Telecommunications (Security) Act 2021

Last updated
Telecommunications (Security) Act 2021
Act of Parliament
Royal Coat of Arms of the United Kingdom (variant 1, 1952-2022).svg
Long title An Act to make provision about the security of public electronic communications networks and public electronic communications services.
Citation 2021 c. 31
Territorial extent England and Wales; Scotland; Northern Ireland
Dates
Royal assent 17 November 2021
Commencement 17 November 2021, 1 October 2022
Other legislation
Amends Communications Act 2003
Status: Current legislation
Text of statute as originally enacted
Text of the Telecommunications (Security) Act 2021 as in force today (including any amendments) within the United Kingdom, from legislation.gov.uk.

The Telecommunications (Security) Act 2021 (c. 31) is an act of the Parliament of the United Kingdom. [1] [2]

The act builds upon and strengthens the Communications Act 2003, in particular the role of Ofcom, the United Kingdom's Office for Communication, in regards of its role in policing the security of telecommunications and telecom providers. The Act requires the provider of a telecommunications network to ensure that they identify, prepare, and reduce the risk of security compromises.

The act provides the government with "new national security powers" [3] and introduces a "duty owed to every person who may be affected" by a security breach. [4]

In November 2020, the government published its "5G Supply Chain Diversity Strategy" [5] It pledged to "introduce a new, robust security framework" for telecommunications suppliers, enhance security powers for OfCom, and place decisions on "high risk vendors" in statutory terms.

The bill, when introduced, represented "a watershed moment in the development of the UK's response to cyber-security threats." [6] though was also called "narrowly focused". [7]

Related Research Articles

<span class="mw-page-title-main">Computer security</span> Protection of computer systems from information disclosure, theft or damage

Computer security, cyber security, digital security or information technology security is the protection of computer systems and networks from attacks by malicious actors that may result in unauthorized information disclosure, theft of, or damage to hardware, software, or data, as well as from the disruption or misdirection of the services they provide.

Telecommunications had an early beginning in Mauritius, with the first telephone line installed in 1883, seven years after the invention of the telephone. Over the years, the network and telephony improved. By the late 20th century, the rapid development and convergence of information and telecommunications technologies gave rise to an ICT industry on the island along with many incentives provided by the government. The government thus aims to make the ICT sector the 5th pillar of the Mauritian economy and Mauritius a Cyber Island. Historically, the country is known for tourism, rather than its call centers and business process outsourcing.

<span class="mw-page-title-main">Huawei</span> Chinese multinational technology company

Huawei Technologies Co., Ltd. is a Chinese multinational technology corporation headquartered in Shenzhen, Guangdong. It designs, develops, manufactures and sells telecommunications equipment, consumer electronics, smart devices and various rooftop solar products. The corporation was founded in 1987 by Ren Zhengfei, a former officer in the People's Liberation Army (PLA).

<span class="mw-page-title-main">Critical infrastructure</span> Infrastructure important to national security

Critical infrastructure, or critical national infrastructure (CNI) in the UK, describes infrastructure considered essential by governments for the functioning of a society and economy and deserving of special protection for national security.

<span class="mw-page-title-main">Computer Misuse Act 1990</span> United Kingdom legislation

The Computer Misuse Act 1990 is an Act of the Parliament of the United Kingdom, introduced partly in response to the decision in R v Gold & Schifreen (1988) 1 AC 1063. Critics of the bill complained that it was introduced hastily, was poorly thought out, and that intention was often difficult to prove, with the bill inadequately differentiating "joyriding" hackers like Gold and Schifreen from serious computer criminals. The Act has nonetheless become a model from which several other countries, including Canada and the Republic of Ireland, have drawn inspiration when subsequently drafting their own information security laws, as it is seen "as a robust and flexible piece of legislation in terms of dealing with cybercrime”. Several amendments have been passed to keep the Act up to date.

<span class="mw-page-title-main">ZTE</span> Chinese telecommunication company

ZTE Corporation is a Chinese partially state-owned technology company that specializes in telecommunication. Founded in 1985, ZTE is listed on both the Hong Kong and Shenzhen Stock Exchanges.

A cybersecurity regulation comprises directives that safeguard information technology and computer systems with the purpose of forcing companies and organizations to protect their systems and information from cyberattacks like viruses, worms, Trojan horses, phishing, denial of service (DOS) attacks, unauthorized access and control system attacks. There are numerous measures available to prevent cyberattacks.

Openreach Limited is a company wholly owned by BT Group plc, that maintains the telephone cables, ducts, cabinets and exchanges that connect nearly all homes and businesses in the United Kingdom to the national broadband and telephone network. It was established in 2006 following an agreement between BT and the UK's telecoms regulator, Ofcom, to implement certain undertakings, pursuant to the Enterprise Act 2002, to ensure that rival telecom operators have equality of access to BT's local network.

<span class="mw-page-title-main">Internet in Afghanistan</span> Overview of the Internet in Afghanistan

Internet in Afghanistan is available in all of its 34 provinces, and is used by over 9 million people as of 2022. The internet officially became available in 2002 during the presidency of Hamid Karzai. Prior to that year, it was prohibited because the Islamic Emirate of Afghanistan believed that it may be used to broadcast obscene, immoral and anti-Islamic material, and because the few internet users at the time could not be easily monitored as they obtained their telephone lines from neighboring Pakistan.

A supply chain attack is a cyber-attack that seeks to damage an organization by targeting less secure elements in the supply chain. A supply chain attack can occur in any industry, from the financial sector, oil industry, to a government sector. A supply chain attack can happen in software or hardware. Cybercriminals typically tamper with the manufacturing or distribution of a product by installing malware or hardware-based spying components. Symantec's 2019 Internet Security Threat Report states that supply chain attacks increased by 78 percent in 2018.

The Communications Authority of Kenya (CA) is the regulatory authority for the ICT industry in Kenya with responsibilities in telecommunications, e-commerce, broadcasting and postal/courier services. The CA is also responsible for managing the country's numbering and frequency spectrum resources, administering the Universal Service Fund (USF) as well as safeguarding the interests of users of ICT services.

<span class="mw-page-title-main">Viettel</span> Vietnamese multinational telecommunications company & defense contractor

The Military Industry and Telecoms Group, doing business as Viettel or Viettel Group, is a Vietnamese state-own multinational telecommunications, technology and manufacturing conglomerate headquartered in Hanoi, Vietnam. The enterprise is run by the Vietnam Ministry of National Defence, making it a military-associated corporation.

Digital supply chain security refers to efforts to enhance cyber security within the supply chain. It is a subset of supply chain security and is focused on the management of cyber security requirements for information technology systems, software and networks, which are driven by threats such as cyber-terrorism, malware, data theft and the advanced persistent threat (APT). Typical supply chain cyber security activities for minimizing risks include buying only from trusted vendors, disconnecting critical machines from outside networks, and educating users on the threats and protective measures they can take.

<span class="mw-page-title-main">Cyber Intelligence Sharing and Protection Act</span> Unpassed United States bill

The Cyber Intelligence Sharing and Protection Act was a proposed law in the United States which would allow for the sharing of Internet traffic information between the U.S. government and technology and manufacturing companies. The stated aim of the bill is to help the U.S. government investigate cyber threats and ensure the security of networks against cyberattacks.

The cyber security community in the United Kingdom is diverse, with many stakeholders groups contributing to support the UK Cyber Security Strategy. The following is a list of some of these stakeholders.

<span class="mw-page-title-main">Telecommunications Act 1984</span> United Kingdom legislation

The Telecommunications Act 1984 is an Act of the Parliament of the United Kingdom. The rules for the industry are now contained in the Communications Act 2003.

A software supply chain is composed of the components, libraries, tools, and processes used to develop, build, and publish a software artifact.

Concerns over Chinese involvement in 5G wireless networks stem from allegations that cellular network equipment sourced from Chinese vendors may contain backdoors enabling surveillance by the Chinese government and Chinese laws, such as the Cybersecurity Law of the People's Republic of China, which compel companies and individuals to assist the state intelligence agency on the collection of information whenever requested. The allegations came against the backdrop of the rising prominence of Chinese telecommunication vendors Huawei and ZTE in the 5G equipment market, and the controversy has led to other countries debating whether Chinese vendors should be allowed to participate in 5G deployments.

The Clean Network was a U.S. government-led, bi-partisan effort announced by then U.S. Secretary of State Mike Pompeo in August 2020 to address what it describes as "the long-term threat to data privacy, security, human rights and principled collaboration posed to the free world from authoritarian malign actors." Its promoters state that it has resulted in an "alliance of democracies and companies," "based on democratic values." According to the Trump administration, the Clean Network is intended to implement internationally accepted digital trust standards across a coalition of trusted partners.

<span class="mw-page-title-main">Artificial Intelligence Cold War</span> Geopolitical narrative

The Artificial Intelligence Cold War is a narrative in which tensions between the United States and the People's Republic of China lead to a second Cold War waged in the area of artificial intelligence technology rather than in the areas of nuclear capabilities or ideology. The context of the AI Cold War narrative is the AI arms race, which involves a build-up of military capabilities using AI technology by the US and China. A key area of concern in the tensions between China and the US are semiconductors because of their key role of semiconductors for the competitiveness of the AI industry.

References

  1. "New telecoms security law to protect UK from cyber threats". Gov.uk. 24 November 2020. Retrieved 13 July 2021.
  2. "Telecommunications (Security) Bill". 26 May 2021. Retrieved 13 July 2021.
  3. "New telecoms security law to protect UK from cyber threats". Gov.uk. 24 November 2020. Retrieved 13 July 2021.
  4. "What could the Telecommunications (Security) Bill mean for ISPs and telcos?". Decoded Legal Blog. 2 December 2020. Retrieved 13 July 2021.
  5. "5G Supply Chain Diversification Strategy". Gov.uk. 20 November 2020. Retrieved 13 July 2021.
  6. Benson, Townsend, Jonathan, Matthew (11 December 2020). "The Telecommunications (Security) Bill: the rollercoaster ride continues". JD Spura. Retrieved 13 July 2021.{{cite web}}: CS1 maint: multiple names: authors list (link)
  7. Allisson, Peter Ray (2 June 2021). "What the Telecommunications (Security) Bill means for UK industry". Computer Weekly. Retrieved 13 July 2021.