5G and security: security of networks and equipment and security of mind

by Bissera Zankova, Media 21 Foundation

The Fifth Generation (5G) technology is expected to potentially affect almost every aspect of citizens’ lives. Compounding this, the less centralised architecture of 5G networks , due to its features, requires smart computing power and the need for more antennas and increased dependency on software to protect 5G networks from vulnerability to cyber-attacks. Therefore, ensuring the security of the European Union’s 5G networks is of utmost importance for all countries and the union. In this process, operators are largely responsible for the secure rollout of 5G, with Member States responsible for national security, while network security is of strategic importance for the entire EU. The purpose of the EU toolbox on 5G Cybersecurity is to identify a coordinated European approach based on a common set of measures, aimed at mitigating the main cybersecurity risks of 5G networks. The short and long term objective will be to help Europe remain one of the leading regions in the 5G deployment. 

In order to insure this, the toolbox would rely on the coordinated risks assessment report based on the results of the national cybersecurity risk assessments carried out by all EU Member States. The report outlines the main threats and threats actors, the most sensitive assets, the main vulnerabilities (including technical ones and other types of vulnerabilities) and a number of strategic risks. The document also enlists a number of important security challenges that are likely to appear or become more prominent after 5G transformations. These hazards are predominantly linked to: key innovations in the 5G technology, in particular the important part of software and the wide range of services and applications enabled by 5G; the role of suppliers in building and operating 5G networks; and the degree of dependency on individual suppliers. For each of the nine risk areas identified in the EU coordinated risk assessment report, the toolbox should provide risk mitigation plans. The latter consist of possible combinations of strategic and technical measures.

Being an instrument for action, the toolbox recommends a set of key activities for the Member States and/or the Commission. In particular, Member States agreed to ensure that they put in place measures to respond appropriately and proportionately to the risks already identified as well as possible future risks, to strengthen security requirements for mobile network operators; assess the risk profile of suppliers; ensure that each operator has an appropriate multi-vendor strategy to avoid or limit any major dependency on a single supplier (or suppliers with a similar risk profile); and ensure an adequate balance of suppliers at national level and avoid dependency on suppliers considered to be of high risk.

The development of the coordinated EU approach on 5G cybersecurity counts on the strong commitment by both Member States and the Commission to use and fully implement recommended measures. At the same time, the roll-out and operation of 5G networks is a matter of national security. In respect to this, Member States can go further than what is proposed in the toolbox should they find out a need to do so.

The EU toolbox directs that vendors assessed as high-risk based on factors including country-specific threat assessments be subject to “necessary exclusions [from] key assets defined as critical or sensitive.” In practice, this approach does not exclude any company outright but offers solutions to manage risk imposed by the politics of a vendor’s home jurisdiction. The UK, for instance, applies political, not just technical, criteria to determine the extent to which a company should be allowed involvement in 5G networks. The U.K. framework, in particular, defines Huawei as a “high-risk vendor,” taking into account China’s legal system and past cyber attacks by the Chinese state. High-risk vendors are restricted the network’s “edge,” and even that presence is capped at 35 percent. 

According to the Polish Digital Minister Marek Zagórski, Poland, a close ally of the United States, will also introduce tougher controls that would “limit the use of [telecom equipment] vendors who are suspicious or who are not necessarily trustworthy, or who do not stick to the security standards”. To this end Poland has signed an agreement with the U.S. government pledging to only allow “trusted” suppliers into 5G networks. The objective is to keep Chinese suppliers away from the national market. To strengthen its executive power the agreement is being “translated into legal provisions.”

Estonia and Romania signed similar deals with the U.S. government when Washington sought to have Huawei banned from the European 5G market in the past year.In their joint declaration US and Estonia stressed that a careful and complete evaluation of component and software providers was essential to guarantee “a robust and comprehensive approach to network security”.

Getting back to the Polish approach to 5G infrastructure, it is evident that the state takes all challenges related to these networks very seriously. Fifth-generation cellular network technology has only recently arrived in Poland, but given to the fast spread superstitions that precede its introduction, the Polish Digital Affairs Ministry has decided to publish a white paper on “Electromagnetic Fields and the Human Being” to disqualify false claims and harmful misconceptions. The document, edited by the National Institute of Telecommunication and Medical School students of Jagiellonian University “will help everyone understand what an electromagnetic field is and how can it be utilised for the good of Poland.” The White paper consists of four sections, three of which answer the most frequent questions regarding electromagnetic waves. The last part explains the relationship between electromagnetic fields and telecommunication, formulating, in particular, what the 5G is. Communication aspects are treated in a multidisciplinary manner, combining physics, biology, and medicine, and Polish and international legal perspectives. The publication debunks the myth that the radiation of cellular telecommunication is as harmful as radioactivity. In addition, the White paper emphasizes the revolutionary impact 5G may leave on the economy and society as a whole.

Compiled by Media 21 from

https://ec.europa.eu/commission/presscorner/detail/en/ip_19_6049

https://ec.europa.eu/commission/presscorner/detail/en/QANDA_20_127

https://www.politico.eu/article/poland-wants-to-go-beyond-5g-security-toolbox-restrictions/

https://polandin.com/43040822/polands-digital-affairs-ministry-debunks-5g-myths

https://www.whitehouse.gov/briefings-statements/united-states-estonia-joint-declaration-5g-security/

https://thediplomat.com/2020/02/5g-and-huawei-the-uk-and-eu-decide/

The information is prepared by the team of the COMPACT project.

COMPACT is a Coordination and Support Action funded European Commission under framework Horizon 2020.

The objective of the COMPACT project is to increase awareness (including scientific, political, cultural, legal, economic and technical areas) of the latest technological discoveries among key stakeholders in the context of social media and convergence. The project will offer analyses and road maps of related initiatives. In addition, extensive research on policies and regulatory frameworks in media and content will be developed.

Let's talk

If you want to get a free consultation without any obligations, fill in the form below and we'll get in touch with you.
[contact-form-7 404 "Not Found"]