|
Security of 5G networks: EU Member States complete national risk assessments and future European initiatives
The European Commission announced Friday 19th that 24 EU Member States have completed the first step and submitted national risk assessments on 5G network. National risk assessments include an overview of the main threats and actors affecting 5G networks, the degree of sensitivity of 5G network components and functions as well as other assets; and various types of vulnerabilities, including both technical ones and other types of vulnerabilities, such as those potentially arising from the 5G supply chain.
Political context: the U.S. vs Huawei
Throughout the last months, the US has been impelling the Member States to block Huawei on the basis it would cause a national security threat. But Commissioner King said the EU review process “is in our interest to do so. Not because someone else has asked us.” The Commission aims to “put security squarely at the centre” of 5G rollout, after 3G and 4G primarily focused on price.
National and EU risk assessments
Member States are asked to carry out national risk assessments to identify :
(i) technological vulnerabilities in different parts of the 5G network (both core and radial),
(ii) vulnerabilities arising from the applicable legal regime and other supply chain risk factors in potential supplier countries; and set out risk mitigation measures.
"24 Member States have submitted risk assessments. We expect to receive the remaining 4 very shortly.” Said Commissioner King in his 19 July statement
ENISA to prepare a EU-wide risk assessment
These assessments will feed into the next phase, the EU-wide risk assessment will be completed by the 1st October. In parallel, ENISA is analysing the 5G threat landscape as an additional input.
By 31 December 2019, the NIS Cooperation Group that leads the cooperation efforts together with the Commission will develop and agree on a toolbox of mitigating measures to address the risks identified in the risk assessments at Member State and EU level.
A potential certification scheme covering 5G networks and equipment
ENISA and DG Connect encourage the Member States to prioritise a certification scheme covering 5G networks and equipment. This action could be achieved thank to the first European Commission’s Rolling WP for Certification Scheme, to be issued in 2020.
BEREC to launch a call for inputs on 5G related regulations
BEREC (the Body of European Regulators for Electronic Communications) warmly welcomed the European Commission announcement and has launch in parallel, a Call for inputs on views on the impact of 5G on regulation, and to the role of regulation in enabling the 5G ecosystem (Deadline: 30 August). The list of regulatory aspects that BEREC is currently seeking comments can be downloaded here.
Link to the call for inputs
|
