Picture: 123RF/SERHII YAREMENKO
Picture: 123RF/SERHII YAREMENKO

Brussels  — The EU warned on Wednesday of cyber-attack risks  to next-generation 5G mobile networks by state-backed entities and groups from outside the EU, saying it was crucial to assess the risks posed by telecoms equipment suppliers with a significant market share in the bloc.

The comments came in a report prepared by EU member states on cyber-security risks to next-generation 5G mobile networks whose timely launch is crucial to the bloc’s competitiveness in an increasingly networked world.

While the report does not name any country or company, observers have frequently cited China and the world’s biggest telecoms equipment vendor, Huawei Technologies, as potential threats.

“Among the various potential actors, non-EU states or state-backed are considered the most serious and the most likely to target 5G networks,” the European Commission and Finland, which currently holds the rotating EU presidency, said in a joint statement.

“In this context of increased exposure to attacks facilitated by suppliers, the risk profile of individual suppliers will become particularly important, including the likelihood of the supplier being subject to interference from a non-EU country,” they said.

The US government wants Europe to ban Huawei’s equipment because it says this can be used by Beijing for spying, something the Shenzen-based company has repeatedly denied. Huawei, which competes with Finland’s Nokia and Sweden’s Ericsson, welcomed the EU’s report and said it stood ready to work with its European partners on 5G network security.

“This exercise is an important step towards developing a common approach to cyber-security and delivering safe networks for the 5G era,” a Huawei spokesperson said. “We are pleased to note that the EU delivered on its commitment to take an evidence-based approach, thoroughly analysing risks rather than targeting specific countries or actors.”

5G networks will hook up billions of devices, sensors and cameras used in futuristic “smart” cities, homes and offices. With that ubiquity, security becomes an even more pressing need than in existing networks.

EU members have differed on how to treat Huawei, with Britain, a close US ally, leaning towards excluding it from critical parts of networks, while Germany is creating a level playing field in which all foreign 5G vendors should prove they are trustworthy.

Overdependence

The report warned against over-dependence on one telecoms equipment supplier.

“A major dependency on a single supplier increases the exposure to a potential supply interruption, resulting, for instance, from a commercial failure, and its consequences,” it said. “It also aggravates the potential impact of weaknesses or vulnerabilities, and of their possible exploitation by threat actors, in particular where the dependency concerns a supplier presenting a high degree of risk.”

Many European network operators already have multi-vendor strategies, which they say reduces the security risks that might arise from relying too heavily on a single provider.

“The commission’s 5G assessment recognises security isn’t just a supplier issue,” said Alex Sinclair, chief technology officer of the GSMA, a global mobile-industry trade group. “We all have a role to play — from manufacturers to operators to consumers — and we are taking responsibility for our part in the security chain seriously.”

The EU will now seek to come up with a toolbox of measures by the end of the year to address cyber-security risks at national and EU level. The European Agency for Cybersecurity is also finalising a map of specific threats related to 5G networks.

Reuters