Europe wants to make sure that 5G networks are secure, and is asking member states to update their security requirement to make sure there are no backdoors into their networks.
Politicians are worried about the security of 5G because these networks will be a become a core part of national infrastructure over the next few years, whether that’s in energy, transport, banking, and health or in powering industrial-control systems carrying sensitive information and supporting safety systems.
“5G technology will transform our economy and society and open massive opportunities for people and businesses. But we cannot accept this happening without full security built in. It is therefore essential that 5G infrastructures in the EU are resilient and fully secure from technical or legal backdoors,” said Andrus Ansip, EC vice president in charge of the digital single market.
In particular, Europe is worried that any vulnerability in 5G networks or a cyber-attack targeting the future networks in one member state would affect the union as a whole.
It is asking member states to complete a national risk assessment of 5G network infrastructures by the end of June 2019. It said countries should update existing security requirements for network providers.
In the background is the ongoing row about about Huawei and 5G.
The US banned the Chinese networking giant from government contracts back in 2014 has continued to raise concerns about the use of equipment from Huawei in 5G networks, worried that it could create a backdoor to be used by the Chinese state for spying.
While the company has strenuously denied that this is possible, the US has been lobbying other states to dump Huawei kit from forthcoming 5G networks, with mixed results. Australia has blocked Huawei from its 5G networks on national security grounds, and the New Zealand government late last year turned down a request from one operator to use Huawei kit in its 5G network.
The UK is currently carrying out a review of 5G security but the country’s tech security agency has already said that it can manage the risks of using Huawei equipment, and that having a broad set of suppliers to be able to spread risk is also essential to security.
Today’s announcement has been seen by many as Europe pushing back on US demands for a ban, instead leaving any such decision to member states. The EC statement did not mention Huawei by name but said that member states have the right to exclude companies from their markets for national security reasons, if they do not comply with the country’s standards and legal framework.
EU member states should also agree on a set of mitigating measures that can be used at national level. These could include certification requirements, tests, controls, as well as the identification of products or suppliers that are considered potentially non-secure. The EC said countries should develop specific security requirements that could apply in the context of public procurement related to 5G networks, including mandatory requirements to implement cybersecurity certification schemes.