The Upcoming UK Telecoms Safety Act Component Two: Changing Mindset from Adhere to Carrot
<div> <img src="https://www.infracom.com.sg/wp-content/uploads/2022/12/965086002_UK-Telecom-Blog-Header_1200x628_20220929_R1-1.png" class="ff-og-image-inserted" /> </div>
<em> Inside our </em> <a href="https://blogs.cisco.com/security/the-upcoming-uk-telecoms-security-act-part-one-what-why-who-when-and-how"> <em> last blog </em> </a> <em> , </em> <em> we gave a rundown of what the Telecommunications (Security) Act (TSA) is, why it’s been introduced, who it affects, when it starts, and how firms can prepare. Here, we have a closer check out the themes introduced by the Act, explore the way the telecoms industry can explore zero trust to boost its security posture further, and outline the huge benefits that may be gained when complying. </em>
Once the Telecoms Security Act (TSA) was introduced, it had been labelled as ‘one of the strongest telecoms security regimes on the planet, a growth in standards over the board, set by the federal government as opposed to the industry’ by Matt Warman, former Minister of State at the Department for Digital, Culture, Media, and Sport. The is obviously feeling the impending impact of the act – with one industry pundit at a meeting we ran recently describing it as a ‘multi-generational change’ for the sector.
Among the headline grabbers stemming from the Act will be the associated fines. With the brand new powers granted to it by the Act, Ofcom now gets the responsibility to oversee operators’ security policies and impose fines as high as ten percent of turnover or £100,000 each day in the event operators don’t comply or the blanket ban of telecoms vendors such as for example Huawei. Sounds like the normal ‘stick’-based costly compliance messaging that particularly really wants to hear no-one, right? But imagine if the TSA had some ‘carrot’-based business benefits which are much less discussed?
The TSA introduces a fresh security framework for the united kingdom telecoms sector to make sure that public telecommunications providers operate secure and resilient networks and services and manage their supply chains appropriately. ny of the themes introduced in the code of practice could be aligned with the themes in a zero trust security model, which certainly are a focus for CISOs also.
Zero trust security is really a concept (also called ‘never trust, always verify’) which establishes rely upon users and devices through authentication and continuous tabs on each access attempt, with custom security policies that protect every application. At Duo, our method of zero trust is:
<ul>
<li> First, <em> accurately </em> <strong> establish trust </strong> - to verify user and device trust and increase visibility </li>
<li> Second, consistently <strong> enforce trust-based access </strong> - to grant the correct degree of access and enforce access policies, in line with the principle of least privilege. </li>
<li> Third, change is inevitable, with regards to risk especially, so <strong> <em> continuously verify trust </em> </strong> by reassessing trust level and adjust access accordingly after initial access has been granted </li>
<li> And fourth, <em> dynamically </em> <strong> react to change </strong> in trust by investigating and orchestrating reaction to potential incidents with an increase of visibility into suspicious changes in trust level. </li>
</ul>
A crucial indicate note here: similar to a remedy that claims to greatly help with all areas of the TSA, telecom providers ought to be cautious with any vendor who claims to truly have a zero-trust product. Both are far much larger than any ‘silver bullet’ solution purports to provide. But there’s a justification a zero-trust framework has been mandated by the US White House for several federal agencies, and recommended by the Australian Cyber Security Centre (ACSC) and the UK’s National Cyber Security Centre (NCSC).
As well as assisting to mitigate the significant cyber risks presented to the telecoms industry, a zero-trust strategy provides many business benefits. Our recent Guide to Zero Trust Maturity implies that:
<ul>
<li> Organisations that reported an adult implementation of zero trust were a lot more than twice as more likely to achieve <strong> business resilience </strong> (63.6%) than people that have a restricted zero trust implementation. </li>
<li> Organisations that achieved mature implementations of zero trust were doubly more likely to report excelling at the next five security practices:
<ul>
<li> Accurate threat detection </li>
<li> Proactive tech refresh </li>
<li> Prompt disaster recovery </li>
incident response
- Timely
- Well-integrated tech
- Organisations that claimed to truly have a mature implementation of zero trust were 2X more prone to report excelling across desired outcomes such as for example greater executive confidence (47%).
A robust zero-trust security program includes phishing-resistant multi factor authentication (MFA), access controls for applications and devices, risk-signalling, dynamic authentication, firewalls, analytics, web monitoring and much more. As I said there is absolutely no one response to zero trust previously, or the TSA indeed, but obtaining the basics right like strong MFA, single to remain (SSO) and device trust are a straightforward and effective solution to get started.
The TSA will be an enormous undertaking for industry, but it is essential to focus on the huge benefits such a wide-reaching group of regulatory rules will inevitably bring about. As another guest from our recent event put it: ‘the TSA is filled with the most recent and modern best practice around security, therefore the aim is to improve the tide and all ships really, which can only be considered a good thing.’
<hr />
<em> We’d want to hear everything you think. Ask a relevant question, Comment Below, and Remain Linked to Cisco Secure on sociable! </em>
<strong> Cisco Protected Social Channels </strong>
<strong> <a href="https://www.instagram.com/CiscoSecure/" target="_blank" rel="noopener noreferrer"> Instagram </a> </strong> <br /> <strong> <a href="https://www.facebook.com/ciscosecure/" target="_blank" rel="noopener noreferrer"> Facebook </a> </strong> <br /> <strong> <a href="https://twitter.com/CiscoSecure" target="_blank" rel="noopener noreferrer"> Twitter </a> </strong> <br /> <strong> <a href="https://www.linkedin.com/showcase/cisco-secure" target="_blank" rel="noopener noreferrer"> LinkedIn </a> </strong>
<pre> <code> <br>
<br>