EU Warns Of State-Sponsored Attacks On 5G Networks

The European Union has issued a blunt warning about the future security of 5G networks, and urged operators not to rely too much on a single supplier.

It carefully did not mention Huawei, ZTE or China by name, but the EU report did warn about operator reliance on a “supplier being subject to interference from a non-EU country.”

The warning comes at time when China and the United States are conducting high level trade talks, and reports of a potential softening of the US stance on supplying technology to Huawei.

BT

State threat

The European Union member states, with the support of the Commission and the European Agency for Cybersecurity, published a report on cybersecurity for 5G networks.

The report warned that the roll-out of 5G networks could increase exposure to attacks and more potential entry points for attackers.

It said that due to new characteristics of the 5G network architecture and new functionalities, certain pieces of network equipment or functions are becoming more sensitive, such as base stations or key technical management functions of the networks.

And then it addressed the issue of supplier safety.

There is “an increased exposure to risks related to the reliance of mobile network operators on suppliers,” the report warned.

It added that non-EU States or State-backed actors are considered as the most serious threats and are the most likely to target 5G networks.

“In this context of increased exposure to attacks facilitated by suppliers, the risk profile of individual suppliers will become particularly important, including the likelihood of the supplier being subject to interference from a non-EU country,” the report stated.

And it urged operators not to rely too much on a single supplier, as there were “increased risks from major dependencies on suppliers.”

The report also highlighted threats to availability and integrity of networks as 5G networks become the backbone of many critical IT applications.

The report said that the end of the year, there should be an agreed “toolbox of mitigating measures to address the identified cybersecurity risks at national and Union level.”

And by October 2020, member states should assess the effects of the recommendation in order to determine whether there is a need for further action

Chinese threat?

One security expert noted that technology and communications has now become the major factor in the world economy, and that Chinese suppliers should be avoid.

“One hundred years ago, oil occupied the ‘commanding heights’ heights of the world economy,” said Richard Bejtlich, author and principal security strategist at Corelight. “Today, telecommunications holds that post.”

“These technologies and services must be provided by parties that are trustworthy and capable of developing and maintaining secure code and configurations,” said Bejtlich. “China’s national champions have shown they are neither trustworthy nor competent, and should be avoided by those who recognize the centrality of telecommunications to modern life.”

Another expert acknowledged that China is one of the most active adversaries online.

“Nation States are always actively seeking methods to compromise enterprises and other governments around the world,” said Zeki Turedi, head technology strategist at CrowdStrike.

“Our recent OverWatch report showed that China remains one of the most active adversaries across industries including chemical, gaming, healthcare, hospitality, manufacturing, technology and telecoms,” said Turedi.

“But we also know that where Nation States go, eCriminals are not far behind, capitalising on the tools and skills employed by Governments,” said Turedi. “This year already we have seen eCrime campaigns jump from 25 to 65 percent of all those we saw in 2018 to 2019 respectively, while state-sponsored activity shifted from 75 to 39 percent.”

Huawei for its part has always denied that use of its network equipment poses a national security risk.

Last month founder and CEO of Huawei Technologies, Ren Zhengfei, said he is willing to licence the firm’s 5G technology to an American firm to allay US national security concerns.

Do you know all about security? Try our quiz!

Tom Jowitt @TJowitt

Tom Jowitt is a leading British tech freelance and long standing contributor to TechWeek Europe

Recent Posts

Judge Approves US Searches Of Passenger Electronic Devices

US border agents only need “reasonable suspicion” and no search warrant to search travellers’ smartphones and laptops

1 hour ago

Apple AR Glasses Set For 2023 Debut – Report

Rumour mill. Apple's augmented reality venture will reportedly deliver its long-rumoured AR glasses released sometime in 2023

18 hours ago

Microsoft Pledges To ‘Honour’ California’s Privacy Rules

Redmond pledges to roll out California's strict CCPA privacy laws across the entire United States

18 hours ago

Plusnet CEO Steps Down As BT Tightens Grip

Long-serving boss of Yorkshire-based Internet Service Provider steps down as BT tightens grip

19 hours ago

Google Signs Healthcare Deal With US Firm Ascension

Privacy worry? Search engine giant Google to gain access to health data on millions of Americans

21 hours ago

Labour Party Claims It Was Hit By Large-Scale Cyberattack

Weeks before the general election, the Labour Party claims its systems have been subjected to a cyberattack

23 hours ago