The last couple of years have been particularly challenging for the TMT sector in Portugal. Two of the main Portuguese telecom players (ZON and Optimus) merged, joining forces against the historic national operator. The new operator (branded NOS) is now a global player present in all markets (fixed, mobile, superfast broadband, Pay-TV, etc) capable of competing in equal terms with the former incumbent (PT). NOS is also the new Universal Service Provider (USP) for the fixed telephony service since June 20014, Portugal being one of the very few European countries where the USP is no longer the former incumbent.
In turn, PT merged with a giant Brazilian company, thus claiming to be on the verge of creating the largest multinational Portuguese-speaking telecom operator. However, in an unpredictable twist the Brazilian company has announced its intention to sell PT to Altice, a French equity fund that is already the owner of two small players in Portugal (Cabovisão, a cable operator and Oni, a small operator focused on the corporate market). Due to Altice's involvement in the telecoms sector, both in Portugal and abroad, the transaction is subject to the approval of the relevant Competition Authority and thus, to the potential imposition of remedies.
Alongside this and its subsequent huge media attention, the Portuguese legal framework has evolved resulting in adjustment by telecom operators in privacy, regulatory matters and consumer protection. Within a context of strong economic austerity, Portuguese operators have been compelled to implement several reforms, whilst keeping pace with technological developments and the emergence of new adversities and permanent market challenges.
Cybersecurity, in particular, is becoming more prevalent within the Portuguese TMT sector. This concept, comprising several others, such as information security and data protection, has been catching the attention of Portuguese society, as cyber-incidents are becoming more frequent and publicized. Companies, citizens and governments are being confronted with activities such as illegal access to computer systems, phishing, personal data breaches, distribution of malwares, electronic industrial espionage, alteration, suppression or illegal access to computer data, among many others that explore the vulnerabilities of electronic means. The growing number of these activities has determined the political will to react, and the TMT sector has been called upon to deal with these threats.
This scenario has triggered some important changes in the legal framework. The Electronic Communications Law, providing for the legal framework applicable to networks and electronic communications services and defining the powers of the regulatory authority (ICP-ANACOM), has come to include several rules on networks' security and integrity.
According to this Law, network operators are obliged to notify the ICP-ANACOM of any security breach or loss of integrity with significant impact on the functioning of those networks and services (and, in certain circumstances they have also an obligation to notify the security breaches to their subscribers). The procedures and specific terms of this notification have been approved by the ICP-ANACOM, and can be very stringent for telecoms operators. The fact that these rules on networks' security and integrity significantly impact on an operator's reputation, is a strong argument in forcing network operators to take adequate technical and organisational measures to appropriately manage the ever increasing risks posed to security of networks and services. This requires a constant investment in technology and human resources, forcing network operators to incur heavy costs and to dedicate their full attention to the fight against cyber-incidents, with no pauses or truces. Their work involves the important cooperation and supervision of the Regulator, which has been encouraging training and is working to improve procedures and to bring the subject to the attention of all network operators in Portugal.
The Portuguese Army has also been playing a leading role in improving Portugal's capability in the area of cybersecurity, mainly through fostering awareness of all the relevant stakeholders and performing an annual exercise entitled Ciber Perseu. The last edition of this exercise – Ciber Perseu 2014 – successfully gathered several entities, including TMT companies, critical infrastructure companies from the energy and transport sectors, regulatory authorities, civil protection services, police authorities among others and managed to lead a training course on cyberdefence and cybersecurity. This is an important exercise that gives participants an insight into the main vulnerabilities they may face and allows them to develop valuable tools in the event of a cyber-crisis.
2014 saw the creation of the National Centre of Cybersecurity further strengthening the focus on this topic. These advances in the cybersecurity area are illustrative of the TMT sector's dynamics in Portugal: innovative by nature, continuously developing, adjusting and improving.