TRA Bahrain has issued the regulation on critical telecommunications infrastructure risk management.
“This is a major step forward for Bahrain as no such legislation existed previously in the Kingdom, or even the region,” said TRA’s director of cyber security, Dr. Khalid bin Duaij Al Khalifa. “With this regulatory measure, we can evaluate and determine how key telecoms infrastructure measures up against international cybersecurity best practices and address any gaps, in addition to ensuring that service providers of public telecommunications networks take reasonable steps to mitigate the rising cyber-risks associated with the use of telecommunications devices and services. It’s vital to Bahrain’s continuity that all participants in the sector remain prepared to detect and respond to cyber incidents and breaches swiftly and effectively, and this regulation will enable us to facilitate cooperation between and amongst licensees with all relevant authorities.”
TRA intends to work with licensees to ensure that the critical telecom infrastructure is safeguarded and that business continuity and disaster recovery plans are put into place. The regulator further aims to maintain the essential telecommunications services in the face of threats, by imposing a minimum set of obligations on key telecommunications infrastructure owners and service providers.
In addition, TRA will establish procedures for the reporting of data breaches to the authority. This regulation and the work involved will assist in the implementation of the fourth national telecommunications plan (NTP4) as part of the TRA’s preparedness to manage the security of national electronic communications networks and services in Bahrain.
TRA conducted a preliminary study back in 2015 where it assessed the security risks posed on critical telecoms infrastructure (CTI) in Bahrain, highlighting the extent of the potential negative effect these security risks could possibly have on the prosperity and economic well-being of the Kingdom. The study highlighted the importance of conducting security risk assessments on such infrastructures to ensure the continued operation of telecommunication services.