5G rollout will lead to an ‘increased exposure to attacks,’ EU says

A 5G sign is displayed at the Samsung booth during the 2020 International Consumer Electronics Show at the Convention Center in Las Vegas, Nevada, USA, 07 January 2020. [EPA-EFE/ETIENNE LAURENT]

5G security standards are set to be bolstered across the EU, amid fears that non-EU states may be trying to infiltrate the bloc’s next-generation mobile technology networks. The EU has, however, pledged not to exclude any specific suppliers, despite heavy US pressure against the Chinese telecommunications giant Huawei.

The announcement came on a day when, according to German media reports, the German Federal Foreign Office has been provided with evidence from the US administration that proves Huawei has been working alongside Chinese state security services, according to the German newspaper Handelsblatt.

Huawei strongly deny the accusations.

As part of the European Commission’s ‘5G toolbox,’ which has contracted the unanimous backing of all EU member states, the executive has outlined a series of non-binding recommendations that include improving security standards but also establishing a risk profile of suppliers, in addition to adopting a multi-vendor approach.

The toolbox has been fashioned after a period of consultation with EU member states, in which countries assessed risks and identified possible risk-mitigating approaches.

However, the report also highlights “a particular threat stems from cyber offensive initiatives of non-EU countries.”

“Several member states have identified that certain non-EU countries represent a particular cyber threat to their national interests based on previous modus operandi of attacks by certain entities or on the existence of an offensive cyber programme of a given third state against them,” the document states.

The Commission’s reading of member states’ feedback also finds that as a result of the future rollout of 5G on the bloc, there is likely to be “increased exposure to attacks and more potential entry points for attackers”. This “could also make it easier for threat actors to maliciously insert backdoors into products and make them harder to detect.”

Margrethe Vestager, the Commission Vice-President for Digital, said on Tuesday (29 January) cybersecurity was a priority for the EU in the future establishment of the bloc’s 5G network.

She added that state-sponsored attacks coming from outside the EU were becoming “more sophisticated” and it was therefore important to have shared collaboration between member states in the likelihood of an increase in 5G attacks.

Meanwhile, the EU’s Commissioner for the Internal Market, Thierry Breton, was keen to highlight that the bloc’s approach in this regard was not directed towards one particular telecommunications supplier, despite the fact that much has been made of Huawei’s prospective involvement in the EU’s future networks.

For their part, Huawei welcomed the publication of the Commission’s toolbox on Wednesday. “This non-biased and fact-based approach towards 5G security allows Europe to have a more secure and faster 5G network,” a spokesperson from the company said.

EU fragmentation

Certain EU member states have adopted divergent positions with regards to Huawei over recent months, with some adopting a stricter approach, closer to that of Washington.

In August, ambassadors from Romania and the United States signed a memorandum for the development of secure 5G networks, including criteria for selecting companies permitted involvement in 5G infrastructure.

In September, US and Poland signed a joint declaration to collaborate on 5G security in what US Vice President Mike Pence said would “set a vital example for the rest of Europe”. Greek Prime Minister Kyriakos Mitsotakis was also summoned to Washington on 7 January to discuss the importance of 5G cybersecurity with US President Donald Trump.

On Tuesday, a high-ranking Commission official conceded that member states had their own political situations to consider in the context of Europe’s role in the US-China standoff. “Each member state has their own specificities to contend with,” the official told EURACTIV.

Elsewhere, the UK adopted their own stance on bolstering 5G security standards, whereby high-risk vendors will be excluded from ‘core’ aspects of the network, and there is a 35% limit on the involvement of such companies in non-sensitive areas. Such suppliers will also be barred from high-risk sites such as military bases and nuclear sites.

Pompeo warning to UK

US Secretary of State Mike Pompeo urged the UK government to rethink their decision on Tuesday, adding that the Trump administration will need reassurances that intelligence sharing between the UK and the US won’t be impacted by Prime Minister Boris Johnson’s decision to afford Huawei a limited role in the future rollout of 5G in the country.

“We will make sure that when American information passes across a network, we are confident that that network is a trusted one,” he said.

On Tuesday, Breton was keen to emphasise that although the UK did not submit a risk-mitigating assessment along with the EU27, the EU approach was made in a spirit of collaboration with the UK.

[Edited by Zoran Radosavljevic]

Subscribe to our newsletters