Question to the Department for Science, Innovation & Technology:
To ask the Secretary of State for Science, Technology and Innovation, whether her Department has made an assessment of the potential impact of a cyber attack on the rollout of the Digital Voice services.
Ofcom is responsible for ensuring telecoms providers adhere to their regulatory obligations throughout the migration process. Ofcom has published guidance which states that providers must take steps to identify and protect at-risk consumers who are dependent on their landline. Providers have a range of solutions to ensure vulnerable consumers receive additional support. These options include, among others, free battery back-up units to engineer supported installations or hybrid landline phones. The Government is working together with Ofcom to ensure customers receive appropriate levels of communication and vulnerable consumers are protected.
Furthermore, the Department meets regularly with Communications Providers to discuss the progress made in migrating their customers, and to ensure they have adequate plans in place to inform and protect vulnerable consumers.
While the PSTN migration is an industry-led process, industry is accountable to Ofcom in ensuring the security of any new technologies used in their network.
The Government is committed to ensuring the security and resilience of the UK’s telecommunications networks and services. Since October 2022, public telecommunications providers have been required under the Communications Act 2003 (as amended by the Telecommunications (Security) Act 2021) to identify and reduce the risk of a wide range of security compromises. The specific requirements providers must follow are set out in the Electronic Communications (Security Measures) Regulations 2022, with accompany technical guidance in a code of practice. Ofcom has also been given powers and duties to investigate, rectify, and penalise any infringement of the statutory security and resilience obligations of network providers.
DSIT also works closely with the National Cyber Security Centre, the UK’s technical authority for cyber security, on issues related to the cyber security of the UK's telecoms network. The NCSC is responsible for helping to protect the UK’s critical services from cyber attacks, manage major incidents, and improve the underlying security of the UK's telecoms networks through technological improvement and advice to citizens and organisations. The NCSC issues a range of guidance on its website to support organisations in ensuring secure design and management of their networks.