Ireland is using the EU 5G Security Toolbox as a regulatory framework
The Irish government has announced a series of measures to boost the security of electronic communications, including 5G networks.
The new legislation will enable the government to exclude “high-risk” telecom providers from being used in critical parts of Ireland’s next-generation telecommunications network.
In a statement, the government said it has endorsed the ‘EU 5G Security Toolbox’ as the framework by which Ireland will secure its next generation electronic communications networks. The EU toolbox was published in January 2020 and is a coordinated European approach based on a common set of measures, with the main goal of mitigating the main cybersecurity risks of 5G networks.
As part of the initiatives, the Government has announced the publication for consultation of the Electronic Communications Security Measures (ECSMs). These are a detailed set of technical and organizational measures that providers of public electronic communications networks and publicly available electronic communications services will be required to implement.
The Irish government also announced that it plans to introduce primary legislation which would allow the Minister of the Environment, Climate and Communications to assess the risk profile of providers of electronic communications network equipment and, if required, to designate certain vendors as being high risk. “The legislation will also provide for certain parts of electronic communications networks to be designated as being critical and certain powers which would ensure that high risk vendors would not be used in our critical electronic communications networks,” the government said.
“No decision has been taken on individual vendors. Any assessment will follow clear objective criteria, such as those recommended in the EU 5G Security Toolbox, and follow a defined process set out in the legislation. The legislation will be drafted in consultation with relevant Departments and Agencies, and a Regulatory Impact Assessment and consultation process will be conducted in early 2022,” the government added.
In July 2020, the U.K. government announced that Chinese vendor Huawei’s gear will be completely removed from the country’s 5G networks by the end of 2027, following new recommendations by the National Cyber Security Center (NCSC) on the impact of U.S. sanctions against the telecommunications vendor.
The U.K. government also confirmed that it will also implement a total ban on the purchase of new Huawei kit for 5G, starting next year.
In May 2020, the Bureau of Industry and Security (BIS) of the U.S. Department of Commerce announced plans to restrict Huawei’s ability to use U.S. chipmaking equipment and software to design and manufacture its semiconductors abroad. Huawei was added to the Entity List in May 2019, after the Department of Commerce concluded that the vendor was engaged in activities that were contrary to U.S. national security or foreign policy interests. However, the U.S. government believes that Huawei has continued to use U.S. software and technology to design semiconductors.
U.K. experts reviewed the consequences of the escalated U.S. sanctions and concluded that Huawei will need to do a major reconfiguration of its supply chain as it will no longer have access to the technology on which it currently relies and there are no alternatives which we have sufficient confidence in. They found that the new restrictions make it impossible to continue to guarantee the security of Huawei equipment in the future.