3rd party suppliers have access to in your network as well as records of any actions taken by them.
BECS multi-vendor capabilities helps you secure the equipment supply chain, whatever happens in the commercial, technical or political spheres. It gives you full flexibility to choose hardware suppliers, and to swiftly transit between suppliers without affecting your existing services or business logic. You simply download a new ‘Element Manager’, as we call them.
This is good news not only from the supply perspective, but gives procurement a powerful tool when comparing suppliers offers without creating technical lock-ins.
BECS network orchestrator has several functions to protect the access to BECS itself and to network elements.
For example, the access to BECS can be controlled via TACACS+ protocol for maximum security and you can control read/write access to the network by providing individual or group level user rights based on factors like geography or network hierarchy.
All passwords to access network elements are stored encrypted in BECS. This highly limits the number of people required to know these passwords and makes it more challenging for any intruder to get hold of the login information.
If the worst would happen, due to human error or malicious act, and the network is changed in an unintended or unauthorized manner, BECS can rapidly restore the network to the last approved state as it has a database with an always current desired state of the network.
The SI requires both online and offline copies of the information and retain them in UK. This is a standard procedure when using BECS and can be easily achieved with regular backups of the BECS database.
The SI defines how operators should manage and create best practices for security related administration, i.e. manage business procedures, roles, user rights and responsibilities.
The governance also includes procedures for managing network security updates and equipment upgrades. Again, BECS is an excellent tool for managing these upgrades and making sure that everything is correctly documented.
The security measures should be reviewed annually evaluating risks and results.
In manually operated networks the competence is typically in the hands (or rather heads) of a few key employees. This makes it challenging to onboard new personnel leading to errors and, ultimately, security risks. When using BECS, the network is standardized and documented, meaning employees have easier to understand the network structure and the service delivery.
In addition, PacketFront provides extensive training making sure that your personnel understand the system they are working with.
Testing the security is the ultimate proof that you are compliant to Telecom Security Act. Whether the testing is executed by your own employees or 3rd parties, the key personnel may not be aware of the tests in advance. Service providers must also give reasonable assistance to you and other relevant network providers in their testing and all parties must share information about security compromises.
And lastly: Remember that the penalties will not be applied as long as you can proof that you have taken appropriate and reasonable preventive actions.
The SI specifies a 14-day time limit for deploying patches for security compromises. This can be challenging to achieve if a patch is for devices that have been widely deployed in the network. It can also be impossible to know, or proof, that all devices are running the right firmware.
With BECS you can do extremely fast and controlled upgrades and at the same time make sure that all devices connected to the network are using the intended firmware version.
Contact us to learn more
We are in dialogue with many UK based operators to gather information and experiences about the Telecom Security Act. Don’t hesitate to contact us to get more information about the law or how we can assist you with the compliance.