Eight crucial steps for Telcos to get TSR ready

Following the introduction of the Telecommunications (Security) Act into UK law in late 2021, all telecommunications providers will soon need to comply with ‘one of the toughest telecoms security regimes in the world’ or risk financial penalties up to £10m.

With the clock counting down for Telcos to enter a new era of security, we consider the critical steps for providers to prepare for the regulatory road ahead.

1. Identify your gaps

Understanding your current state is the first step in achieving a successful transformation. A full audit of your security strategies, plans, policies, and effectiveness will expose your weaknesses and gaps, enabling you to take the right actions to protect your business and ensure compliance.

2. Prioritise your most pressing threats

While gathering data can provide better visibility of your network, taking reactive action to lower your risk isn’t the most efficient approach. Establishing levels of prioritisation will ensure your resources are being used to reduce risk in the right areas.

3. Get the right people in place

From gap analysis to operating model design, programme delivery, and reshoring, it’s likely you’ll need more people in place and new competencies developed. Getting the right partnerships and people now is key to getting ahead.

4. Incorporate legacy issues into your planning

Today’s telecommunications industry is built on multi-generational networks, and legacy systems continue to underpin critical infrastructure. While extracting these systems is not going to happen overnight, dealing with your legacy infrastructure should be an integral part of planning your implementation of the new Telecoms Security Framework.

5. Implement transparent designs

Failing to disclose evidence of a breach could result in a £10m fine, so built in transparency and traceability are key to your programme. Consider the likely information requests that are to come to ensure your design changes enable clear tracking and reporting.

6. Embed a security-first focus

Mitigating the risks facing the UK’s critical national infrastructure is the driving force behind the TSRs, and telecommunications providers will need to ensure that this mindset is embedded in the everyday. Buy-in from the business is core to any cultural shift, so align your leadership with a shared, cross-functional vision and get some early delivery going to build gradual momentum.

7. Prepare for more legislation

In November 2021, the Government announced The Product Security and Telecommunications Infrastructure Bill (the PSTI) to ensure consumers’ connected and connectable devices comply with tougher cybersecurity standards. As cybersecurity evolves, so will the threats to organisations, and telecommunications providers must be prepared for more regulatory oversight.

8. Embrace the benefits of built-in security

Ultimately, security that is built in rather than bolted on will enable providers to offer better protection and performance for customers, as well as foster trust with greater transparency. While the industry may not have been seeking the Telecoms Security Act, its passing prompt action to remove the constraints of old and reimagine and reshape to seize the opportunities of a new era.

For more information about TSR, download The impact and opportunities of the Telecoms Security Requirements report.