|
Mitigating measures
The report presents strategic measures, which address risk related to non-technical vulnerabilities (for instance interference by a third country), and technical measures, which aim to strengthen the security of 5G networks and equipment.
The NIS Cooperation Group underlines that risk mitigation plans must consist of possible combinations of strategic and/or technical measures, depending on the risks and assets at stake.
Strategic measures include:
-assessing the risk profile of suppliers and applying restrictions for suppliers considered to be high risk - including necessary exclusions to effectively mitigate risks- for key assets;
-ensuring the diversity of suppliers for individual MNOs through appropriate multi-vendor strategies.
Technical measures include:
-ensuring the application of baseline security requirements (secure network design and architecture);
-raising the security standards in suppliers’ processes through robust procurement conditions;
-using EU certification for 5G network components, customer equipment and/or suppliers’ processes;
-using EU certification for other non 5G-specific ICT products and services (connected devices, cloud services).
The report indicates that many of the technical measures may be implemented in the context of the transposition of the European Electronic Communications Code.
On top of these strategic and technical measures, the report recommends supporting and shaping 5G standardisation, as well as ensuring the application of standard technical and organisational security measures through specific EU-wide certification scheme.
Next steps:
30 April: Member States should have taken the first concrete and measurable steps to implement the measures.
30 June: Member States asked to prepare a report on implementation of key measures.
October 2020: deadline for the Commission to review its Recommendation.
For any questions on this issue, do not hesitate to contact Camille Dornier: camille.dornier@eurosmart.com |
