The European Union hinted strongly it viewed Chinese tech group Huawei as a security risk to its roll-out of 5G networks in a report released Wednesday (9 October).
The bloc-wide assessment of cybersecurity for 5G networks also stressed that “threats posed by states or state-backed actors are perceived to be of highest relevance”.
Even though the report went out of its way to not name Huawei or China, its language left no doubt that they were the ones talked about.
“Among the various potential actors, non-EU states or state-backed are considered as the most serious ones and the most likely to target 5G networks,” the European Commission and Finland, which currently holds the rotating EU presidency, said in a joint statement.
“In this context of increased exposure to attacks facilitated by suppliers, the risk profile of individual suppliers will become particularly important, including the likelihood of the supplier being subject to interference from a non-EU country,” they said.
Today, we publish #Report on EU coordinated #RiskAssessment on #cybersecurity in #5G networks, essential in our increasingly digitised economies & societies. Major step to ensure a high level of cybersecurity of 5G through opting for an EU approachhttps://t.co/eSlTL3x0up pic.twitter.com/qBMyDGJolq
— Mariya Gabriel (@GabrielMariya) October 9, 2019
The EU commissioner for security union, Julian King, told reporters that the evidence based assessment was meant to be followed by another study setting out risk-mitigation strategies that would likely name names.
Right now, he said, it was a matter of not “putting the cart before the horse”.
“I don’t think you can accuse us of ducking the issues. The issues are spelled out pretty clearly in the report,” he said.
Huawei is one of the world’s leading network technology suppliers, and one of the few –along with European telecom companies Nokia and Ericsson – capable of building 5G networks.
The Chinese company said it stood ready to work with its European partners on 5G network security. “This exercise is an important step towards developing a common approach to cybersecurity and delivering safe networks for the 5G era,” a Huawei spokesman said.
“We are pleased to note that the EU delivered on its commitment to take an evidence-based approach, thoroughly analysing risks rather than targeting specific countries or actors.”
A number of countries, the United States chief among them, see the company as a potential threat to cybersecurity and fear it would facilitate cyber espionage by the Chinese government to which it is suspected of having close links.
Huawei rejects that characterisation. It said in a statement Wednesday: “we are a 100% private company wholly owned by its employees, and cybersecurity is a top priority”.
Fifth-generation networks will hook up billions of devices, sensors and cameras in ‘smart’ cities, homes and offices. With that ubiquity, security becomes an even more pressing need than in existing networks.
“5G security requires that networks are built leveraging the most advanced security features, selecting vendors that are trustworthy and transparent,” a Nokia spokesperson said, adding that the company was the only global vendor capable of providing all the building blocks for secure 5G networks.
EU members have differed on how to treat Huawei, with Britain, a close U.S. ally, leaning towards excluding it from critical parts of networks. Germany is meanwhile creating a level playing field in which all 5G vendors should prove they are trustworthy.
The report warned against over-dependence on one telecoms equipment supplier.
“A major dependency on a single supplier increases the exposure to a potential supply interruption, resulting for instance from a commercial failure, and its consequences,” it said.
European network operators, including Germany’s Deutsche Telekom typically have multi-vendor strategies that they say reduce the security risks that might arise from relying too heavily on a single provider.
“The Commission’s 5G assessment recognises security isn’t just a supplier issue,” said Alex Sinclair, chief technology officer of the GSMA, a global mobile-industry trade group.
“We all have a role to play – from manufacturers to operators to consumers – and we are taking responsibility for our part in the security chain seriously.”
The EU will now seek to come up with a so-called toolbox of measures by the end of the year to address cyber security risks at national and bloc-wide level.
The European Agency for Cybersecurity is also finalising a map of specific threats related to 5G networks.