UK Government Announced New Security Rules on ISPs & Mobile Network Providers to Boost Security

13-09-2022 | By Robin Mitchell

The rising dependence on internet-powered technologies has made society more vulnerable to cyberattacks than ever, and this has led the UK government to introduce new rules on cybersecurity for ISPs and mobile network providers. What challenges does technology dependence present, what has the government announced, and why are the rules needed?

What challenges does technological dependencies present to modern nations?

Ever since the dawn of mankind, humanity has been dependent on the technology it develops. The invention of the wheel helped man move objects of unimaginable weight across fast distances, while the discovery of fire allowed man to wield the power of Iron to craft items of incredible durability and beauty. However, technologies developed before the industrial revolution could be argued as being basic which lack deep understanding of modern physical, mathematics, or chemistry. As such, it is hard for such technology to be disrupted and forgotten. 

After the industrial revolution, man turned to the power of steam, and the construction of large iron ships powered by multi-story steam engines required large teams of people all having their own areas of expertise. The amount of knowledge that man has procured over the last 200 years is so vast that no one human could know everything, and this has created a society whereby it can only function so long as there are enough people supporting the system all learning about different aspects of technology (i.e. the transition from the individual to group dependence).

But this dependency on technology has become so engrained in modern society that almost every aspect of everyday life is now government by technologies such as power generation, the internet, and cellular services. While this dependency has helped to accelerate the development of new concepts (such as IoT and smart systems), it also leaves modern society extremely vulnerable to cyberattacks. 

Back 50 years ago, electricity was essential for the normal operation of a country, but power stations were not networked together, and losing power in a home was not the end of the world. Fast forward to 2022, and just the loss of internet services will see life come to a complete standstill; most payment methods require internet access, TV streaming is impossible, traffic systems fail to operate, and even power generation can be disrupted. 

In fact, societies dependence on internet-connected technologies is something that hasn’t happened in human history for the simple reason that attacking such infrastructure can be done remotely from anywhere around the planet. Any attacker (domestic or foreign) can connect to the internet, launch an offensive, and shutdown an entire countries infrastructure all from a single computer terminal. 

UK government announces new rules on ISP and mobile security

Recognising the challenges faced by modern infrastructure (and societies dependency on its proper operation), the UK government has recently announced new rules that require tougher security measures to be taken by ISPs and mobile network operators. The new rules plan to strengthen UK Infrastructure to ensure that networks are not used for malicious purposes while also protecting those networks against attacks. Such attacks have become increasingly likely after the Russo-Ukraine conflict of 2022 and the worsening relationship between the West and China over Taiwan.

According to gove.uk, the new regulations will be some of the strongest in the world and will focus on protecting networks as well as theft of sensitive data. The rules, which have been introduced through the Telecommunications (Security) Act, will target ISPs that provide broadband services as well as mobile network operators who provide internet-related services.

Before the introduction of the new rules, telecom providers were responsible for their own cybersecurity measures, but investigations made by officials found that the best practices were rarely being implemented as it was not in the financial interest of providers. Thus, the new rules will introduce a set of standards and requirements that will ensure providers implement strong security practices at all levels of operation and face fines if not done.

Examples of obligations by providers introduced by the new act will include the protection of data processed by networks and protection of critical functions, protect software that is used to monitor and manage networks, ability to identify anomalous activities, and identify supply chain risks. At the same time Ofcom will also be overseeing new security practices including risk analysis of Wi-Fi routers, restricting control of those able to make network-wide changes, protecting networks against malicious signalling, and ensuring that businesses have proper security accountability.

Why are these rules needed?

If there is one thing that government is very good at (besides spending other peoples money), its regulation. Whenever governments try to participate in daily activity (such as the NHS, nationalised railways, or postal service), they almost always overspend, create organisations that centre on laziness, and never know how to incorporate the best technologies. But regulations allow for governments to identify issues in the private sectors and then step in to prevent unfair and/or dangerous practices.

In the case of telecommunications and ISPs, there is no real incentive for businesses to protect themselves with the highest levels of security. Hackers who cause disruption are annoying for consumers, but services will eventually be restored, and there is absolutely nothing that customers can do. Hackers who use ISPs to launch attacks are dependent on the ISP for their connection, and as such are unlikely to be the target of a hack. 

Considering that modern life has become so incredibly dependent on internet-related infrastructure, the lack of security regulations is honestly surprising. The introduction of the new rules will not only help to ensure reliability in modern services, but also help protect critical infrastructure against large-scale threats. 

Overall, the introduction of the new rules is a rare moment where government intervention is a force for good, and hopefully, will help secure the infrastructure that we so desperately rely on. 

Profile.jpg

By Robin Mitchell

Robin Mitchell is an electronic engineer who has been involved in electronics since the age of 13. After completing a BEng at the University of Warwick, Robin moved into the field of online content creation, developing articles, news pieces, and projects aimed at professionals and makers alike. Currently, Robin runs a small electronics business, MitchElectronics, which produces educational kits and resources.