Nina Myren, Chair of TCCA’s Legal and Regulatory Working Group (LRWG), has highlighted the growing threats facing mobile network operators (MNOs) worldwide, encompassing both cybersecurity risks and vulnerabilities in physical infrastructure. This concern is particularly pressing as critical communications services transition from state-operated narrowband networks to commercial broadband networks managed by MNOs.

Critical communications are indispensable for public safety, emergency services, and other essential sectors. However, there are currently no mandatory global standards governing the physical security of MNO infrastructure supporting these vital services. This gap poses significant risks to service reliability, which is crucial for first responders and other professional users.

Transition Challenges
Historically, narrowband networks, such as TETRA, Tetrapol, and P25, were state-owned and operated, ensuring robust physical security under government oversight. The shift to broadband networks, however, places increased reliance on MNO infrastructure, which may not adhere to consistent security baselines.

“The security of physical infrastructure is critical to the availability and functionality of critical communications,” said Myren. “Yet, there is no universally agreed definition of what constitutes adequate physical security for such infrastructure.”

Current Regulatory Landscape
TCCA’s LRWG has examined existing regulatory frameworks worldwide and found variations in the approach to physical security. In the European Union, the NIS 2 directive (EU 2022/2555) obligates MNOs to adopt risk management measures, but specific mandatory security baselines are absent. While some countries, including the UK, have introduced regulations for physical security, measures remain heavily dependent on MNOs’ risk assessments.

“Emerging reliance on commercial networks for public protection and disaster relief (PPDR) communications demands clearer standards,” Myren emphasized. “Public procurement processes could play a vital role in setting common thresholds for security.”

Call for Action
TCCA’s LRWG recommends the adoption of legislation defining baseline physical security requirements for broadband critical communication infrastructure. Harmonized EU regulations could establish cost-sharing principles and create a unified standard, benefiting governments, MNOs, and critical communication operators alike.

Such a framework would ease procurement processes, ensure consistent compliance, and facilitate cross-border collaboration, particularly in Europe. Initiatives like the European Critical Communications Service (EUCCS) demonstrate the growing importance of seamless communication networks for public safety responders across the Schengen area.

Global Implications
Beyond Europe, harmonized standards could inspire global adoption, enhancing the resilience of critical communications infrastructure worldwide. As threat levels rise, governments and MNOs must prioritize physical security to safeguard essential services and citizen safety.

“Legislation must strike a balance, ensuring proportionality and adaptability to technological advancements,” Myren concluded. “Clear standards will not only protect critical communications but also bolster trust among consumers and business users.”