The EU has urged member states to accelerate the implementation of measures designed to reduce the potential security threats of 5G networks.
5G is a strategic and economic priority for the EU but it is also concerned that the volume of threats will be significantly higher than current generation networks. This fear is based on an increase in connected devices and the more sensitive data that will be transmitted.
Additionally, the EU believes that because mobile operators will be increasingly dependent on their equipment suppliers in the 5G era that vulnerabilities – either accidental or otherwise – in the software used then the results could be a threat to national security.
The risk, it is argued, is higher if operators use kit from a single supplier in their infrastructure or rely disproportionately on a ‘high risk’ vendor.
EU 5G security
Earlier this year the EU outlined a ‘toolbox’ of policies and actions that it believed would reduce these threats and ensure a consistent approach across the continent. Notably, there were provisions that would restrict the threat and reduce the involvement of ‘high risk’ suppliers and encourage multi-vendor approaches.
In an update on the toolbox, the European Commission noted that many countries had initiated reviews of national security strategies with many handing their regulators additional powers to restrict the involvement of suppliers based on their security profile.
However it also voiced its concerns at continued dependencies on high-risk vendors and says it has identified challenges “in designing and imposing appropriate multi-vendor strategies for individual MNOs or at national level due to technical or operational difficulties.”
“The timely rollout of 5G networks is strategically important for all Member States as it can open new opportunities for businesses, transform our critical sectors and benefit European citizens,” said European Commissioner Margrethe Vestager, who handles digital policy. “Our common priority and responsibility is to ensure that these networks are secure and, while this report shows we have undergone great strides, a lot of work remains ahead.”
No company has been named by the EU but ‘high-risk vendors’ likely include Chinese suppliers Huawei and ZTE, both of whom have suffered restrictions and exclusions in some markets.
Huawei is a key supplier for many operators in Europe however it is facing intense pressure from governments that believe it is a risk to security – allegations the companies denies. Earlier this month, the UK formally banned Huawei from participating in the rollout of 5G networks while reports suggest France is preparing a de facto ban. Germany is also reviewing the issue.
The EU has said member states should share information and best practices, and invest in the EU’s own 5G capabilities. This includes not only Ericsson and Nokia, both of which would stand to gain from any restrictions on Huawei, but other parts of the 5G ecosystem.