Jimmy Jones, Cyber Security Telecoms expert at Positive Technologies comments, “While this legislation crystalizes the penalties and locks the government’s advice in a legal framework, if it is aimed at Huawei then I think the damage had already been done. The uncertainty has meant mobile operators have already had to plan for the foreseeable future without Huawei and this just makes any reentry to the market even less likely for the company. What is really interesting here, is the law is establishing the operator’s security responsibility beyond the exclusion of certain vendors, to network security as a whole.
“Governments and agencies around the globe have recognised the stakes are even higher for 5G, which promises to connect exponentially more devices and be the core infrastructure for connected cities. This makes the consequences of security vulnerabilities more dangerous than simply having your internet or phone service go down. It is now an issue of critical national infrastructure, which is why the guidance released by the EU, and more recently the US, and now the UK government are taking this major step in legally enforcing security standards.
“However, 100% 5G networks will not suddenly appear. All of those millions of legacy devices and the older networks around the world cannot just be switched off in one day. They will coexist for many years to come. The telecoms industry also needs to address the inherited security flaws across previous generation networks. We have witnessed firsthand the security threats that stem from network vulnerabilities, that threaten both telecoms operators and their subscribers. These include the potential for denial of service attacks, fraud, call interception and tracking user locations. Our recent research showed 100% of 4G networks are susceptible to Denial of Service attacks and with 5G heavily integrated to previous generations for the foreseeable future, it is not immune.
“The new fines announced today for operators that are not meeting standards are another major financial incentive to get security in order. The security obligations – which include rules on who has access to sensitive parts of the “core” network, how security audits were conducted, and protecting customer data – will force operators to improve their security protection for the whole network rather than just 5G.”
To stay up to date on the latest, trends, innovations, people news and company updates within the global security market please register to receive our newsletter here.
Rebecca Morpeth Spayne,
Editor, Security Portfolio
Tel: +44 (0) 1622 823 922