Telecommunications Regulatory Authority (TRA) Bahrain has issued a new regulation on critical telecommunications infrastructure risk management. TRA conducted a preliminary study back in 2015 where it assessed the security risks posed on critical telecoms infrastructure (CTI) in Bahrain, highlighting the extent of the potential negative effect these security risks could possibly have on the prosperity and economic well-being of the kingdom.
CTI is essential to the maintenance of vital societal functions related to health, safety, national security, economic or social well-being of people, and the disruption or destruction of which would have a significant impact, TRA said. The study also highlighted the importance of conducting security risk assessments on such infrastructures to ensure the continued operation of telecommunication services, it said.
“This is a major step forward for Bahrain as no such legislation existed previously in the kingdom, or even the region,” said TRA Director of Cyber Security, Dr Khalid bin Duaij Al Khalifa. “With this regulatory measure, we can evaluate and determine how key telecoms infrastructure measures up against international cybersecurity best practices and address any gaps, in addition to ensuring that service providers of public telecommunications networks take reasonable steps to mitigate the rising cyber-risks associated with the use of telecommunications devices and services. It’s vital to Bahrain’s continuity that all participants in the sector remain prepared to detect and respond to cyber incidents and breaches swiftly and effectively, and this regulation will enable us to facilitate cooperation between and amongst licensees with all relevant authorities,” he further added.
The TRA intends to work with licensees to make certain telecom infrastructure is safeguarded and that business continuity and disaster recovery plans are put into place. TRA also aims to maintain the essential telecommunications services in the face of threats, by imposing a minimum set of obligations on key telecommunications infrastructure owners and service providers. These obligations will introduce the necessary resilience and emergency planning measures required to mitigate the risks posed by the rising cyber threats critical telecommunications networks face on a daily basis, it said.
In addition, TRA will establish procedures for the reporting of data breaches to the authority. This regulation and the work involved will assist in the implementation of the Fourth National Telecommunications Plan (NTP4) as part of the TRA’s preparedness to manage the Security of National Electronic Communications Networks and Services in Bahrain to insure that its critical telecommunication infrastructures are as secure and resilient as possible, the statement said.