Public Opinion Pros

Main Menu

  • Home
  • Public communication
  • Public education
  • Public consultation
  • Public library
  • Public service

Public Opinion Pros

Header Banner

Public Opinion Pros

  • Home
  • Public communication
  • Public education
  • Public consultation
  • Public library
  • Public service
Public consultation
Home›Public consultation›DCMS launches public consultation on telecommunications security • The Register

DCMS launches public consultation on telecommunications security • The Register

By Lenny A. Brown
March 3, 2022
0
0

As the world watches Ukraine, the UK government has quietly dropped the requirement for mass surveillance of UK internet users by their service providers.

A public consultation on the Electronic Communications (Security Precautions) Regulations 2022, currently in draft, has revealed that a controversial plan to reinstate monitoring of internet login records has been scrapped after ISPs rejected it.

The latest version of the regulations, released this week, now says the 13-month logging requirement only applies to the monitoring of “critical security functions” of telecom carrier and ISP networks.

In a draft code of practice published at the same time, there is a clear explanation that the legally required monitoring is intended to assist “post-incident analysis and other similar activities”.

“Network equipment logs in security-critical functions must be fully recorded and made available for auditing for 13 months,” the code explained. Large ISPs have until 2025 to implement such logging, while smaller companies have five years to upgrade.

The broader consultation covers security as a whole, ranging from supply chain (a coded reference to Huawei and other Chinese vendors) to network security of the familiar type to Register readers.

“This consultation aims to obtain informed opinions from Ofcom, network and utility providers, and those who may have experience in these matters,” says the consultation page on GOV.UK.

The news will come as a relief to the public; when the 13-month requirement was first raised last year, the language was significantly looser and risked introducing a new layer of mass population surveillance. The dismay of the professional body ISP Association (ISPA) has led to a change in legislative language that will undoubtedly make it easier to deploy targeted security measures for a positive purpose that all can agree on. Rather than, say, using security as a fig leaf to harm users by creating even larger stores of data about their internet usage history.

Warren O’Driscoll, head of security consulting at management consultancy NTT DATA UK, said in a statement: “There is still uncertainty about the final measures, and it is likely that operators of telecommunications will fall back on the most difficult or the most expensive. aspects of implementation.

He continued: “While a few operators might be tempted to drag their feet or do the bare minimum until this legislation officially comes into force, concerted action is needed across the industry to increase its overall maturity. in security, especially given the ever-evolving nature of cyber threats Regulations can often lead to tick box behaviors, with companies paying lip service to regulations or adopting band-aid approaches .

In a statement, the Department for Digital, Culture, Media and Sport (DCMS) said its consultation was “seeking advice on plans to place telecommunications providers into three ‘tiers'” after the Last year’s telecom supply chain review told officials that smaller operators are less worried. on security than the government would like.

“Businesses that fail to comply could face fines of up to 10% of turnover or, in the event of continued breach, £100,000 per day,” the department blasted.

As is current legislative fashion, Ofcom, which apparently already does everything from internet censorship to radio spectrum licensing to enforcement of TV advertising standards laws, will monitor and assess also now the security posture of telecommunications providers.

Dr. Ian Levy, chief technician at the National Cyber ​​Security Center (NCSC), said in a canned statement: “As our reliance on [telecoms networks] develops, we need confidence in their security and reliability, which is why I welcome these regulatory proposals aimed at fundamentally changing the basis of telecommunications security. »

Cisco last year blew the lid on the proposed early-stage changes by releasing details of how it would comply with what was known at the time as the Vendor Annex, a document written by the NCSC explaining precisely what the government wants to see from suppliers supplying the telecommunications market. ®


Source link

Related posts:

  1. A public consultation on the future of the Island school will be considered
  2. Highland Council to expand public consultation on planned road developments in the region of Inshes to Inverness
  3. Public consultation plans on the future of Chillerton and Rookley elementary school
  4. Ennis pedestrianization request leads to calls for in-depth public consultation
Tagspublic consultation

Categories

  • Public communication
  • Public consultation
  • Public education
  • Public library
  • Public service

Archives

  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • October 2020
  • September 2020
  • August 2020
  • March 2020
  • February 2020
  • December 2019
  • December 2018
  • October 2018
  • September 2018
  • May 2018
  • July 2017
  • May 2017
  • June 2016
  • October 2013
  • July 2013
  • June 2013
  • May 2011

Recent Posts

  • Evanston Public Library announces summer reading programs for children Evanston Public Library hosts reading programs for young people
  • Flint Public Library reopens after multi-million dollar renovation project
  • Singapore launches public consultation for health reform on preventive care
  • OfReg public consultation on updates to outage reporting rules
  • 2022-05-16 | NDAQ:APEI | Press release
  • Privacy Policy
  • Terms and Conditions