European Union warns of 5G risk, particularly of a ‘supplier being subject to interference from a non-EU country’
The European Union has issued a blunt warning about the future security of 5G networks, and urged operators not to rely too much on a single supplier.
The warning comes at time when China and the United States are conducting high level trade talks, and reports of a potential softening of the US stance on supplying technology to Huawei.
The European Union member states, with the support of the Commission and the European Agency for Cybersecurity, published a report on cybersecurity for 5G networks.
The report warned that the roll-out of 5G networks could increase exposure to attacks and more potential entry points for attackers.
It said that due to new characteristics of the 5G network architecture and new functionalities, certain pieces of network equipment or functions are becoming more sensitive, such as base stations or key technical management functions of the networks.
And then it addressed the issue of supplier safety.
There is “an increased exposure to risks related to the reliance of mobile network operators on suppliers,” the report warned.
It added that non-EU States or State-backed actors are considered as the most serious threats and are the most likely to target 5G networks.
“In this context of increased exposure to attacks facilitated by suppliers, the risk profile of individual suppliers will become particularly important, including the likelihood of the supplier being subject to interference from a non-EU country,” the report stated.
And it urged operators not to rely too much on a single supplier, as there were “increased risks from major dependencies on suppliers.”
The report also highlighted threats to availability and integrity of networks as 5G networks become the backbone of many critical IT applications.
The report said that the end of the year, there should be an agreed “toolbox of mitigating measures to address the identified cybersecurity risks at national and Union level.”
And by October 2020, member states should assess the effects of the recommendation in order to determine whether there is a need for further action
One security expert noted that technology and communications has now become the major factor in the world economy, and that Chinese suppliers should be avoid.
“One hundred years ago, oil occupied the ‘commanding heights’ heights of the world economy,” said Richard Bejtlich, author and principal security strategist at Corelight. “Today, telecommunications holds that post.”
“These technologies and services must be provided by parties that are trustworthy and capable of developing and maintaining secure code and configurations,” said Bejtlich. “China’s national champions have shown they are neither trustworthy nor competent, and should be avoided by those who recognize the centrality of telecommunications to modern life.”
Another expert acknowledged that China is one of the most active adversaries online.
“Nation States are always actively seeking methods to compromise enterprises and other governments around the world,” said Zeki Turedi, head technology strategist at CrowdStrike.
“Our recent OverWatch report showed that China remains one of the most active adversaries across industries including chemical, gaming, healthcare, hospitality, manufacturing, technology and telecoms,” said Turedi.
“But we also know that where Nation States go, eCriminals are not far behind, capitalising on the tools and skills employed by Governments,” said Turedi. “This year already we have seen eCrime campaigns jump from 25 to 65 percent of all those we saw in 2018 to 2019 respectively, while state-sponsored activity shifted from 75 to 39 percent.”
Huawei for its part has always denied that use of its network equipment poses a national security risk.
Do you know all about security? Try our quiz!