24 EU states conducted cybersecurity analysis; next step is a continent-wide look
With commercial 5G service popping up around Europe and the globe, public officials are involved in ongoing discussion around the cybersecurity of these next-generation networks, particular in the context of to what extent if any Chinese network infrastructure vendors Huawei and ZTE should be allowed to participate.
In the European Union, last week 24 member states submitted “national risk assessments” to the European Commission in the first phase of an EU-wide cybersecurity analysis slated for completion by October 1.
In a statement, Commissioner for the Digital Economy and Society Mariya Gabriel said the goal is develop “concrete measures to help ensure the cybersecurity of 5G networks across the EU;” she referred to 5G as the future “backbone of our societies and economies. We urge member states to remain committed to the concerted approach to to use this important step to gain momentum for a swift and secure rollout of 5G networks. Close EU-wide cooperation is essential both for achieving strong cybersecurity and for reaping the full benefits, which 5G will have to offer for people and businesses.”
The U.S. has led the global charge to have Huawei and ZTE blocked from 5G deployments, particularly among intelligence allies. In Japan, Australia and New Zealand, for instance, the two companies have been barred from participating in 5G network builds. The same goes for the U.S. market. However, in England and Germany, despite pressure from the U.S., officials are on track to allow the two vendors to contribute to 5G builds, although with some concessions around cybersecurity testing and validation.
According to the European Commission, the national risk assessments cover: “the main threats and actors affecting 5G networks; the degree of sensitivity of 5G network components and functions as well as other assets; and various types of vulnerabilities, including both technical ones and other types of vulnerabilities, such as those potentially arising from the 5G supply chain.”
With the state-level documentation in order, the next step is compiling it into an assessment covering the entire EU. The next milestone is Dec. 31 when the Network and Information Systems Cooperation Group will “agree on a toolbox of mitigating measures to address the risks identified.” The end goal is, by Oct. 1 next year, to “determine whether there is a need for further action.”