Digital News Bytes March 2022
Cyberattack preparedness: Google Cloud bolsters cybersecurity offering – As the world watches the use of DDoS attacks being rolled out as a tool of digital warfare in the Ukrainian-Russian conflict, Google has this month announced the US$5.4bn acquisition of cybersecurity firm Mandiant. Mandiant would help Google customers prepare for or deal with cyberattacks as part of the Google Cloud offering (assuming the acquisition is approved by regulators). According to the CEO of Mandiant, cybersecurity is one of the most important missions of our generation. Certainly, the price that Google was willing to pay to bolster its cyberattack preparedness services seems to underscore that – and is also consistent with a Gartner report on 2022 security challenges for digital enterprises, which underlines the growing threat of increasingly sophisticated ransomware, and attacks on the digital supply chain. However, in parallel with necessary capex/opex investment in new systems/platforms, the Gartner report also highlights the need for businesses to undertake internal operational and cultural changes to effectively integrate cyber preparedness strategies for the digital age.
The UK Telecoms (Security) Act 2021: Ofcom’s proposed compliance policy – As we have seen above, security remains at the forefront of a digital world, none more so than network security. Ofcom is consulting on new guidance for telecoms providers, following the introduction of the Telecommunications (Security) Act 2021 regarding the security of public electronic communications services and networks in the UK. Recognising the challenges that companies will face in trying to get to grips with their new security and resilience obligations, Ofcom is proposing a collaborative and proportionate approach to enforcement to encourage compliance and remove the need for regulatory investigations. Its policy also reflects turnover-based compliance tiers for operators – in line with proposed government recommendations – intended to “balance the need for security with the size and criticality of the networks and services involved”. Given the industry pushback and controversy surrounding the proposed introduction of the Act, and the threat of a sanction of up to 10% of global turnover for non-compliance, this will hopefully go some way towards smoothing the pathway for this step-change in network standards as the Act comes into force this year.
Mobile World Congress promotes “Connectivity unleashed” theme –In a post-pandemic world, MWC returned to its physical home in Barcelona and showcased the best mobile innovations and trends for 2022 under the theme of “Connectivity unleashed”. Similarities with the last event in 2019 was seen in some of the themes discussed – such as, 5G monetisation and the emergence of standalone 5G use cases, cloud as an enabler of digital transformation, and applications for VR/AR devices. But innovation was also clear to see in the intervening two years, particularly through the rise of private 5G networks for adoption by enterprises as an extension of cloud (and private 5G-as-a-service), the use of AI and IoT to tackle sustainability and energy efficiencies, and the 5G network as a cloud-native platform (built as a platform on cloud infrastructure). Global digital inclusivity was also not forgotten, and digital policies to speed post-Covid recovery. It has also been reported that, somewhat fortuitously, MWC may have provided the forum for European policymakers and telecoms operators to agree a joint policy for helping the humanitarian effort in Ukraine (e.g. by agreeing free international calls) – bringing real life meaning to the conference’s strapline this year.
Cyberattack preparedness: Google Cloud bolsters cybersecurity offering –Advancing digitalisation, a shift to the cloud and post-pandemic working practices means that enterprises will need to evolve their security strategies to meet the evergrowing cybersecurity threat. According to a report by Gartner on top security and risk management trends for 2022, key trends enterprises will face include sophisticated ransomware, and attacks on the digital supply chain, as the “attack surfaces” of businesses increase to reflect the use of “cyber-physical systems” (such as, IoT, open-source code, cloud applications, complex digital supply chains, and social media).
Perhaps unsurprisingly, therefore, Google Cloud has this month announced the $5.4bn purchase of cybersecurity consultancy, Mandiant, to boolster its Google Cloud offering.
“Organizations around the world are facing unprecedented cybersecurity challenges as the sophistication and severity of attacks that were previously used to target major governments are now being used to target companies in every industry,” the CEO of Google Cloud said in a statement.
The Mandiant CEO described cyber security as “one of the most important [missions] of our generation.” Mandiant also highlighted the need for companies increasing their digital footprint to think differently about their approach to digital security by “effectively, efficiently and continuously manage and configure their complex mix of security products”.
There is certainly much to be said about the need to integrate a cyber security strategy into any digital transformation or digitalisation project, but also to recognise that – aside from the capex and opex commitments – there are also cultural and operational changes needed within any organisation to be prepared to meet the digital challenges posed by cyber criminals. Indeed, as the Gartner 2022 report highlights, there is particularly a need for the traditional CISO role to be reinvented from technical expert to executive risk manager who empowers senior management to take informed risk decisions, as well as taking a new look at how to control data breaches driven by human error.
Telecoms (Security) Act 2021: Ofcom’s proposed compliance policy –The Telecommunications (Security) Act 2021 sets out a new framework of rules which will govern the security of public electronic communications services and networks in the UK. Under the Act, which passed into law last year, Ofcom has a duty to ensure providers comply with their security duties, including as to the availability, performance or functionality of the network or service. Telecoms providers will also be expected to report significant security breaches.
Ofcom has this month published its consultation on how it proposes a collaborative and proportionate approach to enforcement to encourage compliance and remove the need for regulatory investigations.
Importantly, Ofcom’s policy reflects a three-tier approach to compliance based on turnover thresholds proposed by the government in a new draft Code of Practice (further described below), and it has proposed a timeline for assessment of which providers fall into which tiers:
• Tier 1 (relevant turnover of > £1bn): The UK’s major fixed and mobile providers whose availability and security is likely to be critical to consumers and businesses in the UK.
• Tier 2 (relevant turnover of £50m-£1bn): Medium sized providers who are likely to be critical to regional and business connectivity. These providers will be given 2 years longer than Tier 1s to implement the measures it contains.
• Tier 3 (relevant turnover below £50m): This is the long tail of smaller providers, including small and micro businesses. Although the overarching duties in the Act apply to all such companies, micro-entities are exempt from the Regulations.
In parallel with Ofcom’s consultation, the DCMS has issued a consultation with two draft documents designed to provide additional detail on the requirements on telecoms providers under the Act, assisting with smoothing the pathway to compliance:
• a new Code of Practice giving technical guidance on how telecoms providers can meet their obligations under the Act and setting out the proposed three-tiered approach to compliance outlined above (and including a series of actions which could be taken by providers to demonstrate compliance with the Act’s measures)
• draft regulations detailing specific security requirements – designed to mitigate the impact of specific risks in public telecoms networks and services – grouped around different network or service features (for example, network architecture or the supply chain), or around the objectives they seek to achieve (for example, ensuring adequate competency of responsible persons and security reviews to learn about risks and keep pace with improvements).
Given that the proposed introduction of the Telecoms Security Act and its step-change approach to network security standards by telecoms providers has not been without its controversy and industry push-back, it is to be hoped that the tiered approach put forward by the government will go some way towards smoothing the introduction of this new regime as the Act comes into force this year.
Mobile World Congress –Making its post-pandemic return, the GSMA estimated that 60,000 attendees made their way to this year’s defining industry event in Barcelona, Mobile World Congress 2022. The broad banner theme was Connectivity Unleashed, looking at connected tech, connected industries and the 5G ecosystem in particular. Buzzwords and phrases to take note of included hyperconnectivity in a hyperreal world…
Some similarities with the last event in 2019 can be seen in the themes being discussed – 5G monetisation and the emergence of standalone 5G use cases, multi-vendor virtualised/Open RAN networks, AI advancements, cloud as an enabler of digital transformation, and the growth of VR/AR devices and applications. But innovation was still clear to see in the intervening years, particularly through:
• the impact of start-ups in developing new Open RAN technologies
• the rise of private 5G networks for adoption by enterprises as an extension of cloud (and private 5G-as-a-service)
• the use of AI and IoT to tackle sustainability and energy efficiencies and
• the 5G network as a cloud-native platform (built as a platform on cloud infrastructure).
GSMA Ministerial themes included global digital inclusivity – with the GSMA highlighting that just under half of the world is unconnected online and operators flagging the need for public-private collaboration to harness greater investment – and digital policies to speed post-Covid recovery.
In what has been another defining year for mobile telecoms, it is good to see that commitment and enthusiasm for innovation and investment remains unwaning.