Security of UK Telecommunications

https://doi.org/10.58248/PN584

Key points: 

• Telecommunications (telecoms) have been recognised by the Government as one of 13 critical national infrastructure sectors – a term signifying infrastructure that is pivotal to the functioning of the UK.
• Concerns have been raised recently about the security of telecoms networks, including undersea cables that transmit an estimated 97% of global communications and $10 trillion of financial transactions every day.
• Threats to telecoms can be classified as physical or cyber, and can be malicious, non-deliberate, or the result of a natural disaster. Examples of threats to telecoms include cable damage, power and system failures, flooding and cyber-attacks.
• The Communications Act 2003 requires telecoms companies to take measures to maintain the security and resilience of their networks. While there is no mandated security and resilience standard for telecoms, Ofcom and others produce guidance on what measures telecoms companies should take in order to meet their obligations under the Communications Act.
• Physical resilience measures include investing in duplicates of infrastructure, installing back-up power supplies, and protecting infrastructure using defences around site premiers. Cyber resilience measures include preparing a data breach plan and using anti-virus software.

Acknowledgements

POSTnotes are based on literature reviews and interviews with a range of stakeholders, and are externally peer reviewed. POST would like to thank interviewees and peer reviewers for kindly giving up their time during the preparation of this briefing, including:

• British Geological Survey*
• Broadband Stakeholder Group*
• BT*
• Centre for the Protection of National Infrastructure*
• Civil Contingencies Secretariat*
• David Happy, Telint*
• Department for Digital, Culture, Media & Sport*
• EE*
• Electronic Communications Resilience and Response Group*
• European Subsea Cables Association*
• Institution of Engineering and Technology*
• International Cable Protection Committee*
• International Telecommunication Union*
• John Stonehouse, Aurum Globe*
• Met Office*
• National Audit Office*
• National Cyber Security Centre*
• Ofcom*
• Openreach*
• Professor Alwyn Seeds, University College London*
• Professor David Hutchison, University of Lancaster*
• Professor Mischa Dohler, King’s College London*
• Professor Rahim Tafazolli, University of Surrey*
• Professor Timothy O’Farrell, University of Sheffield*
• Rishi Sunak, MP*
• Royal United Services Institute*
• TalkTalk*
• TechUK*
• Three*
• Vodafone UK*

* Denotes external reviewers of the briefing.