In a report published with the European Agency for Cybersecurity on securing 5G networks, the European Commission warned EU Member States of the dangerousness of new wireless telecommunications technology. For the Commission, the deployment of 5G risks "creating a new security paradigm that requires a reassessment of the current policy and security framework applicable to the sector and its ecosystem and is essential for Member States to take the necessary mitigation measures".
In more detail, this report calls for a review of the current design of 3G and 4G networks and warns against the use of a single supplier, particularly those not based in the European Union, without however mentioning the name Huawei. "The increased role of software and services provided by third party providers in 5G networks leads to greater exposure to a number of vulnerabilities that may result from the risk profile of individual providers".
The European Commission also explains: "While 5G network technology and standards will also bring some security improvements over previous generations, several important challenges arise from new features of the network architecture and the wide range of services and applications that may in the future depend heavily on 5G networks. [...] Major security breaches, such as those resulting from poor software development processes among equipment suppliers, could facilitate the malicious insertion of intentional backdoors into products by actors and make them more difficult to detect. This can increase the likelihood that their exploitation will have a particularly serious and widespread negative impact".
The report adds that EU Member States should not judge 5G network providers solely on their technical qualities and assess them on the basis of "non-technical vulnerabilities related to 5G networks", such that the provider's country has "no legislative or democratic control and balance in place, or in the absence of security or data protection agreements between the EU and the given third country" or that the structure of the provider's owner and the ability for its own country to "exert any pressure, in particular with respect to the manufacture of equipment". If Huawei's name is not mentioned, it is impossible not to think about it...
As a result, Huawei once again defended itself against any interference from the Chinese authorities: "We are a 100% private company, 100% employee-owned, and cybersecurity is a top priority: our end-to-end cybersecurity assurance system covers all process areas, and our solid experience proves that it works".
No one is saying that the Commission will respond to this extended hand, since it has apparently also decided to sweep away another option proposed by Huawei. Indeed, the Chinese manufacturer had indicated that it could be satisfied with intervening only on parts considered less sensitive in the future 5G networks of EU Member States.
The European Union's next steps will result in the publication of a range of mitigation measures to address the identified cybersecurity risks at the national and EU levels by 31 December 2019. Finally, Member States should assess the effects of the Recommendation in order to determine whether further measures should be taken by 1 October 2020. This assessment should take into account the results of the coordinated European risk assessment and the effectiveness of the measures.
Source : ZDnet