Legal and Regulatory aspects relating to the physical security of the telecommunications infrastructure used for critical communication services

Evidence from around the world indicates that threats to Mobile Network Operators (MNOs) are increasing, including to their physical infrastructure. On the other hand, critical communications are transitioning from legacy networks, primarily operated by governments, to broadband networks, in which key components such as Radio Access Networks are procured from MNOs or dedicated infrastructure providers. The combined effect of these two trends requires critical communications operators to pay special attention to the security of the physical infrastructure that is used for critical communications.

Given the importance of the topic, TCCA’s Legal & Regulatory Working Group (LRWG) developed this white paper, starting with a survey of the legal and operational frameworks in the member countries of the LRWG. As the laws and regulations amend and update dynamically, the survey outcomes that formed the basis of this paper were the position as of 31 January 2025.

The survey identified two potential approaches: impose security obligations through legislation/regulation, or rely on provisions in the contract between the critical communications operator and the MNO/infrastructure provider. The LRWG’s assessment is that while each approach has advantages and disadvantages, a combination of these two, whereby legislation/regulation impose a minimum standard on which contractual terms build additional/advanced obligations, would serve the interests of the critical communication services best. As new legal/regulatory obligations on physical security would require additional investment, in what proportion that cost should be borne by the parties could ideally be set by the legislation/regulation in a proportional manner.

The European Critical Communication System (EUCCS) aims to set up a European-wide mission critical communication network that is based on national critical communications networks. It will require a common standard in physical security across all the participating critical communications networks, which can be ensured by the two-pronged approach stated above.

Though new legal/regulatory obligations on physical security would increase the costs and compliances of MNOs/infrastructure providers that provide services for critical communications, it would also have a salutary effect due to the improved standards of security in the network. It is highly likely that thebconsumers, particularly the business customers, will start demanding greater reassurances on all aspects of security in the network including of the physical infrastructure. From a wider national perspective, governments have started taking steps to ensure security of networks which will be complemented by legislative/regulatory obligations on infrastructure used for critical communications.

This paper is intended to draw the attention of the critical communications community to the importance of the issue of physical security and to generate a wide discourse which, it is hoped, will result in a global standard on a baseline on physical security of infrastructure supporting critical communications.

In 2020 a bomb explosion at a central hub of the critical communications provider of a major developed country left emergency officials cut off from the outside world and public without access to emergency services. This incident demonstrates very strongly and very clearly the criticality of the security of physical infrastructure to the proper functioning of critical communications. Incidents of damage to undersea telecommunication cables connecting Nordic and Baltic states provide further evidence of the need to protect the physical infrastructure.

TCCA’s LRWG has developed this white paper to highlight the importance of the security of physical infrastructure, as the LRWG is of the view that it is a topic to which more attention should be paid. This paper focuses on the physical security of telecommunications infrastructure, in order to facilitate further discussions in the critical communication community which it is hoped will result in a global standard on the baseline of physical security of infrastructure supporting critical communications. There are many other facets to the security of critical communication services including data/cybersecurity, which will be examined in other publications.

Most of the current critical communication networks using such technologies as TETRA, Tetrapol and P25, are owned and operated by the state. As such, their physical security is assured by the state to the extent deemed necessary. However, the ongoing transition from these networks to broadband networks has changed the operating model, as governmental agencies providing critical communication services will rely on MNO networks to some extent, including the Radio Access Network (RAN). In some instances, the critical communications services may procure services directly from infrastructure providers who are not MNOs, similar to the way MNOs procure services from them. The discussion of this paper is equally applicable to such infrastructure providers as it is to MNOs. Thus, the physical security of these network elements is of paramount importance. However, it is debatable whether the measures that MNOs are currently adopting in this regard are sufficiently robust and fit for purpose.

The paper titled ’Considerations for Government Authorities when they are planning to acquire Mission Critical Mobile Broadband Services’1 produced by TCCA’s Critical Communications Broadband Group (CCBG) in 2015 identifies security as of vital importance to mission critical communications solutions.

Security is central to ensuring reliability, availability, stability and general performance of those solutions.

The paper details the need for physical security of all infrastructure and adds that “the level of perimeter security shall reflect the importance of the assets to the service including CCTV, intruder alarms, access locks, temperature control, fire and smoke detection.”

The EC Council Cybersecurity Exchange has issued a paper titled ‘The Role of Physical Security in Maintaining Network Security’ in 20222 which states “Although physical security is absolutely critical to maintaining network security, it is among the most often forgotten aspects of protecting a network.

Physical security is defined as protecting physical access to your network and all network components, such as computers, servers, and routers.”

The paper titled ‘Mobile Telecommunications Security Landscape3’ by GSMA, issued in 2022, identifies physical attack on the network as one of the operational security threats to networks.

Given the mandate of and the expertise within the LRWG, this paper focuses on legal and regulatory measures that are applicable to the physical security of telecommunication infrastructure. The LRWG notes that there are numerous technical and operational measures that are relevant but that remain outside the scope of this paper.

The LRWG also examined European Commission regulations which have provisions relevant to the physical security of telecommunication infrastructure.

The LRWG recommends that legislation on physical security of critical communication infrastructure, defining baseline requirements and rules for cost ceilings/sharing, be adopted as an EU directive. Such a multinational standard will greatly assist the decision-making process of individual countries and establish a common understanding between all relevant parties, including MNOs, Governments and users.

Moreover a European regulation would serve as an inspiration for the global community of critical communication operators.

For the full report download the TCCA White Paper - “Legal and Regulatory aspects relating to the physical security of the telecommunications infrastructure used for critical communication services”