Strengthening telecom cyber security is a global trend.
There’s a lot of buzz about the UK’s Telecommunications (Security) Act (TSA) as telecom providers, with support from their supply chain partners, rush to implement the new Code of Practice requirements ahead of upcoming deadlines (the earliest of which are in 2024).
While the UK is, in some ways, leading the charge with its TSA, it’s actually part of an overall trend in global policymaking aimed at creating a more secure and resilient telecommunications infrastructure. Across the globe, governments in Europe, Canada, the United States, Australia and Singapore have moved, or are moving quickly to implement telecom security standards affecting thousands of industry businesses.
Given this worldwide movement and its implications for business continuity, telecom providers, their vendors and service partners around the world need to look beyond their borders to stay on top of emerging mandates on the global stage. Here’s why:
Compliance is a matter of national security.
With the entire economies of the world’s leading countries dependent on secure, reliable telecoms for both critical national infrastructure (CNI) and commerce—and those essential services increasingly coming under attack from threat actors—it’s no surprise governments seek to monitor and regulate the situation more closely.
Secure connectivity has become increasingly essential from both a domestic perspective (societal breakdown in the absence of utilities and infrastructure could be catastrophic) and for guarding against international threats. Governments have recognised that the market isn’t going to protect CNI, so they are taking the lead to ensure safety and order. That means if you’re in the telecoms sector and haven’t already begun a compliance related programme, you’ll soon likely have no choice— no matter where you do business.
It’s a catalyst for growth.
Beyond just achieving required compliance now, meeting global security standards prepares telecom providers (and other companies) for growth down road.
Whether that’s expanding beyond current borders to penetrate new markets, partnering with foreign firms or positioning for acquisition, achieving global compliance puts every organisation in a better position to move quickly when new opportunities arise.
Mandates are an impetus for investment.
Information security and cyber security professionals working in telecom organisations have been promoting the importance of security for years, trying to garner investment to step up security protocols. Some organisations have been hesitant to invest because of the perceived cost-benefit. But with the surge in national mandates, cyber security teams have the validation they need to convince boards to spend on the security protocols they’ve been asking for.
With required compliance and the threat of penalties forcing the issue, it becomes much easier for CISOs to convince the rest of the organisation, especially those who aren’t cyber security specialists.
The standards are similar.
Fortunately, the security protocols being implemented around the world broadly share the same principles. Nearly all include similar codes of practice around vulnerability disclosures, cyber security strategy, incident reporting, and response protocols.
While it’s too early to tell if the UK’s TSA will become the gold standard, much like the EU GDPR and California’s CCPA privacy standards of 2016 and 2018, companies that comply with one federal mandate can more easily achieve compliance with most others.
Compliance levels the playing field.
Some companies view cyber security as a cost centre rather than strategic growth enabler, so they either don’t bother with it or spend the absolute bare minimum until they’ve had a major incident. That puts companies who are doing the right thing and investing in robust security at a potential market disadvantage compared to those who are risking it due to increased product lifecycle costs.
The implementation of global telecoms security standards requires every provider to meet the same baseline, levelling the competitive playing field while ensuring enhanced security and peace of mind for those who depend on their services.
Compliance is a strategic opportunity.
While some telecoms providers may view mandated compliance as a chore, it’s actually a strategic opportunity. That’s why when developing a compliance programme for any one region, it’s essential to bear in mind what’s going on at the global level. By implementing the UK’s TSA requirements now, telecom providers and vendors in the space can be in a much better position to meet requirements more easily in other regions.
But meeting compliance standards—whether in just one region or across many—requires high-level cyber security expertise, strategic planning and deep knowledge of the principles and standards. Companies can attain these essentials through a combination of two strategies:
1. For companies with global operations, don’t work in a silo. Aligning and collaborating with teams in other regions allows you to tap into internal resources who have the expertise and first-hand, on-the-ground knowledge of the codes of practice for their location. Working together from the outset allows you to implement more universal standards based on global requirements from the beginning, rather than playing catch up.
2. Partner with a global, world-class cyber security firm like NCC Group. We have a dedicated TSA Cyber Security Review to serve as a compliance gap analysis, compliance implementation capabilities, extensive experience, and a physical presence and relationships in the regions in which you operate. With teams in the US, Europe, the UK, Canada, Australia, Singapore and beyond, NCC Group has the expertise in achieving and maintaining your compliance objectives. We’ll work as an extension of your in-house team, developing and deploying a global compliance plan.
Planning ahead is a core premise of any cyber security strategy. Now more than ever, telecom providers need to take a proactive approach toward meeting global security compliance standards to ensure business continuity and enable growth.
Compliance planning can offer a lot more than just checking the boxes.
Start with a Cyber Security Review and find out how our global compliance programmes can help position your company for whatever threat or opportunity may lie ahead.
Telecoms Practice Associate Director, NCC Group UK
With 23 years of experience in the global telecommunications market, Chris supports NCC Group's clients with their security requirements, particularly regarding their regulatory obligations.
He's held previous roles at Nokia and the UK’s Lead Government Department for telecommunications, DCMS. Our clients benefit from Chris's rich insights he gathers from his ongoing engagements with the sector's affiliated organisations such as Ofcom, GSMA, and NCSC.