Dashboards have been quite a topic of contention in certain circles with the recent recirculation of Taylor Brownlow’s essay ”Are Dashboards Dead?”.

While I’m of the opinion that no, dashboards are not dead, they have been undeniably overused and often misunderstood, with a disconnect between a dashboard’s actual function versus our perceived function of them. 

Why is there dashboard fatigue?

Many of us have experienced dashboard fatigue, and rightfully so. As businesses, how many dashboards have we commissioned that were never fully utilised, if used at all? The answer is too many.

The reason for low engagement isn’t the fault of the humble dashboard, but rather that a dashboard was never the appropriate solution for the end user, or its design wasn’t tailored enough to the business use case.  

When faced with a business problem requiring data insights, we often jump straight to dashboard creation. However, there are many other solutions that can be tailored to deliver data insights, such as concise reports and static presentations. With an increased understanding of where dashboards fail, the conversation has shifted to questioning their relevance altogether.  

So, what place do dashboards still have in businesses, and how can we better understand where they excel to drive improved outcomes? 

What potential challenges may arise with dashboards?

There are many instances where dashboards may be less effective or complicate matters for businesses, and other methods provide a better solution. Instances may include: 

• When the user needs a concise answer to a question:
  Dashboards require interaction and exploration, which can be time-consuming. If a stakeholder needs a straightforward answer, a tailored report is more efficient.  
• For business specific, niche questions:
  Not every level of enquiry warrants the resource-intensive creation of a dashboard. For narrow, targeted questions, simpler reporting methods suffice. 
• One-time insights:
  Dashboards are overkill for static data projects, such as measuring the success of a single transformation. In these cases, producing a well-crafted report or presentation is more resource-efficient. 
• If the data is exported for analysis:
  If users regularly export dashboard data to manipulate it elsewhere, it’s a sign that the dashboard doesn’t meet their needs or wasn’t necessary to begin with. 

When might dashboards be the right solution?

Company-wide reporting platforms

Dashboards provide a unified view of performance across teams, offering consistent delivery of insights to aiding faster decision making, customisable filters for views specific to each business unit, efficiency in distributing insights without the need for manual reporting and increased data accessibility through data visualisation. 

Regular cadence reporting

For tracking ongoing metrics such as daily sales, customer trends or campaign performance, and measuring progress against targets, dashboards provide updated insights without the wait. 

Exploratory analysis

Whenusers want to discover patterns, relationships or unknown trends within the data, dashboards allow for interactive interrogation. These tools are especially valuable for data-savvy end users, enabling self-service exploration without requiring an analyst’s intervention. 

Monitoring ongoing initiatives

Dashboards are excellent for tracking live projects or recurring business processes, offering real-time visibility into performance. 

The future approach for dashboards

With the above in mind, we’re moving to a more informed approach where dashboards are no longer a tiresome, default solution, but a carefully considered tool.

The future isn’t about abandoning dashboards, but about being intentional and strategic in their creation and deployment. The key is facilitating dashboard creation in a way that adds tangible value and is thoughtfully configured to provide meaningful, actionable insights that empower decision making. 

How CACI can help

At CACI, we work with you to deliver the best solutions for your analysis needs. Our extensive experience in successfully implementing dashboards across diverse industries highlights several key scenarios where dashboards have proven to be highly effective.  

Whether it’s creating a bespoke, one-off report or developing a suite of comprehensive, customisable dashboards, contact us to find out more about how our user centric approach and industry expertise can help you gain meaningful analytics that will drive strategic business outcomes. 

On a recent programme development day, Phil Ballard, one of our award-winning Scrum masters facilitated the Ball Point Game. This is an industry-known Agile game which is usually run as part of an introduction to the Agile ethos for those keen to follow the Scrum methodology. 

Despite CACI having teams that are highly experienced in Scrum, we still found this activity to be useful not only as a “going back to basics” session, but also from the several other lessons learned from our own adaptation. 

Ball Point Game: basic overview 

Teams of eight are formed, with each team collecting a bag of balls. 

Within an Iteration (of which four take place), teams pass as many balls as possible among team members, with each ball passed scoring the team a point. Teams must adhere to the acceptance criteria of each ball being touched at least once by every member, each ball returning to the same person who introduced it into the team, each ball having “airtime” as it moves between team members, lost balls being fetched and re-entering the team where it left and dropped balls not being re-introduced into the system.

During each Iteration, teams will have one minute to talk among themselves and two minutes to perform the ‘Objective’. Prior to each Iteration, an estimate for the number of balls expected to pass through the team within the next Iteration is predicted. 

CACI’s spin on the Ball Point Game 

Considering teams are already experienced in delivering in scrum, we made things more lifelike by introducing additional requirements in Iterations 3 and 4: 

• The balls are being sold in packs of ten, with at least one of them being green. 
• All balls must continue to gain height as they are passed through the team. 

After all, what’s software delivery without a stakeholder wanting to change their mind? The idea behind these rules was to break the established process, force change and to see what behaviours the scrum-experienced professionals would exhibit. 

Ball Point Game goals

The Ball Point Game’s ultimate goal was to teach participants the value of continuous process improvement through basic agile principles using the simulation of an agile production process, including: 

• Teamwork/shared goals 
• Retrospectives/problem-solving 
• Planning 
• Estimating based on experience. 

All processes have a natural velocity. To speed things up, it is often not a case of working harder or faster, but a case of changing the process. 

Key takeaways

After all Iterations were complete, we discussed the results and asked teams to contribute their experiences with the following questions:  

• Which Iteration felt as though it was the best/worst? 
• How important was the retrospective between Iterations? 
• What changes did you make? 
• How did the team make decisions – did anybody take charge? 
• Were all ideas heard within your teams? 
• Was there anything notable in determining your estimates? 
• Were improvements made by working harder or faster? 
• Did you observe/experience anything else of interest? 

With the additional requirements added: 

• Iterative development is also based on learning from the live product and adapting to what the customer and end user needs. 
• Without anything being live, there is nothing to learn from and no way for the product to adapt. 
• Sprint teams must adapt to estimating with new requirements versus estimating on a known repeatable task. 

Additional findings from the teams

• The short timings of Iteration planning, along with the input of additional requirements, seemed to force an intensity. This, in turn, forced out several negative behaviours that we have not experienced on the programme, however, recognised within this competitive environment. 
• Low sprint commitments despite the team feeling it was a known task. 
• Sprint teams stopping when hitting commitment as there was an assumption that the game goal of the exercise was to have a stable velocity. 
• Argumentative behaviours exemplified (not the usual collaborative approach we usually see). 
• A competitive nature towards the other sprint teams, prohibiting the sharing of lessons learned. While the rules never stated they were against each other, it was inherently assumed when splitting participants into teams and asking them to perform the same task. 

On a more positive note:  

• Many questions were asked about the requirements, with a focus on what the user/customers’ needs and problems were 
• Looking outside of the team for improvement inspiration despite its interpretation as spying. 
• Reflection on what we do in practice versus the theory/Agile beliefs 
• Great discussions around the overall value of sprinting and iterative delivery. 

If you wish to find out more about the Ball Point Game or run it yourself within your programme or teams, please get in touch. 

Setting the stage for AI and CRMs

The field of Machine learning and AI has evolved rapidly in the last few years, especially in fields where large quantities of data and quick response times to queries are crucial.

But given lots of these techniques and methods have been around for a much longer period, why has it taken so long for other industries outside of small start-ups and ambitious tech giants to leverage these methods in similar ways? 

CRM is an essential component of any company’s strategy. The ability to communicate with and understand customers is more important than ever due to the low barriers to entry in highly competitive global markets. Companies have only brief moments to convince customers that they are the right choice for shopping, spending time, or engaging. Optimising these initial and subsequent contacts is paramount to success. 

Beyond just expanding your customer base and attracting new clients, CRM is vital for any company’s retention strategy. The most advanced cutting-edge models in the world are utterly useless if we don’t know how to activate and capitalize on the value they represent. 

ML foundation for CRMs

In the CRM space our main goals are increasing consumer retention or spend, and we do this via figuring out the most effective ways to communicate with people. This can be broken down into when to speak to them, how to speak to them and why to speak to them.  

Recommendation engines lie at the core of many of these architectures, models that are designed to figure out what you want before you even know you want it. Broadly they work by looking at the kind of customer you are, then at customers like you, then finding things that they’ve bought recently that you haven’t.  

You can even simplify this down into just looking for customers who have an identical purchase history to you. Maybe a laptop you can buy on Amazon doesn’t come with a charger, so commonly when people buy this laptop their next purchase is a charger (You can often see this simple logic in the “People also bought” section of Amazon). But even these simple implementations are incredibly powerful in some ways, an educated guess is always going to be better than a random one. 

So how do these methods relate to CRM? Well, the general structure can be pulled away and applied to any subject.

When we think about how to engage with a customer, we’re going to look for ways we engaged with similar customers and how these performed. The customer who likes Sabrina Carpenter will probably need to be spoken to in a different way to the Motorhead fan. 

This is simple stuff, right? Well exactly, but it’s a method to show that the underlying AI processes in these platforms aren’t really all that complicated – there’s a lot of room for improvement especially when implementing bespoke solutions with larger data sets.  

The next (generative) step  

So, we already have ML methods that can tell us when and why to talk to people, great! But what’s the next step? 

All that’s left of our final stage is how to talk to them and what to say, stages which can and are currently being revolutionised by the advent of enterprise grade Generative AI. 

A current pipeline for devising CRM processes may involve creating template communications that are then populated with more specific information, for example customers in a certain segment defined by age and tenure are assigned one template and differing segments are shown another. 

This approach can be time consuming if it needs to be completed for each campaign, and may miss a level of personalisation that people will respond to, feeling as though each message is tailored to them rather than being an email blast they just happen to be caught up in. 

Skilled AI engineers armed with LLM’s can create a unique voice for each consumer, ensuring that quite literally all communication they will ever receive are exactly personalised to them and their engagement habits with your brand. 

Imagine attempting this even a few years ago, assigning a team of people to trawl through millions if not billions of rows of data to ensure that each customer got the perfect messaging for them would have been completely impossible. 

In practice this level of granularity in communications is probably unnecessary but it speaks to the potential these models have in this space – the sky truly is the limit. 

Even starting off small with these steps, giving a small part of a communication a generative component, allowing for large scale A/B testing and continuous model training, the effectiveness of these comms will improve over time. 

Freeing this time up from your CRM team will give them more time to tackle more involved problems that can’t be automated. 

If you need help on this journey for a better CRM, contact us here.

Key issues for countries and the businesses that operate within them to address in terms of climate change unfolded at the recent 28^th UN Climate Change Conference (COP28). These issues urge immediate and significant action to be taken on fossil fuels and clean energy, national adaptation and climate finance, methane reduction, land use and more.

What does environmental sustainability in business mean?

Environmental sustainability in business is the operation of a business that does not compromise the environment. A business that has considered environmental sustainability prioritises the environment’s best interest, with society and its ecosystems coming before making a profit. It involves responsible decision-making that minimizes carbon footprint or waste while simultaneously improving the quality of life for humankind and the natural world alike.

Unfortunately, however, operating businesses as usual has had an increasingly detrimental impact on our planet. According to the latest State of the Global Climate report by the WMO, 2023 was the warmest year on record at about 1.4C,increasing pressure to shift their operations to more environmentally sustainable practices. This inevitably causes businesses to consider—where do we start? How do we begin making a difference?

What is the importance of environmental sustainability in business?

According to an article published by Maryville University, businesses that do not act responsibly will result in “the majority of many species not surviving past the 21st century”, reiterating how critical it is for businesses within every industry to take part in improving their environmental surroundings.

Although companies have a way to go before fully grasping the repercussions of ever-growing carbon footprints, those willing to tackle this challenge early on will get a head start on reshaping perspectives and realities.

Environmental sustainability in business practices

Businesses can rely on the three R’s– reduce, reuse and recycle– to begin reducing their environmental impact. However, there are several other examples of practices that businesses can incorporate into their operations amplify their reduction, including:

• Life cycle assessments
• Designing environmentally friendly products/services
• Optimising product efficiency
• Decreasing supply chain carbon footprint
• Re-evaluating CSR (Corporate Social Responsibility) expenses

Benefits of environmental sustainability in business

Reduces the impact of business costs

While the cost-of-living crisis is skyrocketing, improving the energy efficiency of business operations and decreasing waste will go a long a way in bracing for the impact of unexpected business costs. Using more energy efficient lighting or reusing existing resources can be quick-fix solutions for lowering costs.

Improves a business’ reputation

Environmentally sustainable businesses are viewed as a plus, and companies are eager to highlight this fact. Companies that can go “green” show that they’re serious about making a difference in the environment and are interested in more than just profitability. Businesses that can market themselves and develop their identity around their commitment to the betterment of the planet will notice incredible results in terms of their reputation.

Who is responsible for improving environmental sustainability in a business?

Businesses have been expected to pave the way towards environmental sustainability due to their notably significant contribution towards polluting the environment through waste, gas emissions and plastics generated. The responsibility does not necessarily begin with one individual within a business though– employees at every level of the business must work together to bring about change. A few examples include:

• Business owners and leaders: Business owners and leaders are typically capable of leading strategic decision-making that influences the wider business. They can develop effective sustainability strategies and initiatives that have the power to change policy and induce change.
• Business managers and supervisors: Managers and supervisors can supply valuable insights due to their more hands-on roles. They also typically have different perspectives and understandings as to how to improve business sustainability.
• Employees: Employees can supply valuable contributions when encouraged to voice their opinions and concerns on how the business can become more sustainable.

Impact of environmental sustainability in business

The Department for Business, Energy and Industrial Strategy is striving to reach net zero carbon emissions by 2050. It’s going to take strong leadership, business-wide alignment on operations and an engaged corporate culture to successfully execute and maintain environmentally sustainable business practices. Businesses that start addressing these issues and challenge existing business processes will find themselves making a breakthrough towards becoming more environmentally sustainable while protecting the world around them.

How can CACI help you overcome these obstacles?

Our newly developed Mood Environmental Hub helps track all of your assets across multiple geographic locations and assess the environmental impact of your business.

With a single click, users can drill down from multi-site, business-level functions, to departments or even individual teams to determine asset types and locations, enabling a quick assessment of priority focus areas for improvement. It can also visualise existing data through user-friendly dashboards that show carbon impact, consumption and cost at an enterprise level.

The advanced modelling feature also outlines potential improvements, indicating ROI and carbon reduction impact. Additionally, you can easily check performance against carbon commitments such as Social Value through the initiatives tracker.

Producing carbon reduction target tracking reports or modelling for a business case is now a click away – to see how it works, you can book a demo here.

Entering a new era of communications security

Following the introduction of the Telecommunications (Security) Act in November 2021, telecommunications providers large and small must now comply with ‘one of the toughest telecoms security regimes in the world’ or risk financial penalties up to £10m.

The UK government has marked out ambitious targets to connect 15 million premises to full fibre by 2025, with nationwide connection expected to be delivered by 2033. While much of the population is to be covered by 5G networks by 2027.1 Bringing far more than just increased speed, 5G will soon be central to daily life in the UK – from connective vehicles to smart factory production lines.

Yet, as the advancement in network technology accelerates and becomes further embedded in our daily lives, the threats posed from nation states and cyber criminals continue to grow. Research by Skybox Security reported a 106% increase in malware and a record-breaking 18,341 new vulnerabilities in 2020.2 Despite this, findings from the 2019 UK Telecoms Supply Chain Review Report carried out by the Department for Digital, Culture, Media & Sport (DCMS) revealed that there was little to incentivise communications providers to manage cyber security risks.

Additionally, the lack of diversity across the UK telecoms supply chain raises the possibility of critical national infrastructure balancing on single suppliers, posing a range of risks to the security and resilience of UK telecommunications networks.

Introduced into UK law in November 2021, the UK Telecommunications (Security) Act aims to tackle the risks highlighted in the Telecoms Supply Chain Review Report by raising the bar on telecommunications network security. A core element of The Act is the establishment of a new regulatory framework for telecommunications security. The framework comprises three key components:

1. New Telecoms Security Requirements (TSR)

At the heart of the framework, the TSR marks a significant shift away from The National Cyber Security Centre (NCSC)’s now closed telecoms assurance standard model known as CAS(T). Overseen by Ofcom and Government, the new requirements will provide clarity on how providers will be expected to design and manage their networks to ensure they’re meeting the new higher bar of network security standards.

2. Establishing an enhanced legislative framework

In addition to statutory compliance of the TSR, the Act strengthens Ofcom powers to enable monitoring and assessment of operators’ security. This is to include technical testing, interviewing staff, and entering providers’ premises to view equipment and documentation. Failure to meet the new legal duties could leave providers facing hefty fines of up to ten per cent of turnover, or £100,000 per day if directives continue to be contravened.

3. Managing the security risks posed by suppliers

Telecommunications providers will need to ensure that they are managing the security risks posed by all suppliers. This will be addressed by:

• Working closely with vendors on assurance testing of equipment, systems, and software
• New powers for the government to impose controls on telecommunications providers’ use of goods, services or facilities supplied by ‘high risk’ vendors.

Security-first is the new mantra across the industry as minimising risks to critical national infrastructure will soon become part of day-to-day operations. Bringing together legal, technical and industry perspectives, this report explores the opportunities and obstacles ahead, and how to chart your course for success in the new security era.

Telecoms (Security) Act: Three Pillars

Key considerations for communications leaders

Clear visibility is critical

Protecting your network, applications and data has never been more critical. However, blind spots, missing data, and the risk of dropped packets make management and protection of these challenging, not to mention the scale and complexity of many providers’ hybrid network infrastructure. Nonetheless, providers must ensure they are able to monitor security across the entirety of their network and can act quickly when issues arise.

Security and service quality will need to be carefully balanced

Whilst enhancing security is the ultimate goal of The Act, this cannot be at the cost of network performance. Outages themselves can put providers in breach of the regulations. Security scans are a key line of defence for network security, helping to identify vulnerabilities which can be exploited if the correct mitigation steps aren’t followed, so ensuring you have a robust vulnerability management process is critical. Incorporating the right vulnerability scanning tools and following the required change management processes to correctly implement tools will help to secure your network whilst minimising any potential performance impact to your existing infrastructure or service outages.

Auditing abilities are a new superpower

Demonstrating compliance with the new legislation may pose a significant challenge to providers, particularly as they attempt to flow down security standards and audit requirements into the supply chain. However, implementation of robust auditing processes to identify and eliminate weaknesses and vulnerabilities are a must for keeping providers on the right side of the regulations.

Knowledge is power

With any significant legislature change comes a period of uncertainty as businesses adapt to change, so getting to grips with the new regulation changes ahead of the game is key. Many providers have already begun the search for talent with the technical skills and experience to deliver their TSR programmes; however, with the jobs market at boiling point, some providers may find utilising external partnerships provides a more practical route to successful delivery as well as a means to upskill and educate internal teams.

You’ll be tested

In 2019, OFCOM took over TBEST – the intelligence-led penetration testing scheme – from DCMS and has been working with select providers on implementation of the scheme. Whether through TBEST or not, providers will be expected to carry out tests that are as close to ‘real life’ attacks as possible.

The difficulty will be in satisfying the requirement: “that the manner in which the tests are to be carried out is not made known to the persons involved in identifying and responding to security compromises.” Providers may need to work with an independent vendor to ensure compliant testing.

Costs are still unclear

While the costs for complying with the new regulations are still undermined, an earlier impact assessment of the proposed legislation carried out by the government indicated that initial costs are likely to be hefty: “Feedback from bilateral discussions with Tier 1 operators have indicated that the costs of implementing the NCSC TSR would be significant. The scale of these costs is likely to differ by size of operator and could be of the scale of over £10 million in one off costs.”

Culture may challenge change

Technology will, of course, be at the forefront of communications leaders’ minds, yet the cultural changes required to successfully embed a security-first mindset are of equal importance and must be considered in equal measure. Change is never easy, particularly when there is a fixed deadline in place; however, delivery that is well designed and meticulously planned is key. Ultimately, the onus will be on leaders to craft a clear vision – achieving network security that is intrinsic by design – as well as mapping out the road to get there.

Roadmap to Compliance: How to prepare for the regulatory road ahead

Identify your gaps

Understanding your current state is the first step in achieving a successful transformation. A full audit of your security strategies, plans, policies, and effectiveness will expose your weaknesses and gaps, enabling you to take the right actions to protect your business and ensure compliance.

Prioritise your most pressing threats

While gathering data can provide better visibility of your network, taking reactive action to lower your risk isn’t the most efficient approach. Establishing levels of prioritisation will ensure your resources are being used to reduce risk in the right areas.

Get the right people in place

From gap analysis to operating model design, programme delivery, and reshoring, it’s likely you’ll need more people in place and new competencies developed. Getting the right partnerships and people now is key to getting ahead.

Plan to avoid legacy issues

Today’s telecommunications industry is built on multi-generational networks and legacy systems continue to underpin critical infrastructure. While extracting these systems is not going to happen overnight, dealing with your legacy should be an integral part of planning

Implement transparent designs

Failing to disclose evidence of a breach could result in a £10m fine, so built in transparency and traceability are key to your programme. Consider the likely information requests that are to come to ensure your design changes enable clear tracking and reporting.

Embed a security-first focus

Mitigating the risks facing the UK’s critical national infrastructure is the driving force behind the TSRs, and telecommunications providers will need to ensure that this mindset is embedded in the everyday. Buy-in from the business is core to any cultural shift, so align your leadership with a shared, cross-functional vision and get some early delivery going to build gradual momentum.

Prepare for future cybersecurity legislation

In November 2021, the Government announced The Product Security and Telecommunications Infrastructure Bill (the PSTI) to ensure consumers’ connected and connectable devices comply with tougher cybersecurity standards. As cybersecurity evolves, so too will the threats to organisations, and telecommunications providers must be prepared for more regulatory oversight.

Embrace the benefits of built-in security

Ultimately, security that is built in rather than bolted on will enable providers to offer better protection and performance for customers, as well as foster trust with greater transparency. While the industry may not have been seeking the Telecoms Security Act, its passing prompts action to remove the constraints of old and reimagine and reshape to seize the opportunities of a new era.

Start your security transformation now: How CACI can help

The Telecoms Security Act is clear – security is everyone’s priority, from executive to employee. However, embedding a security conscious culture from top to bottom requires significant resource and expertise to steer towards success. With the clock already counting down, telecommunications providers are under pressure to begin their TSR compliance journey whilst ensuring that existing change programmes stay on track.

In today’s global market where demand for security resource and competence is fierce and available talent is few and far between, companies may struggle to find the in-house resources and expertise required to meet the new regulations. With over 20 years’ experience in telecommunications, CACI can guide you through the challenges and change brought by the TSR. From auditing your current security and addressing shortfalls to full Telecoms Security Framework implementation guidance and upskilling of your internal resource, our highly experienced security and compliance experts can help prepare your organisation for the new security era.

Contact us

If you’re looking for help with your security needs and TSR compliance, please contact our expert team today.

The introduction of The Telecommunications (Security) Act into UK law late last year marked the arrival of a new era of security for the telecommunications sector, where everyone – from executive to employee – is responsible for protecting the UK’s critical network infrastructure against cyber attacks.

However, embedding a security conscious culture from top to bottom requires significant resource and expertise to steer towards success. With the clock already counting down, telecommunications providers are under pressure to begin their TSR compliance journey whilst ensuring that existing change programmes stay on track.

Here, we consider the key considerations for communications leaders to ensure successful navigation and utilisation of the obstacles and opportunities that lie ahead.

Clear visibility is critical

Protecting your network, applications and data has never been more critical. However, blind spots, missing data, and the risk of dropped packets make management and protection of these challenging, not to mention the scale and complexity of many providers’ hybrid network infrastructure.

Nonetheless, providers must ensure they are able to monitor security across the entirety of their network and can act quickly when issues arise.

Security and service quality will need to be carefully balanced

Whilst enhancing security is the ultimate goal of the Act, this cannot be at the cost of network performance. Outages themselves can put providers in breach of the regulations.

Security scanners are a key line of defence for network security, helping to identify known vulnerabilities which can be exploited if the correct mitigation steps aren’t followed, so ensuring you have a robust vulnerability management process is critical.

Incorporating the right vulnerability scanning tools and following the required change management processes to correctly implement tools will help to secure your network whilst minimising any potential performance impact to your existing infrastructure or service outages.

Auditing abilities are a new superpower

Demonstrating compliance with the new legislation may pose a significant challenge to providers, particularly as they attempt to flow down security standards and audit requirements into the supply chain.

However, implementation of robust auditing processes to identify and eliminate weaknesses and vulnerabilities are a must for keeping providers on the right side of the regulations.

Knowledge is power

With any significant legislature change comes a period of uncertainty as businesses adapt to change, so getting to grips with the new regulation changes ahead of the game is key.

Many providers have already begun the search for talent with the technical skills and experience to deliver their TSR programmes; however, with the jobs market at boiling point, some providers may find utilising external partnerships provides a more practical route to successful delivery as well as a means to upskill and educate internal teams.

You’ll be tested

In 2019, OFCOM took over TBEST – the intelligence-led penetration testing scheme – from DCMS and has been working with select providers on implementation of the scheme.

Whether through TBEST or not, providers will be expected to carry out tests that are as close to ‘real life’ attacks as possible. The difficulty will be in satisfying the requirement that “the manner in which the tests are to be carried out is not made known to the persons involved in identifying and responding to security compromises.”[1] Providers may need to work with an independent vendor to ensure compliant testing.

Costs are still unclear

While the costs for complying with the new regulations are still undermined, an earlier impact assessment of the proposed legislation carried out by the government indicated that initial costs are likely to be hefty: “Feedback from bilateral discussions with Tier 1 operators have indicated that the costs of implementing the NCSC TSR would be significant. The scale of these costs is likely to differ by size of operator and could be of the scale of over £10 million in one off costs.”[2].

Culture may challenge change

Technology will, of course, be at the forefront of communications leaders’ minds, yet the cultural changes required to successfully embed a security-first mindset are of equal importance and must be considered in equal measure. Change is never easy, particularly when there is a fixed deadline in place; however, delivery that is well-designed and meticulously planned is key.

Ultimately, the onus will be on leaders to craft a clear vision – achieving network security that is intrinsic by design – as well as mapping out the road to get there.

Looking for more information about TSR? Download The impact and opportunities of the Telecoms Security Requirements report.

[1] The Electronic Communications (Security Measures) Regulations 2021 [draft] 

[2] The Telecommunications Security Bill 2020: The Telecoms Security legislation